How to make deleted files unrecoverable?

filesystems undelete
5,855

Solution 1

Any tool that overwrites the data is ultimately going to stop casual attackers (and, very likely, even well budgeted attackers). Recovering data from an overwrite on modern hard disk drives is extremely difficult. You can use as fancy a tool as you want (overwrites data with a cryptographically sound random number generator, etc), but in the end even a simple overwrite with zeros will protect you from all but the most sophisticated attackers.

Beware of SSDs and attempting to overwrite data. SSDs do "wear leveling" and tools that simply overwrite files without any awareness to the underlying storage technology may not actually overwrite the data.

Solution 2

Non-Home editions of Windows come with a command-line tool called cipher.exe. In addition to letting you encrypt files with NTFS encryption, it also has a free-space wiping mechanism. e.g.

C:\> cipher /W:C:\

It will then wipe all free space on the designated drive. Other tools can do one-off file wipes, but I like cipher.exe because it is built-in on most Windows editions.

Solution 3

I've used SDelete in windows with success. http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx

Solution 4

I use SDelete from sysinternals to securely delete files from our PCI environment.

Solution 5

You could also, if you're worried about the recoverability of file names in that slack space, use a filesystem container, like one from TrueCrypt.

Share:
5,855
Sarbanjeet
Author by

Sarbanjeet

Updated on September 17, 2022

Comments

  • Sarbanjeet
    Sarbanjeet over 1 year

    If I delete files on a NTFS partition I can recover them shortly with a very high probability of success. When a file is deleted, only the file system entry is deleted, thus the content of the file will still remain intact for a periode of time, depending on the disk activity afterwards.

    How can I make sure that the files will be unrecoverable and what is the best tool to do the job?

    • Andrii Y.
      Andrii Y. almost 15 years
      you want to make them unrecoverable? might want to edit the question title, its kind of unclear
  • Sarbanjeet
    Sarbanjeet almost 15 years
    Note that SDelete securely deletes file data, but not file names located in free disk space. Any idea how to also make the names unrecoverable?
  • Spence
    Spence almost 15 years
    I don't think there's any documented API in NTFS to do that (to put a new file in a chosen MFT slot). You're going to have to resort to something that plays fast and loose with the rules. I don't think I'd trust production data to such a utility. If you're going to be into nuking filesystem metadata then even wiping all free allocation units isn't going to be good enough since there could be data leakage within the "slack" space inside allocation units used to track filesystem metadata. At that point, you're better off overwriting the entire filesystem with zeros.
  • Chris W. Rea
    Chris W. Rea almost 15 years
    A complete free-space wipe could address the SSD wear-leveling issue.
  • Spence
    Spence almost 15 years
    @cwrea: Ever heard of "reserved cells" or "reserved blocks" on a flash device?
  • Spence
    Spence almost 15 years
    Bear in mind that, if you're trying to cover your nefarious tracks, that cipher and sdelete both don't wipe slack space (the space between the logical end of a file and the end of the allocation unit it was stored in).
  • Brian Knoblauch
    Brian Knoblauch almost 15 years
    Magnetic media sometimes also contain spare cylinders that get pressed into use at times that are out of your control.
  • Spence
    Spence almost 15 years
    @Brian: Absolutely true. The only sure way to make data unrecoverable is to destroy the media completely.
  • Sarbanjeet
    Sarbanjeet almost 15 years
    But then I wouldn't solve the problem of how to dispose of the original copies.
  • mpbloch
    mpbloch almost 15 years
    You could switch methodologies, and save all sensitive things to the contained system in the FIRST place. Then either write zeros or destroy the original medium.
  • Chris W. Rea
    Chris W. Rea almost 15 years
    @Evan Anderson: Good point. How about: Copy the files, delete originals, then run cipher's free space wipe? Assumes the file copy operation wouldn't preserve the slack space.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does Windows magically "couple" some files like this?
Flutter - How to save and play a recorded audio file?
List local files in directory with Flutter
Flutter - Saving user data
Where are i-node tables stored?
How to install squashfs-tools on Ubuntu?
Using symbolic link on directory with contents
What is the maximum number of files allowed in a HDFS directory?
System.IO.Directory.CreateDirectory with permissions for only this current user?
Creating a Desktop shortcut Eclipse on Linux Mint