Overwriting hard drive to securely delete a file?

Question

I am working on a computer that I am not allowed to install new software on. It does not have secure delete software installed. Suppose I have a file (or files) that are sensitive that I'd like to delete and prevent (or make it very difficult) to recovery. If after deleting the file(s) I filled up the hard-drive with other non-confidential files and then deleted those (repeating this process a few times) would this essentially do the same thing as a secure delete utility that wipes the drive?

Secure deletion utilities effectively do this: they write randomly to the entire disk multiple times to prevent recovery. So yes, but you need to make sure you write to all sectors used. — Sébastien Renauld, May 10 '13 at 18:26
Your question is not entire clear and this makes answering it too broad: Did you install software or did you just copy some (data) files onto the machine, or created them? Please edit. — , May 10 '13 at 18:52

score 10 · Answer 1 · answered May 10 '13 at 18:51

10

If you use sdelete from Microsoft (http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx) you don't have to install anything. It has an option to fill the unused disk space with zeroes too. If you already deleted the files this is what I'd just to make sure that nothing remains of the original file.

answered May 10 '13 at 18:51

Drnoone

209
1
4

2

This doesn't answer the question. – Adi May 11 '13 at 10:14
@Adnan how do u say that ? He just gave a way to clear the memory without having to install new software [which he can't] right !! – Arun Aug 31 '13 at 05:53
3

@Arun I say that because I've _actually_ read the question. The question specifically asks whether manually filling the hard drive with random files will do the same as using a secure delete utility, which isn't answered here. Also, `sdelete` isn't shipped with regular Windows installations, so you must _download_ it to be able to use it. The OP isn't able to introduce any foreign software to the system, – Adi Aug 31 '13 at 06:17
@Adnan oh jeez , i found sdelete in my machine so i just assumed it was default . my bad – Arun Aug 31 '13 at 06:56
@Arun I could be wrong on that one, but my main problem with the answer is the first point. Check the two answers below, they correctly answer the question. – Adi Aug 31 '13 at 07:27

KristoferA · Answer 2 · 2013-05-11T02:22:28.080

5

It depends. If you want to delete every trace of the file, it is more complex than overwriting sectors.

Depending on which file system you are using, but if e.g. NTFS: even if you fill all free space, there can be things left behind in the MFT, journaling areas, etc. If it is a very small file, the entire file can be contained in the MFT, etc

Also, indexing service databases, "most recent" histories in apps that has accessed the file, temp files generated by apps, etc may also contain traces, or partial content, or full content...

edited May 11 '13 at 02:22

answered May 11 '13 at 02:17

KristoferA

347
3
11

3

SDelete actually takes care also of MFT cleanup – Maxxer Mar 07 '18 at 08:19

score 3 · Answer 3 · answered Jul 07 '17 at 12:44

3

Windows have a tool called cipher which can be use to fully overwrite empty disk space with 0x00 and 0xFF

Just simply run in cmd: cipher /w:c: (c: is the drive letter you wanted to run on)

answered Jul 07 '17 at 12:44

minhng99

131
4

score 3 · Answer 4 · answered May 11 '13 at 13:37

You can't be guaranteed that your file will be deleted successfully just by trying to overwrite it with other files. You don't have any say over what sectors get written with data. Your deleted file will stay on the hard drive until the OS determines that it needs to write over those sectors. So the short answer is no. Sdelete is a sysinternals tool that should work or something like eraser. Or better yet, don't put sensitive files on a system you don't control.

John Thompson · Answer 5 · 2013-11-18T20:56:15.477

First it depends on what kind of hard drive you have.

If it's an SSD then writing over the disk is not guaranteed to work for a variety of reasons and writing over it any more times is no more useful than the first pass. In theory SSDs are wiped with once-over random data. In fact the technical details of SSDs make it impossible to be sure than any piece of data has ever been wiped or even can be wiped. If you Google "UCSD and SSD and Secure Erase" you can read all about it.

If it's a platter disk, then you can use a program like eraser to effectively erase the data as far as we (the public) knows. Doing what you did is somewhat useful, depending on what technology your opponent has available to recover the data with. In general, random data is more effective because 1) it's only the majority aggregate charge for any bit on a disk that decides if that bit is a 1 or a 0; the actual underlying physical disk has plenty of ambiguity to investigate which literally means the former charge is still represented within the bit. 2) words have patterns which can be used to infer what the former charge for any given bit must have been. That charge can then be subtracted to return the bit to its previous (one step back) state.

The only people who are going to go to that level of effort currently (that is, who are able to ) are governments in pursuit of criminals and criminals in pursuit of.. whatever it is criminals are interested in, depending on what their motivations are : money, ideology, carnal this and that or ego enhancement.

Probably you don't rate such attention from anyone and the technology isn't so easy and available that your personal information is at risk from the casual thief.

For SSDs however, that last statement isn't true. It may be as easy as mounting the disk for thieves to see everything you thought you had erased. This is not a theoretical worry. I did a secure erase on an SSD and later discovered that there was plenty to be seen by merely remounting the disk. You have to physically destroy SSDs at this point in time. The Secure Erase command - which should wipe the entire disk clean- is 100% dependent on the disk maker having implementing it correctly for that disk at the factory or origin. That cannot be shown through ordinary means (so you can prove it to yourself) to be the case for any given disk. You therefore have no way of knowing whether the data is gone or not, although you can prove, as I did, that the data is decidedly NOT gone.

user2497 · Answer 6 · 2017-07-07T17:32:42.300

It is difficult to wipe NTFS perfectly. Remember to wipe slack space as well. I defer to the other answers for how to do that.

Personally I have used hyperion to avoid all this mess. Perhaps it is a viable alternative. http://nullsecurity.net/tools/binary.html. Wipe the header of your packed program file a few thousand times, and flush swap by running some memory intensive program... Your program will never be recovered.

There is also the tried and true method of concatenating a program file into some DLL, or JPG, whatever is most convenient, and using a tiny program to pull it out when you need it. In my usage cases, the original files appeared intact when accessed.

score 0 · Answer 7 · answered Aug 31 '13 at 02:02

If one had a hex editor (that didn't make backup files), one could, in principle, edit the file and replace characters with other characters, move blocks of characters around, etc., then save it in place. Even replace every character with 00, the write out the file, then replace all the 00's with FF's, etc. The newly written file can't be smaller than the original file or it won't overwrite all of the original file. This assumes, obviously, that the system has a program that will edit hex data.

score -1 · Answer 8 · answered May 11 '13 at 16:14

-1

When we delete files on any OS, it only delete the file list from index. Now OS have no record if file is there or not, it will write new file to older file location.

Some application like [TuneUp utility See 7th point] provide Trasher option to securely delete files.

To do this, Install TuneUp Utility

Simple right click on any file
Select TuneUp shredder

Now After this new small window will appear you can select the method of overwriting the file as well as Deleting the allocated free space so that all the space is filled with 0

answered May 11 '13 at 16:14

Dheeraj Thedijje

11
2

2

Actually, that _"any OS"_ part is not completely true. OpenVMS and any other [versioning file systems](https://en.wikipedia.org/wiki/Versioning_file_system) will not overwrite files marked for deletion until the purge command is used to clear any of it's previous revisions. Also, some file systems will write over last deleted files last and use unwritten space first to allow for undelete command to be used, while others might simply continue writing to following sectors to avoid fragmentation, especially if the deleted file was positioned among others with limited space in between. – TildalWave May 11 '13 at 17:56
Wow TildalWave! thank you for this information, i was not aware of this, however this is great way to let the chances for everyone to recover the files, but still insecure for those who completely wants to delete it. – Dheeraj Thedijje May 15 '13 at 05:54

Overwriting hard drive to securely delete a file?

8 Answers8

Linked