Subscribe to our Best Free Secure Erase Utility
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
We’ve all heard the horror stories about someone buying a used hard drive at a flea market or garage sale and then finding tons of personal data left on the drive by the previous owner. Or even worse, people getting their credit trashed by ID thieves that make their living by taking that information and using it to wipe you out financially. “That would never happen to me” you say. “I’ll delete all the files first” or “I’ll re-format the drive before I trade it in or sell it.” Not so fast there Scooter! That data you think you erased is still stored on the drive. When you delete a file it isn’t really removed from the disk. The operating system (OS) only removes the reference to the file from the file allocation table. This is like going into a book or magazine and removing a chapter reference from the table of contents. The actual chapter is still in the book. The only thing removed was the page number reference in the table of contents. With the file location reference removed the OS now sees that disk space as being available for use. However, the file content remains on the disk until another file is written over it. Basically the same thing happens when you re-format a hard drive. Most of the data remains; the space on the drive is just made available to be written over. The DOS and Windows file systems use groups of disk sectors, known as clusters, to store data. These clusters are of a fixed size which is normally determined by the size and number of partitions of the disk volume itself and the file system being used. If the data you’re storing requires less space than a full cluster, the entire cluster is still reserved. For example, you’ve saved a file that required 15.5 clusters of drive space. Because the OS can’t reserve a half cluster, the allocation table had to reserve 16 whole clusters for the file. That remaining half cluster that was not used may still contain data from a previous file. That unused half cluster is known as “slack space”. Data recovery programs can read slack space and retrieve the data stored there. Even worse, let’s say the file system places your 15.5 cluster file over the “unused” area of a deleted file that originally took up 35 clusters. More than half of the previous file would still be retrievable! You could have thousands of clusters on your hard drive (a.k.a free space) that contain data you thought was deleted! Scary thought, huh? The only true and permanent way to make data irretrievable is to completely and utterly destroy the hard drive. That action is probably a little more severe than you or I need. We really only need to make sure we are protected from data recovery programs and the like. That’s where the programs in this category come into play. To be as safe as possible, you must overwrite (erase) both slack space and free space. Also, the Windows swap file (a.k.a page file) could contain private data that you wouldn’t want to have fall into the wrong hands. |
|
Discussion
|
|
|
If Eraser is overkill for your needs, try 
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
5.8.7 
Unrestricted Freeware 
Windows 95/98/Me/NT/2000/20003 Server/XP/Vista/DOS
Delicious
Digg
StumbleUpon
Please rate this article
I don't understand why an erasing application doesn't give the option of replacing everything with nulls (or spaces). Is this due to operating system restrictions? Even if it's an efficiency issue, I would still want to have the option. I would rather wait longer than leaving any chance of recovery.
Everytime I erase something with eraser (Using the uber-setting of Gutman-32), Recuva easily finds some of the files, what gives? I did better using Gutman-32 option in Ccleaner.
I think it can see the file name but not actually recover the file, maybe you could try to recover some to make sure.
How about East-Tec Eraser 2008?
CyberShredder
http://cylog.org/utilities/cybershredder.jsp
Hi Guys if ya after wiping a full drive just use a ubuntu disk and format with ext3 or ext4 job done ya wont get anything back after that when ya run recuve no way have fun.....
Format, even on linux, is not at all a secure erase tool. Most of the data is untouched.
Very true.
dd if=/dev/urandom of=/dev/hda
get's the job done though. Good luck recovering anything after that :)
thanks very much for this article
Regards
________
sohbet
Has anyone tried Hard Disc Scrubber? See http://www.summitcn.com/hdscrub.html
I saw this mentioned on a PC magazine "top freeware" site.
I Use The Free Edition Of Active Kill Disk.
The Only Thing I Hate About It Is The 1 Pass Limitation.
DBAN Does Not Seem To Work On My 2 500GB Sata Drives.
Just thought I would add my thoughts, as even though this topic is now old, as some people appear rather confused.
If you require good basic security, use Eraser with 1 or 2 wipe passes: the result will be job done. If you need to wipe a disk before disposal use Dariks Boot and Nuke, with one or two passes - again job done.
If you really require good security, encrypt all hard disks BEFORE use, with something like Truecrypt. You can choose your paranoia level by selecting various options, like two or three factor authentication etc. this way, when you dispose of your PC or hard disk, you will not need to perform any wipe procedure - just detroy the encryption keys instead. The other benefit of this method is that the data will also be protected if you PC gets stolen.
The downside is that if you loose your 'keys' AND / OR if you have a hard disk failure, you're pretty much stuffed.
Therefore, before embarking on the 'Full Disk Encryption' route, I would heartily recommend investiing some time and effort in getting your backup procedure sorted :-)
Tim.
The program that I have been using is called "Sure Delete". It not only shreds files and folders it will also shred the empty space on your drive.
* When you delete files in Windows by moving them into Recycle Bin - all the data remains on your hard disk.
* Windows just mark the file/s location as free.
* What does this mean ?
* This means that anyone with proper software can recover this data.
* Ask yourself this question "Do I want everyone to see what I've done on this computer?"
* What you need is Sure Delete.
* Sure Delete is a tool for Windows based computers to completely remove data from your hard drive.
* No more worrying if your sensitive data can be recovered.
* No more headaches.
* Sure Delete offers a file shredder as well as HD cleaner.
http://www.docsdownloads.com/Tier1/sure_delete.htm
Eraser has its strengths but secure erasing slack space etc. is not one of them. Try doing so in Eraser then running a Recuva everywhere all-file deep scan and you will be amazed at what is still on your disk. I run Vista but I don't think that this makes a difference as Eraser is run in administrator mode. I've tried various erase software but still haven't found one that does the business in secure erasing file names and data for all except valid current MFT entries.
Yes, in the end of the process you will get a long 0 KB list, MFT doesn't seem to be processed. But it is. Those 0 KB files are created like normal files until all the free space is occupied (in order to overwrite all the free space) then they are deleted. So I disagree with your statement, because there´s nothing to recover there, Eraser does what is supposed to do.
No it doesn't, certainly not on Vista anyway. Recuva's deep scan is evidence of that, finding many thousands of recoverable files, including images. Perhaps Eraser hasn't got around to implementing that feature on Vista yet, which is a shame.
I'm using Vista ONLY ! Currently, Eraser cannot remove files under winsxs - that's not recommended anyway - but that's it, all the rest is erased.
I doubt that very much. Perhaps someone else would like to do the test - take one well-used Vista machine, run Eraser to clear all unused space (including cluster tips) on the disk, then afterwards run Recuva in Deep Scan mode. Report back what you see. I do like Eraser a lot but it doesn't do what it claims to do.
Have you tried recovering the files?
Thanks
In your opinion are the shredders available in all-in-one type programs such as Ashampoo Winoptimizer or Axcrypt good enough or would it be safer to opt for one of these specialized tools? In particular Ashampoo has a few settings available like auto-rename before shredding and three levels of wipe. Both these programs integrate into the right-click context of windows and I don't want to clutter up my menus with more unnecessary cr*p. I've had a few problems with Eraser and uninstalling it was a nightmare so I'd be nervous about using it again.
Thanks!
Eraser is probably the best freeware choice, because it has features, thoroughness, and configurability not present in non-specialized programs. For example, when overwriting files, Eraser can overwrite cluster tip area, file names, and alternate data streams; when overwriting unused disk space, it can overwrite the cluster tip area, directory entries, and master file table records (or, at least, it claims to do so).
I've also had problems with previous versions of Eraser (system hangs, right-click context menu anomalies, etc.), but everything has run smoothly with version 5.86a. Just in case you need to completely (and much more easily) uninstall Eraser again, make sure to use programs like ERUNT ( http://www.larshederer.homepage.t-online.de/erunt/ ) and TOTAL UNINSTALL ( http://www.freewarearena.com/html/Downloads/details/id=1867.html ) before installing Eraser (or any other program). A.K.
Thanks for your reply, I know I will give Easer another try as for the most part it is an excellent product and nothing else really does the job to the same standard.
Eraser portable version http://portableapps.com/apps/utilities/eraser_portable
there's a portable version of Eraser at PortableApps.com
hi,
can somebody help me that why my eraser's version is 5.86.1 ,but when i was downloading it i thought the version is 5.86a ?
i tried to register and ask from hidi site but without result .
regards . adam
Can you still store new files on your hardrive once the cleaning is done?
Of course, what do you think, that secure deletion will create unallocated space (=unformated) ?
Are you recommending Eraser to erase unused HDD space ? I wan't to get rid of System Restore left-over pieces.
I need to know what is the best program to use to toltaly remove all unwanted files. I kid down loaded some porn and I want to remove it from my hard drive. I am on probation and If they come in and check my computer and find this crap I am up sh**s creek with out a pattle. Can you help me
mlctlc0@verizon.net
Also try the parental section. Vista has a lot of parental controls bundled, try googling it.
Try Eraser.
Ive tested many programs such as Eraser, bc wipe, windows washer etc. All up to date as of today 8/12/08. i use different options such as quick wipe, 3 pass wipe, 7 pass and was able to recover files using different consumer recovery programs such as file recovery , power data recovery etc. However, those recovery programs could not recover files shredded by "east tec eraser 2008". even the 3 pass (RLL) was sufficient enough for data to be unrecoverable with consumer recovery software. If you are really paranoid there is an option in east tec eraser to configure how you want it to erase your files. my buddy works for a computer company and has the hardware to recover data that can still recover files after being pass wiped 35 times. the default 35 gautman is ok but is still recoverable. I tweaked the settings to pass wipe 35 time with my own design and the hardware was unable to recover.
1) How did you configured "East Tec Eraser 2008" so that
a Hardware -Not Software- File Recovery was Impossible?
2) Can you, please, test R-Wipe&Clean 8.0
against your -Hardware- File Recovery method?
Thank you!
Hi
Were you able to see the names of the files you erased or did you actually recover it?
Thanks
what do you mean? some tests that i have done did not recover the file name but recovered the file. some recovery programs can recover the file and file name, depending on the level of wiping you use.
Hi
I've heard that in most cases even a one pass overwrite is enough, because there are many many files to recover so someone trying to recover it will have to know what to look for.
all they would have to do is run the software recovery or use hardware to recover all raw data that can possibly be read from a drive, then let the software put it all together to be readable. It just depends on the technology being used to recover.
I have an old 30gb hard drive that i have been using from 2002 till feb 08. I know i have formatted it, reinstalled windows at least 4 times a year and used it heavily. I decided to recover as much as i could. when the recovery was done there was over 200gb of data that was available for recovery. I recovered and saw alot of .docs that was dated 2003 that i thought was deleted. There were a bunch of personal pictures, alot of it was web temp files and cache. cached pictures of websites i used to browse.
I did 3 pass wipe on the drive and was still able to recover roughly 150gb and some files were unreadable or the jpgs would only show the top half of the picture. but the most recent files were still intact.
did the 7 pass, still able to recover, then went to the 35 pass and jpgs were no longer recovered but a few documents were still readable. did another 35 pass wipe and i could not recover anything.
So , when someone wants to retrieve information from your HD all they have to do is recover everything possible and then look over all recovered files as if they were browsing on your computer.
One complete overwrite is all that's needed. And it doesn't have to be random.
Nobody can recover anything after that from modern drives.
Hi
Thanks for the information. But what I don't get is why you'll need more than one 35 pass, wouldn't they be over writing the exact same files with the exact same method?
Thanks
Jonathan,
The Gutmann method overwrites using 27 different patterns. The order the patterns are written in is randomised per cluster. If you knew which order they were written in you could fairly easily recover the data with hardware forensics. Even when the order is randomised, using a combination of hardware forensics and complex algorithms you can still recover the data. In fact, the algorithms are very simple but because the patterns could have been written in any of (27!) orders, the recovery would take a long, long time.
Will
BCWipe is my favoured application - it wipes free space, file slacks and the swap file (and you can choose which of these options to activate). It includes the Guttman recommended method (35 wipes - although this will obviously be VERY time consuming with large/relatively empty drives), and the DOD 7 wipe system. You can also set it up for a quick single wipe (or N wipes). I can't fault it, and I think it's available for most flavours of Windows (haven't checked for Vista) and linux.
Peter
What if you install Ubuntu 8.04 on a Windows PC, reformatting the entire drive? Do older Windows files survive that?
How does defragging a drive affect free space, slack space and deleted files?
The process of defragging simply means that the existing files are consolidated on disk so as to minimize the number of non-consecutive locations on disk are occupied by the same file. Ideally, each file would be located in physically contiguous sectors on the disk.
When this occurs, the amount of total free space on disk is maximized, and the amount of slack is minimized. Slack cannot be ever 100% eliminated unless all files and folders occupy a multiple of the exact number of bytes in each sector of the drive.
And since the files can now be read and written with a minimum number of "moves" of the disk read/write head, the system throughput is optimized.
And one last benefit - a file which is less fragmented on the disk is easier to recover in the event you need to do so.
And one last drawback - after you defrag, you will not be able to recover deleted files, as it is likely that the physical sectors those deleted files occupied are now re-used by a different file. Gone for good and ever, as we say...
Another option is the AXCrypt program that is mainly used to encrypt/decrypt files, but also has a secure delete ("shred") option.
Website: http://www.axantum.com/AxCrypt/
Download Link: http://www.axantum.com/AxCrypt/Downloads.html
Author: Axantum Software AB
Version: 1.6.4.4
Date: July 2008
Download file size: 1.4 MB
License: Free (Open Source)
Operating systems supported: Windows 2000, 2003, XP and Vista
64 Bit version available: No (regular version runs on 64-bit, but not the shell extension part)
Portable version available: No
Other languages supported: Spanish & French manual available. I have not checked whether program itself provides non-English menus
Additional software required: No
I recently got annoyed at some reappearing files. I uninstalled Office, and all the files came back. Then I just deleted them all since the uninstall was gone. They all came back! But then I set Crap Cleaner at Gutmann 35 pass secure file deletion, I deleted those files again to the Recycle Bin, and set Crap Cleaner to cleaning out the recycling bin. Come back, files no more!
Also, Glary Utilities has an option to wipe free space in its file shredder.
The JKDefragGUI has a washer as well.
All of these will only erase a formatted volume NTFS partition in Windows XP/Vista.
I would like a utility that will secure erase a phyiscal volume, and not just limited to logical volumes (NTFS partitions) that I have already deleted in Windows Disk Management.
DBAN can do physical volumes, but what about a windows utility that can erase a external usb drive that is connected without rebooting.
I found one called Active KillDisk but it requires booting DOS from a floppy...
http://www.killdisk.com/features.htm
Many notebooks no longer come with floppy drives, and many are now omitting optical DVD drives as well.
Guess I have to create a bootable USB thumb? Its ok i guess, but still a bit of a hassle. :(
Anybody know of one that runs in windows without rebooting?
Thanks.
Will using the Recovery CD Rom that came originally with the computer wipe everything out? including free space? shortcuts? filenames? history etc? and leave the computer like a new one? SydAnon
Only way to know for sure is to read the documentation that came with the recovery CD. Look on the PC website too. My guess, and its only a guess, is one of two things will happen. It will either re-load original files on top of the existing files or it will format and do a "clean" re-load. If the first one happens all your added data and shortcuts will probably be there when finished. Some of your added software may not work if updated system files were written over by older versions. You'd have to re-load the non-working application to fix that problem. If the second one happens you'll definitely have to re-load all applications and any data and shortcuts you added would be gone too (well, not really gone, but you'd have to use a recovery program to try and get them back as best you could.)
Many thanks! much appreciated.