5

I want to delete the unused contents of a disk without leaving any traces, e.g. for giving it to a colleague or a customer. The colleague/customer shall receive some files which are already on the disk. However, I have used the disk for other purposes before and I have just deleted my files.

Until now I have

  1. deleted everything
  2. Run SysInternals SDelete with the -c switch on the drive

Using FTK Imager Lite I can still see some file names, although the file content seems to be destroyed. The reason for the filenames still being there is explained on the SDelete website.

How can I securely get rid of the file names?

Is is safe to just delete the volume in Windows disk manager and create a new NTFS file system using quick format?

I have tried that and at least FTK Imager does not show file names any more, but FTK Imager now relies on the new NTFS MFT, which is of course empty.

Note that I don't need to keep the MFT intact as in the question How to reset an NTFS MFT for no tracks of deleted files names to be found there?

Improve this question
1
  • 1
    The documentation for sdelete specifically documents that it doesn't delete the file names when running the clean or zero options to clear free space. If you had used sdelete to delete the files in the first place then it would be okay as it renames the files randomly first
    – munrobasher
    Commented Dec 11, 2015 at 11:24

4 Answers 4

Reset to default
2

Source Five hard disk cleaning and erasing tools

Brien Posey lists five tools that ensure your personal information is securely removed from all hard disks.

When it comes to disposing of old hard drives, simply erasing your files or reformatting the drive alone is not enough to ensure your privacy. In this age of rampant ID theft, it is more important than ever to ensure that your personal information is securely removed from all hard disks. That being the case, I decided to create a list of five utilities for securely erasing and formatting old hard drives.

Active@Kill Disk - Hard Drive Eraser

Active@ Kill Disk - Hard Drive Eraser is a free utility for securely erasing a hard drive. More importantly, this utility adheres to United States Department of Defense standards (DoD 5220.22M) for hard disk data removal.

Although some might consider it to be hokey, I especially liked the certificate feature. When a hard disk has been erased, the software generates a certificate that you can print as a way of proving that the disk has been securely erased.

Eraser

Eraser from Heidi Computers, is another free utility for securely erasing data from a hard disk. The most interesting thing about this utility is that it provides several different methods for overwriting data, based on a number of different standards. You can even define your own method for overwriting data.

This utility allows you to securely erase specific files, folders, unused disk space, or even the recycle bin. Furthermore, erase operations can be run manually or scheduled.

Shredit for Windows

Shredit for Windows is a privacy application that is designed to securely erase individual files, free space, or entire hard drives. The software lets you pick the write pattern and the number of writes. A number of different government standards are supported.

Shredit for Windows costs $24.95 for the download version or $34.95 for the CD-ROM version.

Disk Wipe

Disk Wipe is a free utility for wiping data from a hard disk in a secure manner. Like Eraser, Disk Wipe includes a number of different algorithms, including DoD 5220-22.M, and Peter Guttman. The really nice thing about this utility is that it is portable, so you don't have to install it to be able to use it. Furthermore, Disk Wipe works on more than just hard drives. It can also be used to securely wipe USB flash drives and SD cards.

Darik's Boot and Nuke

Darik's Boot and Nuke is a free, open source utility for securely erasing hard drives. Although this utility is designed to be secure and effective, the author does not explicitly guarantee that data is completely unrecoverable and there is no support for this application.

The article includes some screenshots of each tool.

Improve this answer
4
  • Seems like Active Kill Disk Hard Drive Eraser can only erase physical disks, not logical disks. In addition it displays invalid drive letter names for partitions which have no drive letter assigned. Other than that it looks like it has done the job.
    – Thomas Weller
    Commented Sep 25, 2014 at 8:44
  • 1
    Eraser works on logical partitions and shredders file names, which is a good feature. However, the usability of Eraser is strange: a mixture of context menu driven and button-style stuff.
    – Thomas Weller
    Commented Sep 26, 2014 at 12:30
  • Shredit: the links for the trial version are broken.
    – Thomas Weller
    Commented Sep 26, 2014 at 12:41
  • Disk Wipe only creates a new NTFS file system and formats the drive (non-quick). Nothing that Windows could not do with built-in tools, except the different erase patterns, which are actually a relic and no longer useful statement on heise.de (German) and here
    – Thomas Weller
    Commented Sep 26, 2014 at 12:56
1

For me, BCWipe did the job. I used free version on my home PC. Good is that I did not need wait until whole my 6TB drive is done, I could break BCWipe task just after it wiped all MFT data (it is done on the very beginning of the BCWipe tasks)

Now undelete tools like Recuva don't find any shredded file names.

From the BCWipe documentation:

() Wipe MFT records - for NTFS drives - MFT - Master File Table is a reserved space on NTFS disk, where the file system stores names and attributes of files. Small files may reside inside MFT completely. After ordinary Windows 'Delete' operation, Windows marks corresponding MFT record as 'unused'. Windows does not erase the MFT entry contents (that is why Unerase utilities work!). Any file that has been ‘deleted’ by Windows, can get its name restored by special utilities, and if the file body has not been overwritten, contents of the file can be recovered. BCWipe can wipe empty MFT Records - i.e. records related to deleted files. () Wipe directory slacks - NTFS direcrtory is a special file that contains names of files and subdirectories. Disk cluster that belongs to a directory is named directory node. Directory node has a slack (space from the end of directory data up to the end of cluster). On FAT/exFAT file systems, file names are stored in so called directory entries. Slack of the directory node or directory entry may still contain name of the deleted file, as well as other deleted data. () Wipe NTFS transactions log file - NTFS is a journaling file system and uses the NTFS Log ($LogFile) to record temporary data for all files you were working with. Transactions log file is used to restore file system in case of a failure.

Improve this answer
0

It might be that I am not understanding the whole question correctly, but why bother with all that complex stuff? If I wanted to properly wipe HDD so that no one can find out what was on it before - I would do the following:

  1. Copy all my useful data from that HDD to secure location
  2. Fill entire disk with random data using dd

When writing random data to disk I would make sure I am not writing to the partition but to the actual disk, to make sure I fill all space. This would include wiping the partition table. For example if disk is labeled as sda I would do

dd if=/dev/urandom of=/dev/sda

  1. If I was properly paranoid I would repeat step 2 several times (2 or three times max), possibly replacing urandom with random

  2. (Optional) Create new partition table with file system

I seriously doubt that any smart software would be able to recover initial contents of the drive after such wipe.

Also, if you are interested in additional info, I recommend reading "The difference between Windows Full Format & Quick Format". Quick format will not actually delete anything except for journalling information - actual data including all your files will remain where it is. To properly delete data you would need to overwrite it. Even after data is overwritten it is theoretically possible to recover it.

Improve this answer
3
  • dd is Unix. I use quick format, because I have already wiped the disk using SDelete.
    – Thomas Weller
    Commented Sep 24, 2014 at 14:45
  • dd is available for windows . Also I have to say that after reading description of SDelete I would never rely on it. Your own experiment just showed that you can see some data with FTK Imager Lite after using SDelete
    – Art Gertner
    Commented Sep 24, 2014 at 14:51
  • That's because the author is realistic. He wrote the "Windows Internals" book, the most detailed book about Windows I ever read. He surely knows what he's doing. I wonder whether other tools can do better.
    – Thomas Weller
    Commented Sep 24, 2014 at 17:56
-2

If you just want to get rid of the deleted file names, create some 10,000 files with random names in a folder and then delete them. Utilities like Recuva will display your random file names.

Improve this answer
2
  • How does this address the original question?
    – Pierre.Vriens
    Commented Jan 18, 2018 at 18:23
  • 1
    Even if this replaces file names with new random file names, the procedure is not reliable. How many "some 10000" files shall I create? And how?
    – Thomas Weller
    Commented Jan 18, 2018 at 18:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .