Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet â FREE Edition as my thank you for subscribing!
There's deleted, and there's deleted. Secure delete is one approach to making sure your files can't be recovered.
Weâve long been told that when a file is deleted, its contents are not actually removed. Instead, the space the file formerly occupied is marked as âavailableâ for another file to be written to later. Until that overwrite happens, the original, deleted information is still there.
This is the basis for many undelete and other data-recovery utilities. Itâs also why most of those utilities recommend you stop using your disk if you accidentally delete something.
But what if you really want it gone? Thatâs where a technique called âsecure deleteâ comes into play.
At its simplest, a secure delete overwrites the area on the disk where the fileâs data resides, or used to reside, with random data. Once securely deleted, the previous data is no longer available.
Secure delete utilities generally either delete an existing file or overwrite all unused space.
Instead of deleting a file using whatever normal commands you might use, you use the secure delete program. It carefully ensures that the fileâs contents are overwritten as part of the deletion. This is typically a quick operation, since it overwrites information only for the specific file or files you tell it to delete.
If the files youâre concerned about have already been deleted, an alternative is the âfree space wipeâ. This process writes data to all areas of your disk that arenât currently in use â the âfreeâ space. The net effect is the same: the contents of all previously-deleted files are overwritten. This can take more time, depending on how much free space your disk currently has.
A basic secure delete renders your data unrecoverable to most common forensic and data recovery tools.
Unfortunately, I did say âmostâ, and thatâs where what Iâll call âextendedâ secure delete comes into play.
Extended secure delete
The best way to grasp this concept is to grab a pencil with an eraser.
Write something on a piece of paper. Thatâll be the equivalent of creating a file on your hard disk.
Draw a line through what youâve just written. Thatâs kind of equivalent to a ânormalâ delete. You can still see the data, but the line through it says, âThis has been deleted; ignore itâ.
Using the pencilâs eraser, erase what youâve written, including the line. Thatâs roughly equivalent to a basic secure delete: you actually physically remove what youâd written.
At this point, thereâs a good chance you can still kind of/sort of see what you had written before.
The same is true for magnetic media like hard disks. With the right equipment â which typically means taking the hard disk apart in a clean room and using some extremely high-powered analysis tools â itâs possible that even overwritten data can be partially recovered, just like you could sort of make out what you had written in pencil and then erased.
Recycle Bin isnât delete
If you âdeleteâ a file and you can find it in your Recycle Bin, it hasnât really been deleted at all. Itâs simple been moved to a different folder.
The types of deletion discussed here involve what is usually referred to as a âpermanentâ delete.
Letâs continue with the pencil and eraser example.
Write a line of capital âAâsâ on top of the area you just erased.
Erase the line of âAâsâ.
Write a line of capital âXâsâ on top of the area you just erased.
Erase the line of âXâsâ.
Write a line of capital âOâsâ on top of the area you just erased.
Erase the line of âOâsâ.
Keep doing this over and over, with a different letter each time, until you get tired.
At this point, if you havenât erased the paper into oblivion, itâll be impossible to decipher the original line of text you wrote.
Thatâs an âextendedâ delete. A good secure delete utility will write and overwrite the data several times, using multiple passes before calling it erased.
Which do you need?
Thereâs a good chance you donât need secure delete at all. Most people donât. No oneâs coming to examine your previously deleted files, except maybe you, if you mistakenly delete something and want to recover it.
If there is some concern â be it privacy, security, or something else â an every-so-often free space wipe is probably more than enough for most people.
If you regularly deal with exceptionally sensitive, highly valuable data that is subject to theft or even espionage ⊠well, then, an extended multiple-pass secure delete may be what you need. My understanding is that some businesses and governments require this.
A note about SSDs
Note that âextendedâ secure delete applies to traditional magnetic hard drives only. SSDs donât suffer from the same issue, and overwriting an SSD multiple times on any regular basis runs the risk of severely shortening its lifespan.
Tools to use
While Iâm sure that there are many others, here are three tools Iâve used in the past that I can recommend:
SDelete is a free command-line tool available from Microsoft that allows you to do everything discussed above: securely delete a file, securely wipe free space, and do either with multiple passes.
CCleaner is a free Windows cleaning utility that includes a âDrive Wiperâ, a tool capable of both free space and non-system drive wiping, including multiple passes.
DBan, short for Darikâs Boot and Nuke, is a free utility designed specifically to erase hard drives, including your system drive, with the option of using multiple passes.
I use CCleaner and PrivaZer . PrivaZer will clean your computer and leave it like brand new. Runs very smooth after using this software and, best of all itâs free. I use it once every 2 months and sometimes once a month. Try itâŠ.youâll love it.
I think the above needs some clarifications for changes to both hard disk drives and solid state drives over the last 10 years. (My job at a local computer repair shop is to wipe and re-certify for sale HDs â making sure that any old information is not retrievable and the drive is suitable for sale.)
Bob may be confusing âSecure Eraseâ and âExtended Secure Eraseâ, (the ATA commands) with secure delete, the commonly used term for a higher level of deleting files by a user. The former terms are defined by the ATA specification and is implemented differently by different manufacturers. I know of no Windows programs that implement Secure Erase; the Parted Magic Linux boot disk has a good implementation. These commands do not write data to a drive, unstead they effectively tell the drive to wipe itself. They are only drive-level commands, not used for files, folders or partitions. While a drive is running secure erase it ignores any input until the wipe is complete.
Per Scott Moulton of âMy Hard Drive Diedâ (a data recovery company) a *single* pass of even just zeros is sufficient to wipe all information from HDs made since 2006. (See, or rather listen, http://podnutz.com/mhdd027/ starting a 36:15. Yes, I was the one asking the question.) There was, at one time, âextremely high-powered analysis toolsâ that could read-around and read-through written data on a MFM and RLL tracks, but technology has changed so much that this is no longer possible.
User programs wipe the places the user can access, but thatâs not all the places data exist on a HD. For those other places, one needs to use the âsecure eraseâ as noted above. This is especially true with Solid State Drives (SSDs), in which what and where data is actually written may bear no relationship to what the operating system thinks. The OS does not need to know, only the SSD knows. To wipe a SSD use the tool provided by the manufacturer to do so.
Bobâs companion piece, âAre There Hidden Files that Save Every Keystroke Iâve Ever Typed?â also comes into play here. Even though a user may think they have securely deleted a file, the OS may have squirreled a copy away somewhere else like the swap or hibernation file, a temp file made during editing, or even older versions of the same file. These are exactly the areas forensic investigators look for evidence. There is no need, or ability, to look âunderâ long strings of zeros; there are lots of other places that contain easily read (if not easily interpreted) data.
And it must be said that if the drive fails or reports errors all bets are off. There is no way to know if data exists on it or not. Broken drives may be repaired and data recovered, but for the person trying to wipe a drive with problems the best thing to use the âol drill and hammer technique and destroy the drive.
Amen. To totally erase a full-disk encrypted disk just throw away the key. Done. No writing or over-writing needed; no worry about deleted or âsquirreled away copies,â it is literally instant.
I usually place precious files, e.g. a bank statement or tax-prep programâs PDF output in the Desktop folder, because itâs easy to do. Then I move the files to an external USB drive, and overwrite the Desktop file using AxCryptâs âShred and Deleteâ button in the file iconâs context-menu popup.
I started using this three-step procedure when I had to take my machine to a computer shop to get it working after Windows 10 bricked it. The C drive had the remnants of files I had merely âdeletedâ, as Leo describes. The shopâs personnel probably had better ways to spend their time than browsing my deleted files, but one never knows. And I found that TaxCutâs working files were on the C partition, as was the TaxCut executable. I think the files were encrypted, but that was useless, since the executable ran without demanding a password. (I now install programs on my external USB drive.)
So what exactly is the difference between these secure erase tools and holding down Shift while deleting a file in Windows/File Explorer (the so-called âpermanently deleteâ)?
In windows explorer delete simply moves the file to the recycle bin. Thatâs not a delete as I mention in the article. SHIFT makes it a ârealâ delete.
It depends on how securely you deleted everything and her skills in finding things. Your only choice to completely delete everything is to totally ânukeâ the drive. And then start over with a new operating system.
Could you please tell me what program I need to make sure deleted text and deleted photos are permanently deleted on galaxy s7âŠi have secure eraser installed and use it oftenâŠhow often do I need to run it to secure deleted text and photos?
You mention Secure Eraser. Thatâs a viable option. As for how often to run it, that depends on what kind of files youâve deleted from your phone. Iâve youâve recently deleted some sensitive files, you might want to run it at that point. Or you can use it to directly delete files you donât want to be recoverable.
Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.
I want comments to be valuable for everyone, including those who come later and take the time to read.
I use CCleaner and PrivaZer . PrivaZer will clean your computer and leave it like brand new. Runs very smooth after using this software and, best of all itâs free. I use it once every 2 months and sometimes once a month. Try itâŠ.youâll love it.
I think the above needs some clarifications for changes to both hard disk drives and solid state drives over the last 10 years. (My job at a local computer repair shop is to wipe and re-certify for sale HDs â making sure that any old information is not retrievable and the drive is suitable for sale.)
Bob may be confusing âSecure Eraseâ and âExtended Secure Eraseâ, (the ATA commands) with secure delete, the commonly used term for a higher level of deleting files by a user. The former terms are defined by the ATA specification and is implemented differently by different manufacturers. I know of no Windows programs that implement Secure Erase; the Parted Magic Linux boot disk has a good implementation. These commands do not write data to a drive, unstead they effectively tell the drive to wipe itself. They are only drive-level commands, not used for files, folders or partitions. While a drive is running secure erase it ignores any input until the wipe is complete.
Per Scott Moulton of âMy Hard Drive Diedâ (a data recovery company) a *single* pass of even just zeros is sufficient to wipe all information from HDs made since 2006. (See, or rather listen, http://podnutz.com/mhdd027/ starting a 36:15. Yes, I was the one asking the question.) There was, at one time, âextremely high-powered analysis toolsâ that could read-around and read-through written data on a MFM and RLL tracks, but technology has changed so much that this is no longer possible.
User programs wipe the places the user can access, but thatâs not all the places data exist on a HD. For those other places, one needs to use the âsecure eraseâ as noted above. This is especially true with Solid State Drives (SSDs), in which what and where data is actually written may bear no relationship to what the operating system thinks. The OS does not need to know, only the SSD knows. To wipe a SSD use the tool provided by the manufacturer to do so.
Bobâs companion piece, âAre There Hidden Files that Save Every Keystroke Iâve Ever Typed?â also comes into play here. Even though a user may think they have securely deleted a file, the OS may have squirreled a copy away somewhere else like the swap or hibernation file, a temp file made during editing, or even older versions of the same file. These are exactly the areas forensic investigators look for evidence. There is no need, or ability, to look âunderâ long strings of zeros; there are lots of other places that contain easily read (if not easily interpreted) data.
And it must be said that if the drive fails or reports errors all bets are off. There is no way to know if data exists on it or not. Broken drives may be repaired and data recovered, but for the person trying to wipe a drive with problems the best thing to use the âol drill and hammer technique and destroy the drive.
Amen. To totally erase a full-disk encrypted disk just throw away the key. Done. No writing or over-writing needed; no worry about deleted or âsquirreled away copies,â it is literally instant.
I usually place precious files, e.g. a bank statement or tax-prep programâs PDF output in the Desktop folder, because itâs easy to do. Then I move the files to an external USB drive, and overwrite the Desktop file using AxCryptâs âShred and Deleteâ button in the file iconâs context-menu popup.
I started using this three-step procedure when I had to take my machine to a computer shop to get it working after Windows 10 bricked it. The C drive had the remnants of files I had merely âdeletedâ, as Leo describes. The shopâs personnel probably had better ways to spend their time than browsing my deleted files, but one never knows. And I found that TaxCutâs working files were on the C partition, as was the TaxCut executable. I think the files were encrypted, but that was useless, since the executable ran without demanding a password. (I now install programs on my external USB drive.)
I hope youâre creating a backup copy of the files somewhere like a second or third USB drive as data is always subject to loss.
So what exactly is the difference between these secure erase tools and holding down Shift while deleting a file in Windows/File Explorer (the so-called âpermanently deleteâ)?
In windows explorer delete simply moves the file to the recycle bin. Thatâs not a delete as I mention in the article. SHIFT makes it a ârealâ delete.
So i am giving my pc to my gf with my hard drive. I formated my hard drive but could she still see my browsing history from formated hard disk?
It depends on how securely you deleted everything and her skills in finding things. Your only choice to completely delete everything is to totally ânukeâ the drive. And then start over with a new operating system.
If i do everything you listed above will that work?
Yes, if you securely delete everything on you hard drives, you wouldnât have any remaining traces of files.
https://askleo.com/dban-dariks-boot-nuke/
Probably not.
Could you please tell me what program I need to make sure deleted text and deleted photos are permanently deleted on galaxy s7âŠi have secure eraser installed and use it oftenâŠhow often do I need to run it to secure deleted text and photos?
You mention Secure Eraser. Thatâs a viable option. As for how often to run it, that depends on what kind of files youâve deleted from your phone. Iâve youâve recently deleted some sensitive files, you might want to run it at that point. Or you can use it to directly delete files you donât want to be recoverable.