3

Say I only wanted to delete specific files and want to feel confident they can't be recovered. Is it better to use a specific program (such as Eraser) for wiping only the files, or is it better to delete them normally and then use a utility like cipher.exe to wipe all free space? Obviously wiping all free space will take a bit more time, but if that's not an issue is one more secure or effective than the other?

To be clear I'm not looking to wipe entire hard drive.

Celeritas
  • 10,039
  • 22
  • 77
  • 144

2 Answers2

1

There is a possibility, that after deleting specific file and before wiping all disk, freed sectors will be assigned to some other file.

So it will be more secure to wipe a specific file. And then I suggest to wipe all disk in case there were any temporary copies of this file, created by eg. some editor.

Also note that on SSD drives it's not enough to wipe a file, since drive controller can write new data in another sectors or even memory chips, to extend drive life. You can google for TRIM keyword to get more details about this behaviour.

Tomasz Klim
  • 1,466
  • 12
  • 13
  • Does it make a difference to securely wipe the specific file (as opposed to using the OS's delete) if you're still wiping free space afterwards? – Celeritas Jul 26 '15 at 23:34
  • Yes, because you can have some temporary copies you don't know about, which has been unsecurely deleted (without wiping, which is common for eg. text editors). – Tomasz Klim Jul 27 '15 at 05:38
  • I think you red the question backwards. What's the point of securely deleting if you're going to wipe free space anyways? – Celeritas Jul 27 '15 at 08:13
  • If you're normally deleting the file (instead of wiping), just recovered free space can be assigned to another file, which overwrites deleted data only once, and even can leave some free space in its last cluster (up to 4 kilobytes at normal circumstances), that is not overwritten at all. – Tomasz Klim Jul 27 '15 at 08:30
  • Oh ok. "...which overwrites deleted data only once..." it's my understanding the the # over overwrites isn't that important. Is this true? – Celeritas Jul 27 '15 at 08:38
  • Number of overwrites is important, read about "high fly writes" and other possible anomalies for "classic" drives, and for "wear leveling" for SSD drives. And again, remember about the last cluster of new file, which can still have old data not overwritten at all. – Tomasz Klim Jul 27 '15 at 08:47
  • Oh really, according to here "a single overwrite is adequate for all current magnetic hard drives" http://security.stackexchange.com/questions/5662/is-it-enough-to-only-wipe-a-flash-drive-once – Celeritas Jul 27 '15 at 09:15
  • Again, read at least about "high fly writes". – Tomasz Klim Jul 27 '15 at 09:17
0

well wiping free space is best if you already normally deleted the file and therefore have no pinpoint left to make a pinpoint wipe (aka erase just the file completely) The good thing is that if you are going to do disk wipe for any reason, you essentially can just normally delete anything else you want to lose (e.g. temp copies etc.) and then do the freespace wipe.

My1
  • 394
  • 2
  • 12