Saturday, March 7, 2009

Now You See It, Now You Don't

Lots of programs on the internet will claim to "erase your tracks" on your Windows-based computer. Well, you don't need to waste your money. Windows XP and later come with a built-in utility, that when used correctly, will overwrite the free space on your hard drive with ones and zeroes.

To make a long story short, when a file is deleted, the data blocks for the file still exist on the hard drive. The blocks that the deleted file occupy have been marked "available" for use by the filesystem. Recovering deleted data depends on these data blocks not having been overwritten yet.

Every act of creating, copying, or saving data on the hard drive with deleted data increases the chances that those "maked" data blocks will be overwritten, eliminating chances for a full, successful recovery.

If you want to ensure that data you've deleted is not going to be recoverable, you may think that simply formatting a drive will wipe the data. However, several types of "quick" formats may only specify the filesystem type and wipe the MFT or FAT, leaving the data blocks still intact on the drive.

To totally "erase" your data, you'll need to actually write data to every free region of your hard drive.

Now, as I previously mentioned, there are plenty of companies that will sell you programs to wipe your NTFS or FAT16/FAT32 filesystems--but they're not counting on you using a built-in utility to do the task.

What is this marvelous utility, you ask?

The utilitiy is cipher.exe. The main purpose of the utility is for EFS encryption. However, one of the switches can wipe the free space.

Running cipher /? at the command prompt in Windows 7 shows a whole host of options (in fact, too many to display here). The option we're looking for is the /W option:

C:\>cipher /?
Displays or alters the encryption of directories [files] on NTFS partitions.
...
CIPHER /W:directory
...
/W Removes data from available unused disk space on the entire
volume. If this option is chosen, all other options are ignored.
The directory specified can be anywhere in a local volume. If it
is a mount point or points to a directory in another volume, the
data on that volume will be removed.


Cipher with the /W switch will create a temporary file that will write over every block on your filesystem.

The appropriate syntax:

cipher /W:C:\

Will yield a screen like this:



As the screen indicates, close as many programs as possible. To achieve maximum data clearing effect, try grabbing a program like CCleaner to remove temporary internet files, temporary setup files, cookies, and a bunch of other personal data before wiping with cipher.
Posted by at
Topics: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)