Quick approaches to prevent users from recovering files from free space

1

I have an HP EliteBook 8570w laptop with Windows 7 64x, and I am getting a new laptop, so I want to sell my old laptop. I removed all my personal data, but based on my knowledge, users can recover deleted files. So I downloaded a tool named File Shredder, and I chose to shred the free space using the most aggressive approach "Gutmann 35 passes". But since I have 500GB free space, this process is taking too long. Can anyone advise if there is a faster way to shred free space? I thought of this approach: I have an SQL server setup files (size around 2 GB), so if I copy/paste this file multiple times till my laptop's hard disk become full, then I can delete those copies, so in this case I do not think anyone can recover anything. is this correct?

test test

Posted 2019-11-21T16:26:59.397

Reputation: 161

If you have a manufacturer install disk or the laptop had a restore partition, it is more effective to perform a "Factory Reset" that formats the HD and restores the original state without any of your data. I mention this because it's possible for personal data to be stored in unexpected places. FileShredder is appropriate for the specific case of "I want THIS specific file to go away", but there could be other files you've forgotten or that got saved in the wrong spot. – Christopher Hostage – 2019-11-21T17:28:13.047

Your idea — to fill the disk with files that you will then delete — is probably good enough, unless your data is very valuable and your disk is going to fall into the hands of somebody with vast resources. But the lowest setting on your file shredder (e.g., “one pass”) is probably equivalent (or better) and is probably as fast (or may be faster). – G-Man Says 'Reinstate Monica' – 2019-11-21T20:43:09.373

Answers

0

What File Shredder is doing

File Shredder is a utility that you run from within Windows environment. It writes to the same space of the hard drive multiple times, making it harder to recover what was there to begin with.

Methods to "permanently" delete files from Windows

The main ways you can delete files are the following:

  1. Delete from your Windows environment - This just removes the files from the file lookup table but can generally be found with File Recovery software pretty easily since the data still exists until it is rewritten.
  2. Run zero or random passes to sectors where files were located from within Windows - This is what File Shredder appears to be using. This keeps your Windows OS in tact but targets either an external drive that Windows is not installed to or certain sectors of the Windows one. These type of tools are generally better than the first but can theoretically be found again if Windows stores any information about them.
  3. Run zero or random passes to entire hard disk - This method is usually launched from another hard drive, CD, or USB drive as it can't be loaded from Windows since it will also delete windows and everything on the drive. This is the most secure as it basically turns all bits on the hard drive to be 0's (or random bits) as if nothing was there.
  4. Destroy the physical drive - Run a drill through the drive or shatter the disc inside then it is pretty much impossible to recover but obviously you can no longer use the drive.

How to decrease the possibility of recovery

Theoretically anything can be recovered but what you are trying to do is make it incredibly difficult / unlikely. Generally you would go with the least expensive approach for what kind of data you are deleting. If you have stuff that isn't top secret then I would recommend free options.

The approach to zero a drive has three important factors:

  1. Zeroing / Random algorithm (What's the best algorithm to secure erase HDD?) This is the method the software uses to apply zeroes / random bits. Generally the more expensive methods do a "better" job; however, as pointed out in the link there has not been any published papers or known attackers who could get past a free single pass.
  2. Number of passes this is the number of times the software will cycle through the drive writing 0's or random numbers to each bit. The more passes, the less likely it is to recover. Like mentioned in #1 though, nobody published has ever gotten past one pass.
  3. Cost Like I mentioned, I would recommend the free methods.

How to go faster?

Your question was how can you make the tool run faster. Based on what I explained above, you can either modify the algorithm / cost or you can modify how many passes the software takes. Since you state that you have it set to 35 passes, I would recommend less passes if you are satisfied with that level of security.

Eric F

Posted 2019-11-21T16:26:59.397

Reputation: 3 070

Minor point: (1) is not true. Deleting files in the Windows environment does not "remove data." It deletes the file entry database/lookup table. If the file system was an apartment building, deleting files is more akin to simply removing the label off of a mailbox but leaving everything in the apartment: the contents are only removed or altered when a new tenant moves in. This is how file recovery programs are able to recover files. I once ran a recovery process on a drive which had been repurposed in 5 machines over a 10 year period and recovered files from the original install. – Yorik – 2019-11-21T21:43:23.190

@Yorik Thanks. I updated my answer and you are correct. I was trying to give a best overview type of answer so OP understands what his options are. – Eric F – 2019-11-22T13:32:34.827

Asked: 2019-11-21T16:26:59.397

Viewed: 48 times

Active: 2019-11-22T13:32:00.847