Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wanted: Recommondations for Wiping Deleted files

Status
Not open for further replies.
Are you wanting to wipe the whole disk, or just selected files?

If the whole disk, the 2 best are probably DBAN and Active KillDisk.

For individual files, I know CCleaner has functions for more secure deletions - no idea how secure it is, but CCleaner is a good program otherwise.

And there are others as well... though can't think of them off the top of my head.
 
Yes, that's an excellent program to have around - whether you want to do secure deletions or not. It's temp file clean-up, and registry clean-up tools are very good.
 
Ummm..... One should note that this type of wiping is good for the average Joe. But, should the person trying to recover your files be a member of law enforcement, I wouldn't guarantee that wiped is really gone.

So, in other words, it depends on who's after the data that you have purged and what tools they have to recover. A false sense of security is no security.
 
Could you elaborate a bit? I've read that these tools typically write zeros on top of the files five times or so. I've also read that with special equipment, one can recover the contents of a disk sector back 7 or 8 generations of write overs.

Unless you are talking about removing the disk and using special hardware that a law enforcement agency might have, how would a thief scavenging recycled computers for credit card numbers on the hard drives be different than a member of the law enforcement?

Thanks,
siegfried
 
Unless you are talking about removing the disk and using special hardware that a law enforcement agency might have"

That's EXACTLY what I'm talking about. Most people that get your hard drive are not going to be able to defeat your wiping attempt. They could use something like GetDataBack, but I just tested my hard drive after a wipe and it showed nothing recoverable, as an example.

I'm just saying that if it were the FBI investigating someone for spying or terrorism, they would bring some neat tools to the party that might make your head spin and wiping wouldn't be enough.

Bottom line - if you're done with a hard drive, drill some holes through it or use it for target practice. If you're just giving it to your aunt as a second hand computer - no worries (or not many).

See here for more discussion:
 
From the OP's question, I don't think they're really looking for total disk wiping. Frankly, I asked to be sure, and they said, basically, no. They're just looking for a secure erase utility for by-file erasing...

So, the other being true, it's not directly relevant.
 
Look on Download.com for eraser. The eraser project ETC. This program will overwrite individual files multiple times. Also has a left click erase option.

Works well on XP not so good on WIN 7 last I checked.


Hope this helps
ED

1a2 to ip I seen it all
 
Right KJV - it was more of a heads up to anyone that reads this that might want to get a false sense of security.

The message still applies though to single file "wipes".
 
I want a utility that will erase the contents of files that have been previously deleted. When 1a22ip says "This program will overwrite individual files multiple times".

This makes me wonder if you have to specify the file name. That could be difficult if the file is already deleted.

Thanks,
Siegfried
 
You just need something that wipes slack space (space between the end of a file and the cluster it occupies) and free space. That just about covers it, except for files you WANT TO KEEP.

These are two that are NOT free.
Webroot Windows Washer
Kremlin
 
Eraser will also erase cluster tips. So if the files are already deleted erasing cluster tips and a defrag will get this done for you.


Thanks
ED

1a2 to ip I seen it all
 
I'm surprised no one mentioned SDelete by Windows Sysinternals. Description is at the link supplied.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
winxp already came with "free disk space wiper", after you delete the files, open command prompt & run
cipher/w:c: to wipe the free space on c:,
cipher/w:d: to wipe the free space on d:. etc
 
> will overwrite individual files multiple times

>I've read that these tools typically write zeros on top of the files five times or so

Laboratory tests carried out by people who are very serious about this sort of thing (for example the NSA, and the CMRR) have demonstrated that multiple overwrites are no more secure than a single overwrite on drives released in the last decade

>SDelete
SDelete dates from 1999, the era when you could still just about recover data that has been only overwritten once and, as such, implements the then active DOD 5220.22-M (indeed, they proudly mention this on the web page). That document has been obsolete for some years now, and is replaced by NIST 800-88 which a) no longer stipulates multiple overwrites to delete data securely and b) officially makes the point that I've made above - single overwrites are as effective as multiple overwrites these days

(BTW, this isn't to say SDelete is not a good tool; it's just you can happily operate it in single-pass mode and safe yourself a bunch of time ...)


Just to be clear - I'm not suggesting that simple overwriting of data (single or multiple pass) using a 3rd party tool will defeat laboratory attack, just that multiple write are no more effective than single writes, and that tools that proudly proclaim that they implement DOD 5220 (as many do) are living in the past.


Having said that ...

>and wiping wouldn't be enough

Actually, modern (S)ATA drives (anything built from 2001 onwards) come with a built-in single-pass wipe command (Secure Erase) that will render data unrecoverable even by laboratory attack methods.

The CMRR provide a tool to invoke this command here

 
What would be different about SATA drives and this Secure Erase that it would be more effective than tools used on IDE drives. That doesn't make sense to me.
 
This is a good and short read:


For the paranoid amongst you, this is what I was referring to:
"Even such physical destruction is not absolute if any remaining disk pieces are larger than a single 512-byte record block in size, about 1/125” in today’s drives. As linear and track densities increases, the maximum allowable size of disk fragments become ever smaller Destroyed disk fragments of this size have been studied by the CMRR2. Magnetic microscopy is used to image stored recorded media bits.
 
>That doesn't make sense to me

Then you might want to do some research of your own (and the issue is nothing to do with IDE versus (S)ATA - IDE drives are ATA drives)

>For the paranoid amongst you, this is what I was referring to

Hughes is out of date on this, I'm afraid - or simply being optimistic. Magnetic Forced Microsocopy is more or less impractical for use on modern hard disks (particularly so in a forensic role where we do not know where the data we want actually is on the disk), even if they are not smashed up (and, anyway, even where it works MFM cannot recover overwritten data). You might like to try and get hold of "Overwriting Hard Drive Data: The Great Wiping Controversy" by by Craig Wright, Dave Kleiman and Shyaam Sundhar R.S. as presented at ICISS2008 and published in the Springer Verlag Lecture Notes in Computer Science (LNCS)
 
I don't really care about this thread any more regarding the SATA vs. PATA and Secure Erase so no worries.

READ WITH HUMOROUS TONE
So, your sayin' those holes I drilled in that old hard drive worked pretty throughly for me without shredding the drive to near microscopic bits??
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top