Best Free Secure Erase Utility

Data Recovery Risk

We've all heard the horror stories about someone buying a used hard drive at a flea market or garage sale and then finding tons of personal data left on the drive by the previous owner.

Or even worse, people getting their credit trashed by ID thieves that make their living by taking that information and using it to wipe you out financially.

"That would never happen to me," you say. "I'll delete all the files first" or "I'll re-format the drive before I trade it in or sell it." Not so fast there Scooter! That data you think you erased is still stored on the drive.

When you delete a file it isn't really removed from the disk. The file content remains on the disk until another file is written over it. Basically the same thing happens when you re-format a hard drive. Most of the data remains; the space on the drive is just made available to be written over.
 

Recommendations: Dealing with the Risk

To be as safe as possible, you must overwrite/erase/wipe both the slack space and free space. Also, the Windows swap file (a.k.a page file) could contain private data that you wouldn't want to have fall into the wrong hands.

• For wiping the free space on large hard drives, a single pass of random data should be more than sufficient (NIST Guidelines, CMRR, Wright -- all cited for easy reference at Wikipedia).

  The best policy is to wipe the free space regularly. I find almost nothing after a full free space wipe on a sizable drive. With just a single pass of random data, PC Inspector File Recovery only finds 0 byte nonsense files, or many nonsense files full of useless random data in my testing.

  But on smaller drives eraser programs tend to leave behind more files of random data, and the data may be recoverable to varying degrees depending on the quality of the erasing pattern.

• Since free space wiping takes so long, you may want to use file shredding in the meantime. For individual files and folders, note that the files can't "hide" as easily with an entire drive of erased random data, and some devices use wear leveling that may interfere with the effectiveness of wiping.

• Erasing the Page File isn't a normal feature of eraser programs. You can easily set Windows to delete it at shutdown with a registry setting (remember to backup the registry before making changes to it). These programs set the registry for you to automatically delete it at shutdown: Ultimate Windows Tweaker, XP-AntiSpy, or Microsoft Fix It. But you can also encrypt the paging file. You can encrypt it with Ultimate Windows Tweaker, with registry or Local Group Policy changes (see Seven Forums), or from a Command Prompt:

  Encrypt the Page File:
  1. Start a Command Prompt, elevating it in Vista or later
  2. Key in "fsutil behavior set EncryptPagingFile 1" (without quotes)
  3. Restart your computer

• If you need to erase a drive before getting rid of it, then Darik's Boot and Nuke (DBAN) is designed for wiping an entire drive, but be ready to spend time installing and updating windows from scratch afterward.

Eraser allows you to easily add tasks to securely erase selected files and folders, unused disk space (aka free space), cluster tips (aka slack space), and the recycling bin. Eraser can overwrite the data area with your choice of a variety of random data patterns (14 default patterns and a custom pattern creator). It comes with a very detailed built-in help file. And the forum seems quite responsive to questions and problems. It works with any drive (including IDE, SCSI, and RAID), and with FAT16, FAT32, and NTFS partitions.

It was very effective in my testing on a medium size hard drive (with 120+ GB partitions). After it erased the free space with a single pass of random data wiping ("simple pseudorandom data"), PC Inspector File Recovery only found 0 bit nonsense file names (none of which were recoverable). And it produced informative reports for files it could not erase, such as those in use.

If you consult its FAQ Forum section (here), you can also set it to wipe data in the Internet cache, temporary files, Internet cookies, and other custom locations, but CCleaner is easier to use for such cleaning (see below).

In the negative, it was fairly heavy in memory use. It also became heavier over time as I used the windows explorer extension to erase particular files/folders. If it starts to get too heavy, then I suggest deleting the "Task List.ersx" file (it will delete all your existing tasks, though). My task list file got around 200 MBs before I thought to delete it; it's located in your user folder under "AppData" > "Local", but you can just use the search box to find the file. I suggest exporting your existing tasks at an early stage to be able to import them later (in case the program starts to bulge). The new interface received a bit of criticism, but the underlying erasing engine surpasses the competition.

CCleaner is a unique and useful file shredder because it cleans a number of places where data can secretly lurk. It will help you scrub data left behind by web browsers and other applications (windows explorer, system temporary files, and excess files created by applications/utilities/windows). These are difficult to find and erase on your own, so CCleaner has advantages over other file shredders. Before it can erase the junk files that it finds, you must set it to erase what it deletes (Options > Settings > "Secure File Deletion").

It wipes the free space of a drive in "Tools" with a "Drive Wiper" (preset with four erasing methods). It also allows you to automatically wipe the free space during its normal cleaning: select "Wipe Free Space" (scroll down in the Windows tab to Advanced) and "Run Cleaner", but you still have to manually check/uncheck the "Wipe Free Space" option (to avoid waiting a lengthy time every time it runs).

Finally, it shreds custom files/folders, but you have to jump through a few hoops by manually selecting the file or folder (Options > Include), setting it to clean "Custom Files and Folders", and clicking Run Cleaner. Alternatively, you could delete files normally to the recycling bin and then have CCleaner erase it later. Other file shredders are much easier to use for erasing custom files/folders.

File Shredder - Despite its name, it has both free space wiping and file shredding capabilities. File Shredder has a small download size, simple interface, and it's very easy to use. It's a lot lighter than Eraser on active memory resources, but higher in CPU usage on my system. It lacks scheduling or a built-in help, and has very limited online help.

It uses a DoD (5220-22.M 3 pass) erase pattern by default, but it has four other patterns to choose from (versus the 14 patterns of Eraser). The default may be way too slow for free space wiping, so you may want to change it to one or two passes. The free space wipe works a little differently than Eraser, leaving behind more temp files of nonsense information (whereas Eraser doesn't usually allow recovery programs to read any bytes as recoverable). But I wasn't able to view anything of use from File Shredder's full wipe leftovers.

Eraser and File Shredder have explorer and context menu extensions, so you can right click on a file and send it to the erasing/shredding programs.

SDelete: A command line utility that securely erases using a default DOD 5220.22-M pattern at a specified number of passes. It can erase files/folders, or the free space of a drive. Like other erasers, it doesn't erase file names (instead it renames them 26 times). To quibble, I found it a bit less effective on a 1 pass wipe of free space than others above (some data was recognizable in PC Inspector's hex view, but not much of importance).

Since it has no interface, you have to use old school DOS commands, but you can easily copy and paste over the commands (you may have to use the context menu to paste). After you download it, open a command window (click Start > Run > type "CMD"), and then, for example, enter "sdelete -p 2 -z c:" (without quotes) to wipe the free space of C drive with two passes. See its download site and Bright Hub for guides.

Related Products for Erasing

• Revo Uninstaller: has an "Unrecoverable Delete" tool to shred files and an "Evidence Remover" tool to wipe the free space (editor review).
• Recuva: A recovery program that can erase individual files it finds (editor review).
• EraserDrop: From Erik Pilsits at PortableApps.com and the team behind Eraser, this flexible portable app sits on the desktop to allow for quick drag and drop erasing. It also performs free space wiping. Supports Windows 2000/XP/Vista/7.
• UltraShredder: It's small, easy to use, and will work from a USB flash drive. Supports Windows XP/2000/98/98SE.

A somewhat different alternative is Darik's Boot and Nuke (DBAN). It's used to construct a floppy disk or CD that will automatically wipe the hard drives of any PC that's booted from the disk. It's great for bulk disk cleaning of PCs, and is also useful as an emergency tool for quickly removing sensitive information. However, the power of this app makes it a dangerous tool in the hands of beginners.

Introduction Continued

When you delete a file it isn't really removed from the disk. The operating system (OS) only removes the reference to the file from the file allocation table. This is like going into a book or magazine and removing a chapter reference from the table of contents. The actual chapter is still in the book. The only thing removed was the page number reference in the table of contents. With the file location reference removed the OS now sees that disk space as being available for use.

The DOS and Windows file systems use groups of disk sectors, known as clusters, to store data. These clusters are of a fixed size which is normally determined by the size and number of partitions of the disk volume itself and the file system being used. If the data you're storing requires less space than a full cluster, the entire cluster is still reserved.

For example, you've saved a file that required 15.5 clusters of drive space. Because the OS can't reserve a half cluster, the allocation table had to reserve 16 whole clusters for the file. That remaining half cluster that was not used may still contain data from a previous file. That unused half cluster is known as "slack space".

Data recovery programs can read slack space and retrieve the data stored there. Even worse, let's say the file system places your 15.5 cluster file over the "unused" area of a deleted file that originally took up 35 clusters. More than half of the previous file would still be retrievable! You could have thousands of clusters on your hard drive (a.k.a free space) that contain data you thought was deleted! Scary thought, huh?

To test this idea, use a data recovery utility (such as Recuva or PC Inspector File Recovery) and see if it recovers any files.

You can also use recovery programs to check whether an erasing program successfully overwrites your data. Some data gets nicely erased down to 0 bytes, some mixes with other random data to create files of nonsense information, some fails to get erased (whether because it's in use or it's in a protected area), and some are more difficult and require free space wiping. Very little of consequence is leftover after free space wiping on modern drives.

Do You Need to Use 35 Passes?

The quick answer is "no." In the epilogue to Peter Gutmann's secure deletion paper, he notes the importance of huge hard drive sizes and the use of perpendicular recording on modern computers. He compares the thinking behind the wide use of his Gutmann 35 pass erase method to the belief in voodoo:

In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques... It will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive... If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.

Looking at this from the other point of view, with the ever-increasing data density on disk platters..., it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-canceling techniques. In particular the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.

Why Would Anyone Want to Erase?

• Identity theft is not pure paranoia. Someone could recover personal information from a computer you just sold or from a stolen computer, or perhaps even from malware. It would be very weird to shred all your paperwork and then treat your computer as a secret lock box. It's probably more likely for someone to recover your data electronically than to come to your house and look through your trash!
• If I delete something, I may actually want it deleted. Isn't it silly to throw something in the trash and then not take it out? Sometimes a file you delete will get overwritten, but it's not guaranteed and it may still be partially recoverable. Many file/drive cleaners now include secure erasing features, such as CCleaner, Revo, and most All-in-One cleaners. For these programs, erasing is just a natural extension of deleting files.
• I've found erasing very useful in partitioning since the built-in windows tools won't partition unless it detects enough extra free space. After erasing, I was suddenly able to partition my drive the way I wanted.
• I've seen some types of software regenerate. I've tried to delete files before and found them risen from the dead right after a restart. But not after erasing! Erasing might even prevent malware from using the same technique, but I'm not sure any exists that could.
• Many people like the idea of protecting their privacy. In the US, for example, liberty can only be removed after a due process of law (personal privacy isn't explicitly mentioned in the US Constitution, but it's inferred from the two due process clauses in the 5th/14th Amendments -- that all people have a right to life, liberty, property -- and the 4th Amendment search and seizure protections).
• Some organizations are required by law or policy to erase data; however, some of them use more extreme measures!

General Sources and Information

• Wikipedia Articles: Data Remanence, Data Erasure, Gutmann Method
• Peter Gutmann's Secure Deletion Paper: Inspired the Gutmann 35-pass erase pattern
• Why Information Must Be Destroyed (Part 2) - Ben Rothke
• Leave No Trace: How to Completely Erase Your Hard Drives, SSDs and Thumb Drives
• Isn’t Eraser only used by criminals?

• Best Free File Cleaner
• Best Free Program Uninstaller
• Best Free PC Tune-up Utility
• Probably the Best Security List in the World: File Shredders & Hard Disk Cleaning
• Best Free CD / DVD Burning Software: These are sufficient for erasing rewritable CDs/DVDs

This software category is maintained by volunteer editor admrich. Registered members can contact the editor with any comments or suggestions they might have by clicking here. 

eraser, secure erase utility, data erase, erase/wipe hard drive, erase sensitive data, secure delete, erase deleted files, securely erase data, eraser review, eraser 6, Darik's Boot and Nuke, File Shredder, CCleaner, SDelete