Secure deletion of data.

When did you last delete a file? Back when hard disks were measured in megabytes, it was common to delete files as soon as you’d finished with them, in order to free up disk space. In these days of terabyte-sized hard disks, however, it’s easy to accumulate huge archives of documents, emails, data files and program caches.

This can be a godsend if you need to dig out a reference from years ago. But this information could be a liability if it fell into another’s hands. For example: your email archive may contain login and payment details for online services; browser caches and system logs can reveal what you’ve been up to online, and even store private information that’s been displayed on a web page. The temporary files created by programs such as Word and Excel may also contain confidential data – even if it’s been removed from recent versions of documents.

Most of us understand the importance of wiping all these personal files before disposing of a PC, whether you’re passing it on to a friend, selling it or simply taking it to the dump. But deleting files doesn’t erase the sensitive data as permanently as you might hope.

If you’re unlucky enough to have your PC stolen, you might not even get the opportunity to erase your data. And it would be easy for a hacker to create malware that collects potentially valuable data from infected PCs.

Clearly, it isn’t realistic to try to keep your PC completely free of personal files. For sensitive files that you use regularly, it’s worth using encryption – a subject we’ll return to in a future How To. As a general rule, keep only as much private information on your PC as necessary, and regularly purge anything you don’t need.

INSECURE DELETE
An easy way to start this process is by clearing out old caches and temporary files. There are plenty of free programs that can help you with this: the Disk Cleanup tool that’s built into Windows can remove all sorts of system logs and unneeded files created by Internet Explorer. The free CCleaner tool from Piriform can additionally clean up the files left behind by a wide range of applications. For obvious reasons, these programs won’t touch your personal files; but once they’ve worked their magic you can delete remaining sensitive documents by hand.

Of course, deleting files doesn’t mean simply sending them to the Recycle Bin. It’s well understood that, so long as you haven’t emptied the bin, “deleted” files can be easily recovered at a later point in time, by you or anyone else.

It’s also important to realise that even after the bin has been emptied, and the deleted files are seemingly gone for good, it may still be possible to recover them. The same applies to files that are deleted by disk cleanup tools that bypass the Recycle Bin.

This is because of the way files are stored on a hard disk, and the way they’re deleted in Windows (and in many other operating systems, too). When you write a file to hard disk, the data is written across multiple sectors of that disk, and an entry is made in the Master File Table (MFT), recording among other things the name of the file and details of which sectors on the disk contain its data.

When you delete a file, however, Windows doesn’t bother removing all the data from the various sectors of the disk. It simply removes the MFT entry. The sectors are de-allocated, ready to be overwritten next time you write a file to the disk.

This approach has an obvious benefit: it’s almost instant, regardless of the size of the file you’re deleting. If deleting a file actually removed all its data from the hard disk, deleting large files would end up taking several seconds or more, tying up the hard disk and making your PC less responsive.

But since the “deleted” data remains on the disk, it can be recovered. Indeed, before the Recycle Bin was introduced in Windows 95, if you accidentally deleted the wrong file, your best chance for recovering it lay with an MS-DOS utility called Undelete. This tool scanned the hard disk for data that had been de-allocated but not overwritten, and recreated file table entries so it could be seen and accessed once more.

Is this a good thing? We’re sure the ability to recover accidentally deleted files has saved more than one career in the past. Even today, 16 years after the arrival of the Recycle Bin, we still regularly hear of people accidentally wiping important files, and as a result there remains a healthy market for data recovery tools. There are free options, such as Recuva, again from developer Piriform.

Unfortunately, the ability to undelete files cuts two ways. If you can recover files that have apparently been wiped, so can someone else: for example, the person who buys your old laptop on eBay, or the person who pulls your old hard disk out of a skip. You might therefore think of Windows’ deletion function as “insecure delete”

QUICK FORMATTING
It’s also worth noting that Windows’ Quick Format function works in a similar way. Rather than writing blank sectors across the entire surface of the disk, a Quick Format simply creates a new, empty MFT. In this way, even a huge 2TB drive can be formatted in seconds.

One hazard of quick formatting is that the hard disk isn’t tested for errors: if there are any physical problems with your disk, you’ll only discover them at some inconvenient point down the line, probably when you’re in the middle of writing or reading an important file.

More to the point, if a disk has files on it before you perform a Quick Format then – just as with the regular delete function – the data isn’t removed. It remains in place, and with the right tool the old files can be recovered. The MS-DOS Undelete tool had a counterpart called Unformat, which could restore a formatted drive in exactly this way.

This doesn’t mean there’s no point in deleting temporary files on a regular basis, or wiping all your personal data before putting your PC in a situation where someone else might be accessing the hard disk. It just means it’s unwise to put all your faith in Windows’ built-in delete and Quick Format tools.

RECOVERING DATA
If you want to be sure your deleted files can’t be recovered, it clearly isn’t good enough to leave the data sitting on the disk, where a free program can recover them. The question is: what, then, is good enough?

To defeat data recovery software, you simply need to overwrite your old data with new, non-sensitive data. One way to achieve this is by erasing your private files, then writing junk files to your hard disk until it’s completely full, thus ensuring that the areas of the disk holding the deleted data have been overwritten. Another approach might be to defragment your hard disk: as your files are shunted into one contiguous area of the disk, any gaps left by deleted files should be filled up with new data.

Clearly, though, it’s impractical to go through such time-consuming processes every time you want to securely delete a file. And if you do defragment your drive, it’s possible that some fragments of deleted files may remain scattered in unused areas of the disk. This data may be out of reach of simple tools that merely try to reconstruct the file table, but it can still be found by programs that scan the whole surface of the drive to recover fragments of information. For example, a thief might opportunistically search your drive for any disk sectors containing the string “password”, to see what other data appears nearby.

Snippets of old data such as this can also be left behind when a large file is deleted, then overwritten by a smaller one. So if you want to be sure there’s no orphaned data hiding away, you also need to wipe the unused space on your disk. (Many defragmentation tools can do this automatically after the defragmentation process is complete.)

PHYSICAL DATA RECOVERY
Overwriting every sector on a drive should prevent anyone from using software to recover private data. But even this isn’t necessarily secure. This is down to the way data is stored on a hard disk platter. Put simply, binary data is encoded on a disk platter as a series of magnetic “marks”, polarised in one direction to represent a zero and in the opposite direction to represent a one.

A regular drive controller will interpret these marks in a purely binary fashion: for each one it can only read either zero or one. Once you overwrite a one with a zero, the controller can’t tell you anything about what was there before.

But if you remove the platter from the drive and analyse it with a laboratory magnetometer, it’s possible to detect revealing variations in the magnetisation of the marks. For example, let’s say you wanted to analyse a series of zeroes. You’d likely observe that some zeroes had a magnetic polarisation that was slightly stronger and more coherent than others. From this, you could infer which marks had been set to zero twice in a row, and which had previously been set to one and then switched to zero. From here you could have a good stab at recreating the data that was previously there.

The process is far from foolproof. No data recovery service guarantees to recover data that’s been overwritten. It’s slow and expensive, too, so if you’re not a high-ranking politician or a terrorist suspect it’s highly unlikely that anyone would expend the time or effort trying to recover your data in this way.

But, when your privacy is at stake, it doesn’t pay to be blasé. And since magnetic analysis doesn’t rely on the drive’s internal electronics, some data could still be recoverable even if you resort to methods of physical destruction, such as smashing the disk open or punching holes in it.

Happily, it’s simple to protect against this sophisticated type of analysis. You merely need to overwrite the data you want to obscure multiple times, with an unpredictable pattern of bits, until even with the most advanced measuring equipment in the world, it’s impossible to guess how the magnetic fields were originally aligned.

And, as luck would have it, there are plenty of programs out there designed to help you do just this.

SECURE DELETE SOFTWARE
There are dozens of utilities that can overwrite sensitive files and unallocated space on your drive, making your deleted data unrecoverable. Some call this “shredding” files: others refer to it simply as “secure deletion”.

One popular free tool is Eraser: you can download it from www.heidi.ie/eraser. Eraser integrates into Windows Explorer, so you can securely delete a file by right-clicking on it and selecting Eraser | Erase from the context menu. There’s also an option to Erase on Restart, making it easy to securely remove files that are locked.

By default, files are deleted using the Gutmann algorithm. Devised by Peter Gutmann in 1996, this deletion method overwrites files 35 times with a series of different data patterns. It’s certainly secure, but performing this many passes is time-consuming – we found deleting a 100MB file involved nearly 30 seconds of disk activity.

For this reason, you may want to switch to a different deletion algorithm: in the Settings view in the main Eraser interface you’ll find 13 to choose from, including various government standards. The differences lie in the precise patterns of bits that are used to overwrite your sensitive data, and in the number of passes that are used. Many military-grade algorithms involve only two or three overwrite passes, so they’re much quicker than the Gutmann process. And if they’re considered secure enough for the army then they’re probably fine for your banking details.

Eraser lets you set up a schedule – useful if, for example, you want your temporary files to be automatically purged on a regular basis. It can also overwrite the free space on your drive to a schedule, ensuring that when another program deletes

Also, if you don't mind using the command prompt, try:

SDelete v1.6 by Mark Russinovich of Sysinternals fame
The latest version is from September, 2011
Check the link below:
http://technet.microsoft.com/en-us/sysinternals/bb897443

Cheers