Win7 Pro: what is the best way to delete deleted files?

[leh18621]

For both work (I work in IT) and for personal use I am surprised at how many deleted files from someone's computer can be easily recovered. It has gotten me thinking, how can deleted files be truly deleted without physically damaging a drive?

I know there are programs out there that will wipe free disk space and seem to do a decent job, but I wonder if they files can actually still be recovered. I tested with recuva and ccleaner. I first ran recuva with deep scan on a laptop and found thousands of files. I then wiped free disk space with ccleaner, and then ran recuva again. Recuva couldn't find any deleted files at that point, but are they really unrecoverable at that point?

Without physically damaging a drive (which I wouldn't want to do since laptops at work get re-used for other users), is there a better way than ccleaner or other program to delete deleted files?

 

[SuperSubZero]

wiping free space is just 'the way you do that'.

 

[skiddierow]

Deleted files are basically marked OK to overwrite.

A safe way you could do that is fill the HDD up with junk files.

I see those recovery programs pull attributes that describe the file very well, and then data inside is a mess in the case of accidental overwrite.


IMO, I would set up a deployment box, secure erase the HDD. You can better evaluate the state of the HDD with a full erase (undiscovered bad sectors, for ex.).

 

[Liger88]

Yes, they are unrecoverable and only theoretically recoverable with millions of dollars of equipment and thousands of man hours. Governments and Corporations rely on these "erasing" software. The penalties for improperly deleting sensitive data can cost millions and or lead to much worse (prison). Deleting free space at regular intervals should be the minimum if you want some kind of security, if you're not like me and got in the habit of safely deleting every file and doing monthly free space wipes.

It wont harm a Hard Drive, but it's practically useless on SSD's. All you need is a program that can run TRIM on demand (careful don't run too often). Also anything past just a single zero wipe is unnecessary. If you want to go overboard a single random value wipe, but none of that 3-6x nonsense and definitely not that 33 wipe one. Once is good enough and its exactly what SSD's do with TRIM.

 

[leh18621]

Yes, they are unrecoverable and only theoretically recoverable with millions of dollars of equipment and thousands of man hours. Governments and Corporations rely on these "erasing" software. The penalties for improperly deleting sensitive data can cost millions and or lead to much worse (prison). Deleting free space at regular intervals should be the minimum if you want some kind of security, if you're not like me and got in the habit of safely deleting every file and doing monthly free space wipes.

It wont harm a Hard Drive, but it's practically useless on SSD's. All you need is a program that can run TRIM on demand (careful don't run too often). Also anything past just a single zero wipe is unnecessary. If you want to go overboard a single random value wipe, but none of that 3-6x nonsense and definitely not that 33 wipe one. Once is good enough and its exactly what SSD's do with TRIM.

At this point, most of our computers use SSD's (all new computers we buy are SSD only). Is there a program out there that you would recommend that would run TRIM on demand?

 

[Liger88]

At this point, most of our computers use SSD's (all new computers we buy are SSD only). Is there a program out there that you would recommend that would run TRIM on demand?

I haven't looked into it myself because the Defrag I was using previously on my HDD's (O&O Defrag) has a built-in TRIM scheduling I discovered when I upgraded to a SSD. I had it running daily for a couple months and had to stop and set it to bi-monthly because it wore my SSD out 6-7% in just a couple months lol.

 

[mi7chy]

You can use schedule a job to zero out free disk space with Microsoft's sdelete cmd line tool. Or, better yet use disk encryption if you're concerned about DLP.

 

[/dev/null]

At this point, most of our computers use SSD's (all new computers we buy are SSD only). Is there a program out there that you would recommend that would run TRIM on demand?

fstrim on linux does this.

 

[leh18621]

You can use schedule a job to zero out free disk space with Microsoft's sdelete cmd line tool. Or, better yet use disk encryption if you're concerned about DLP.

On one of the laptops I tried the sdelete command. I then ran Recuva and most of the deleted files were still recoverable.

 

[leh18621]

fstrim on linux does this.

Is there a command in Windows 7 that would force TRIM to manually run? I know how to enable/disable TRIM, I just can't figure out if there is a way to force it to clean everything out.

 

[crimethinking]

Is there a command in Windows 7 that would force TRIM to manually run? I know how to enable/disable TRIM, I just can't figure out if there is a way to force it to clean everything out.

There isn't, but I found this ForceTRIM utility here: http://www.thessdreview.com/Forums/software/2647-forcetrim-excellent-little-proggie.html

 

[SuperSubZero]

On one of the laptops I tried the sdelete command. I then ran Recuva and most of the deleted files were still recoverable.

That is strange as sdelete is pretty thorough in it's secure deletions. It's also been out for almost two years, so if you are 100% absolutely sure that it doesn't work, you should let Microsoft know.

 

[mattkane]

(Sorry about raising an old thread, but I think this goes best here...)

A couple of days ago I found out that neither CCleaner nor Eraser can securely erase everything on a USB stick.

I "secure erased/wiped" a couple of USB sticks (entire drive, 7-pass scrambling). However, some files could be perfectly recovered using Recuva afterwards.

After wiping the USB sticks with DBAN, Recuva did not find any old files.

So here's another "plus one" for DBAN. I think programs running on Windows can't properly access every area on an USB stick (or a hard drive).

 

[Monkey34]

ccleaner or eraser with the 7pass overwrite. The first free-space run will take a while. After that you can delete individual files as you go with the right-click "delete with".

 

[Tawnos]

Bitlocker the drive?

 

[SvenBent]

in win7 pro you can overwrite empty space with a simpel command.

*first empty you recycle bind
* then go into a elevated cmd windows and type "cipher /w:<driveletter>:"

It will do a 3 pass DOD5220 erasing of all empty space. aka deleted files

 

[B00nie]

Yes, they are unrecoverable and only theoretically recoverable with millions of dollars of equipment and thousands of man hours. Governments and Corporations rely on these "erasing" software. The penalties for improperly deleting sensitive data can cost millions and or lead to much worse (prison). Deleting free space at regular intervals should be the minimum if you want some kind of security, if you're not like me and got in the habit of safely deleting every file and doing monthly free space wipes.

It wont harm a Hard Drive, but it's practically useless on SSD's. All you need is a program that can run TRIM on demand (careful don't run too often). Also anything past just a single zero wipe is unnecessary. If you want to go overboard a single random value wipe, but none of that 3-6x nonsense and definitely not that 33 wipe one. Once is good enough and its exactly what SSD's do with TRIM.

Funny, I've never had a file yet on my computer that would require a safe deletion. What on earth are you storing there?

 

[SvenBent]

Yes, they are unrecoverable and only theoretically recoverable with millions of dollars of equipment and thousands of man hours. Governments and Corporations rely on these "erasing" software. The penalties for improperly deleting sensitive data can cost millions and or lead to much worse (prison). Deleting free space at regular intervals should be the minimum if you want some kind of security, if you're not like me and got in the habit of safely deleting every file and doing monthly free space wipes.

It wont harm a Hard Drive, but it's practically useless on SSD's. All you need is a program that can run TRIM on demand (careful don't run too often). Also anything past just a single zero wipe is unnecessary. If you want to go overboard a single random value wipe, but none of that 3-6x nonsense and definitely not that 33 wipe one. Once is good enough and its exactly what SSD's do with TRIM.

Actually there is a reasons for the 3 pass method. the first two passed are reveresed bit patterns to do ab analog bit knocking.. if you don;t do that pass you can see previous bits by analyzing on the analog levels.
aka if 1 is 100% charged and 0 is 0. there are some safety margins around, so anything above 60% would be 1 and anything below 40 would be 0.

now if you had a low charge previously aka a 0 so 0% charged. and you write a 1 aka a full charge you might end up somewhere around 80% only. So this is a low charged 1 leaving trace about the previously pass this bit was actually a 0
if it was a 1 overwritten with a 1 it would a high charged 1 aka around he 95+% mark.
the reverse is true with high charged and low charged 0's as well

so 3 overwrites does have its purpose and you will see that very often the first 2 passes are just for analog bit knocking. and the 3 wipes is then random data.

you are truly right about the guntman methods of 33-37 passes is a big misunderstanding. those passes where for different equipment and not to be used together or on modern day hard dries

Regular maintenance clearing should be enough with a run of random bit patterns
but before getting rid of the drive you should do the 3pass method

 

[Liger88]

in win7 pro you can overwrite empty space with a simpel command.

*first empty you recycle bind
* then go into a elevated cmd windows and type "cipher /w:<driveletter>:"

It will do a 3 pass DOD5220 erasing of all empty space. aka deleted files

That's pretty cool. I didn't even know it was built-in (alas hidden) to Windows. They don't advertise that feature whatsoever.

Funny, I've never had a file yet on my computer that would require a safe deletion. What on earth are you storing there?

Started off with curiosity, then just got into practicing what I preach. Having been one of those chumps that preached good security, privacy, backing up, and passwords, I was doing the opposite for most of my hypocritical life until a couple years ago.

Started taking imaging my machine seriously and literally a week after I started it paid off and has since multiple times after years of never doing it. Started wiping my hard drive's free space mainly because of stories I heard about people who sold their machines. Automatic scripting kind of made it a background process I never notice. Wiping files was another thing I got used to because I never delete a file and hope to recover it. Never have, never will. Plus that's what I have daily, weekly backups for. Always a risk with that but it has yet to bite me. Plus I figure if Mac and Linux have this kinda built-in automatically whats the harm?

Steve Gibson got me interested in Encryption as did my Cisco course so I started to learn that and now it's just kind of fun to play with. Just this past May I finally moved to a Password Manager after getting my Hotmail account hacked by some Russian for the second time in as many months.

It's more a feeling of accomplishment and things snowballing. It's way overkill, but I'm a serious advocate for privacy and security. I feel in this Facebook era it's starting to get lost and with that eventually come our rights. I never felt good offering people advice that I never took myself.

That's my story sorry for wall of text.

Actually there is a reasons for the 3 pass method. the first two passed are reveresed bit patterns to do ab analog bit knocking.. if you don;t do that pass you can see previous bits by analyzing on the analog levels.
aka if 1 is 100% charged and 0 is 0. there are some safety margins around, so anything above 60% would be 1 and anything below 40 would be 0.

now if you had a low charge previously aka a 0 so 0% charged. and you write a 1 aka a full charge you might end up somewhere around 80% only. So this is a low charged 1 leaving trace about the previously pass this bit was actually a 0
if it was a 1 overwritten with a 1 it would a high charged 1 aka around he 95+% mark.
the reverse is true with high charged and low charged 0's as well

so 3 overwrites does have its purpose and you will see that very often the first 2 passes are just for analog bit knocking. and the 3 wipes is then random data.

you are truly right about the guntman methods of 33-37 passes is a big misunderstanding. those passes where for different equipment and not to be used together or on modern day hard dries

Regular maintenance clearing should be enough with a run of random bit patterns
but before getting rid of the drive you should do the 3pass method

Oh I know it's still possible, hence the theoretical part. I've done a good amount of research on the topic and decided unless you were working with very sensitive data anything past zeroing out or a 1 random character wipe is mostly over the top. If you were wiping a lot of data it would take a very long time, countless man hours, and boatloads of money to recover small portions at a time.

Very possible and mostly why a 3 key deletion set is required for legal reasons.