18
5
Is there a built-in cmd command/utility on Windows that can shred files (delete and overwrite with random data) without the need to use third party software? In linux i would use shred. It a wonderful tool that not only deletes files, but also destroys any "residue" left on the disk by overwriting the data.
Tawfik Khalifeh
Posted 2012-09-06T20:12:25.970
Reputation: 307
8
Probably not. Unless they added one in Win 8
I recently purchased a new Pc with Win 7, the manufacturer bundled a third party shredder application. I infer that either there isn't one as standard (and I've never heard of one) or (less likely?) that the manufacturer added some unnecessary bloatware without the usual sliver of justification.
It's hard to prove a negative though.
Notes:
Shred only overwrites a file, it doesn't seek out fragments and copies of the data in unallocated disk space (caused by editing etc).
You don't need to overwrite a file more than once. Statements to the contrary have been thoroughly debunked long ago.
It doesn't matter what you overwrite it with.
So just copying a sufficiently large but innocuous file over the top will suffice.
Update
You could delete the file then use cipher
- Quit all programs.
- Click Start, click Run, type cmd, and then press ENTER.
- Type cipher /w:driveletter:\foldername, and then press ENTER. Specify the drive and the folder that identifies the volume that contains the deleted data that you want to overwrite. Data that is not allocated to files or folders will be overwritten. This permanently removes the data. This can take a long time if you are overwriting a large space.
It's probably quicker to just copy a big file over the sensitive file, but safer to clear unallocated space.
RedGrittyBrick
Posted 2012-09-06T20:12:25.970
Reputation: 70 632
Quick question. If i delete some files, say in C:\Downloads\Goat-pics and in C:\Download\favicons\potato-icons and then run cipher /w:C:\Downloads will it cover both of those drives? or does it need to be run on those folders directly? – PsychoData – 2014-07-16T16:13:08.737
@PsychoData: if Goat-pics and potato-icons are in separate volumes you need to run cipher on each volume separately. Otherwise you only need to run it once on the one volume that contains both folders. For most home users it is unlikely that there are multiple volumes or mount-points under C: - in which case cipher could just be used on C:. After all "empty" space (including fragments of deleted files) belongs to the drive/volume not to the folder.
– RedGrittyBrick – 2014-07-16T19:14:35.650@RedGrittyBrick yeah, that's what I thought. Free space wouldn't have anything to do with the folder. but, after reading your thing the help text from cipher makes sense. "If it is a mount point or points to a directory in another volume, the data on that volume will be removed." So, if the folder is a mount point, then it goes to that mount point's volume instead. Thats why it has the folder portion. – PsychoData – 2014-07-16T19:53:28.090
"You don't need to overwrite a file more than once" (I interpret "file" as "data over the same physical space"). You could need, if you care a little bit more than the average. E.g. http://en.wikipedia.org/wiki/Data_remanence and https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html
– ShinTakezou – 2015-05-08T07:12:58.960@ShinTakezou: As your first reference says, overwriting (once) addresses data remanence. There is no need related to conventional hard disk file storage that isn't addressed by overwriting once. See you only have to wipe a disk once and The uban legend of multipass disk overwrite
– RedGrittyBrick – 2015-05-08T14:38:37.450@ShinTakezou: Your second reference also says "On modern disks, a single pass should be adequate" – RedGrittyBrick – 2015-05-08T14:53:00.573
I think that "to debunk" is for things that have never been true, so the second comments (on modern disks) and "should be adequate" do not make your point 2 of the first list a totally correct statement. Not worth noticing, especially since in any case, if you really are worried, you will destroy physically the disk (after having "degaussed" it) and won't stand on the supposition that it'd be too much expensive even to try to recover some of your data from a randomly-wiped-once disk using clever and futuristic methods, in the hope there's still "deducible information" around… – ShinTakezou – 2015-05-08T16:40:42.467
1You cannot simply "copy a big file over the sensitive file". Because your editor might create a new file with the new content and simply unlink the old references. Because the filesystem might simply allocates new fragment rather than overwriting older ones. Because the hardware might be allocating the blocks elsewhere rather than overwriting them (esp. true with SSD for performance and wear-leveling). Finally the data might still be there on disk (e.g. snapshots) – Huygens – 2019-02-11T11:19:31.150
1
nice approach, i use to do exactly that, after using some pro data recovery tools, like recovermyfiles from GetData, i created a small c# program that create dummy data, by specifying the size, to defeat such tools. thanks for your help, i wish i could vote up, but i cant, (still new to super user). regards.
– Tawfik Khalifeh – 2012-09-06T22:19:09.6501Interesting, I learned something today. Thanks for this! – Mark Allen – 2012-09-06T22:33:33.780
8
Piriform's CCleaner offers an option to wipe out free space. File Shredder allows to wipe out a particular file "on deletion time"
**EDIT: Found something on MS' sysinternas. SDelete. Haven't tried but could give it a try.
Alfabravo
Posted 2012-09-06T20:12:25.970
Reputation: 552
already using it, for like 6 years :-), i just want to make sure there is no Microsoft standard for doing such a sensitive task. – Tawfik Khalifeh – 2012-09-06T21:38:32.150
Found something else. Check it out to see if it helps – Alfabravo – 2012-09-06T21:51:00.580
already checked it, given by @Moab in the above comments, found it useful, thanks for your interest. – Tawfik Khalifeh – 2012-09-06T22:00:08.953
1@sarepta MS is not great at providing standard tools for common tasks. Even when it does, third-party tools are often better. Windows is one platform where you shouldn't worry too much about sticking with the "official" way of doing things. – Isaac Rabinovitch – 2012-09-06T22:26:12.263
@IsaacRabinovitch indeed. Anyhow, sysinternal's stuff often solves such needs. – Alfabravo – 2012-09-06T23:11:05.537
@Alfabravo Indeed it does. That's why MS bought sysinternals. But it'd be nice if the built the functionality into Windows instead of making you download stuff, from sysinternals or otherwise – Isaac Rabinovitch – 2012-09-07T03:18:46.507
2
Not Windows-native, but likely to be already installed for many people reading this question: Git for Windows comes with its own ports of many common Unix utilities, including shred. By default it's located at C:\Program Files\Git\usr\bin\shred.exe.
Usage is the same as on Unix-likes, e.g. C:\"Program Files"\Git\usr\bin\shred.exe myfile.txt
Joseph Montanaro
Posted 2012-09-06T20:12:25.970
Reputation: 121
1
If you consider Powershell to be built-in, then it is possible to write a script let, maybe using Get-Random to overwrite the content of a file with random values, before deleting it.
This stack overflow question might be useful.
Dominique Jacquel
Posted 2012-09-06T20:12:25.970
Reputation: 156
have a complete functional c# program if you want (its a tiny-program not a full fledged one). – Tawfik Khalifeh – 2012-09-06T22:28:46.593
0
Today I Googled, found an article at lifewire.com, and settled on Eraser. I'm very impressed so far. It integrates with Windows Explorer, adding an Eraser -> Erase right-click menu pick.
tbc0
Posted 2012-09-06T20:12:25.970
Reputation: 259
0
SDelete is as close to native as I've ever found.
It has no installer, so if you simply extract the files to their own directory in Program Files, than add that to your PATH, you can use it from the command line as you would del. It can delete recursively and shreds both the file contents and name.
The first time it runs, it shows an "Agree to Terms" dialogue, so run it once before you script anything with it.
Walf
Posted 2012-09-06T20:12:25.970
Reputation: 254
I've never heard of anything "built in" to Windows. A major problem is that if you attempt to overwrite the file the file system may allocate the "overwritten" version in different space from the original, leaving the original untouched. So it takes some significant low-level understanding of the specific system and its configuration. (And this is doubly true if the "disk" is a SSD.) – Daniel R Hicks – 2012-09-06T21:00:37.433
2
Microsoft offers an addon program (sdelete) that runs from the command line....http://technet.microsoft.com/en-us/magazine/dd334519.aspx
– Moab – 2012-09-06T21:09:43.050Sdelete can be scripted also...http://forum.sysinternals.com/topic6065.html
– Moab – 2012-09-06T21:11:34.217@Moab That program, according to the cover page, overwrites free space -- not quite the same thing. – Daniel R Hicks – 2012-09-06T21:11:48.040
1
@DanH its more powerful than that...http://www.brighthub.com/computing/smb-security/articles/46693.aspx
– Moab – 2012-09-06T21:13:08.897Link is broken to download, here it is....http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx
– Moab – 2012-09-06T21:17:56.673I'm vaguely recalling installable file systems that automatically overwrite space as it's freed. This is probably the only really secure approach. – Daniel R Hicks – 2012-09-07T03:06:40.710