We’ve long been told that when a file is deleted, its contents are not actually removed. Instead, the space the file formerly occupied is marked as “available” for another file to be written to later. Until that overwrite happens, the original, deleted information is still there.
This is the basis for many undelete and other data-recovery utilities. It’s also why most of those utilities recommend you stop using your disk if you accidentally delete something.
But what if you really want it gone? That’s where a technique called “secure delete” comes into play.
Basic secure delete
At its simplest, a secure delete overwrites the area on the disk where the file’s data resides, or used to reside, with random data. Once securely deleted, the previous data is no longer available.
Secure delete utilities generally either delete an existing file or overwrite all unused space.
Instead of deleting a file using whatever normal commands you might use, you use the secure delete program. It carefully ensures that the file’s contents are overwritten as part of the deletion. This is typically a quick operation, since it overwrites information only for the specific file or files you tell it to delete.
If the files you’re concerned about have already been deleted, an alternative is the “free space wipe”. This process writes data to all areas of your disk that aren’t currently in use — the “free” space. The net effect is the same: the contents of all previously-deleted files are overwritten. This can take more time, depending on how much free space your disk currently has.
A basic secure delete renders your data unrecoverable to most common forensic and data recovery tools.
Unfortunately, I did say “most”, and that’s where what I’ll call “extended” secure delete comes into play.
Extended secure delete
The best way to grasp this concept is to grab a pencil with an eraser.
- Write something on a piece of paper. That’ll be the equivalent of creating a file on your hard disk.
- Draw a line through what you’ve just written. That’s kind of equivalent to a “normal” delete. You can still see the data, but the line through it says, “This has been deleted; ignore it”.
- Using the pencil’s eraser, erase what you’ve written, including the line. That’s roughly equivalent to a basic secure delete: you actually physically remove what you’d written.
At this point, there’s a good chance you can still kind of/sort of see what you had written before.
The same is true for magnetic media like hard disks. With the right equipment — which typically means taking the hard disk apart in a clean room and using some extremely high-powered analysis tools — it’s possible that even overwritten data can be partially recovered, just like you could sort of make out what you had written in pencil and then erased.
Let’s continue with the pencil and eraser example.
- Write a line of capital “A’s” on top of the area you just erased.
- Erase the line of “A’s”.
- Write a line of capital “X’s” on top of the area you just erased.
- Erase the line of “X’s”.
- Write a line of capital “O’s” on top of the area you just erased.
- Erase the line of “O’s”.
- Keep doing this over and over, with a different letter each time, until you get tired.
At this point, if you haven’t erased the paper into oblivion, it’ll be impossible to decipher the original line of text you wrote.
That’s an “extended” delete. A good secure delete utility will write and overwrite the data several times, using multiple passes before calling it erased.
Which do you need?
There’s a good chance you don’t need secure delete at all. Most people don’t. No one’s coming to examine your previously deleted files, except maybe you, if you mistakenly delete something and want to recover it.
If there is some concern — be it privacy, security, or something else — an every-so-often free space wipe is probably more than enough for most people.
If you regularly deal with exceptionally sensitive, highly valuable data that is subject to theft or even espionage … well, then, an extended multiple-pass secure delete may be what you need. My understanding is that some businesses and governments require this.
Tools to use
While I’m sure that there are many others, here are three tools I’ve used in the past that I can recommend:
SDelete is a free command-line tool available from Microsoft that allows you to do everything discussed above: securely delete a file, securely wipe free space, and do either with multiple passes.
CCleaner is a free Windows cleaning utility that includes a “Drive Wiper”, a tool capable of both free space and non-system drive wiping, including multiple passes.
DBan, short for Darik’s Boot and Nuke, is a free utility designed specifically to erase hard drives, including your system drive, with the option of using multiple passes.