Subscribe to our Best Free Secure Erase Utility
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
Data Recovery Risk We've all heard the horror stories about someone buying a used hard drive at a flea market or garage sale and then finding tons of personal data left on the drive by the previous owner. Or even worse, people getting their credit trashed by ID thieves that make their living by taking that information and using it to wipe you out financially. "That would never happen to me," you say. "I'll delete all the files first" or "I'll re-format the drive before I trade it in or sell it." Not so fast there Scooter! That data you think you erased is still stored on the drive. When you delete a file it isn't really removed from the disk. The operating system (OS) only removes the reference to the file from the file allocation table. This is like going into a book or magazine and removing a chapter reference from the table of contents. The actual chapter is still in the book. The only thing removed was the page number reference in the table of contents. With the file location reference removed the OS now sees that disk space as being available for use. However, the file content remains on the disk until another file is written over it. Basically the same thing happens when you re-format a hard drive. Most of the data remains; the space on the drive is just made available to be written over. The DOS and Windows file systems use groups of disk sectors, known as clusters, to store data. These clusters are of a fixed size which is normally determined by the size and number of partitions of the disk volume itself and the file system being used. If the data you're storing requires less space than a full cluster, the entire cluster is still reserved. For example, you've saved a file that required 15.5 clusters of drive space. Because the OS can't reserve a half cluster, the allocation table had to reserve 16 whole clusters for the file. That remaining half cluster that was not used may still contain data from a previous file. That unused half cluster is known as "slack space". Data recovery programs can read slack space and retrieve the data stored there. Even worse, let's say the file system places your 15.5 cluster file over the "unused" area of a deleted file that originally took up 35 clusters. More than half of the previous file would still be retrievable! You could have thousands of clusters on your hard drive (a.k.a free space) that contain data you thought was deleted! Scary thought, huh? Secure Deletion: Dealing with the Risk The only true and permanent way to make data irretrievable is to completely and utterly destroy the hard drive (especially if a government sends your hard drive to a multi-million dollar forensic laboratory for a full microscopic analysis!). Except for cheap flash drives, destruction is probably a little more severe than you or I need. We really only need to make sure we are protected from data recovery programs and the like. That's where the programs in this category come into play. To be as safe as possible, you must overwrite (erase) both slack space and free space. Also, the Windows swap file (a.k.a page file) could contain private data that you wouldn't want to have fall into the wrong hands. In the epilogue to Peter Gutmann's secure deletion paper, he notes the importance of huge hard drive sizes and the use of perpendicular recording on modern computers. In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques... It will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive... If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now. Looking at this from the other point of view, with the ever-increasing data density on disk platters..., it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-canceling techniques. In particular the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero. Recommendations Thus for wiping of free space, a single pass of random data should be sufficient on large hard drives (and it's all that is really practical time wise anyways, but if you're very concerned about wiping your data, you could use 2-3 passes of random data if you're particularly paranoid) (NIST Guidelines, CMRR, Wright -- all cited for easy reference at Wikipedia). For individual files and folders, note that the files can't "hide" as easily with an entire drive of erased free space. Some erasers try to counter this problem by using high erase patterns for individual files/folders, such as a Gutmann 35 pass, but I've found it quite easy to recover at least some individual files even after using several different high pass erasing programs in succession. To test any erase task, use a data recovery utility and see if it recovers the file. Some files get nicely erased down to 0 bytes or to nonsense information, but some are more difficult and require free space wiping. In the short term, you could scan for recoverable files and erase any leftover files with Recuva (right-click on the file to get its erasing feature). But the best policy is to wipe the free space regularly, or on-demand when you really get in an erasing mood. I find almost nothing after a full free space wipe on a sizable drive. With just a single pass of random data (using Eraser), PC Inspector File Recovery only finds 0 byte nonsense files for me. Eraser now suggests that erasing the Page File needs to be done by Windows with a configuration setting. This may be done with the Ultimate Windows Tweaker (in "Additional Tweaks") or with these suggestions: See the MICROSOFT KNOWLEDGE BASE (http://support.microsoft.com/kb/314834/) for deletion instructions. Encrypt the Page File |
|
Discussion
|
|
It can handle FAT16, FAT32, and NTFS partitions. Erasing files with a high level of security will always be a difficult and time consuming task, and absolute 100% safety cannot be guaranteed. However, Eraser makes the task about as easy as it can be, at a security level that exceeds most conceivable requirements. Both Eraser and File Shredder have explorer and context menu extensions, so you can right click on a file and send it to the erasing/shredding programs.
It uses a DoD (5220-22.M 3 pass) erase pattern by default, but it has four other patterns to choose from (versus the 14 patterns of Eraser). The default may be way too slow for free space wiping, so you may want to change it to one or two passes. The free space wipe works a little differently than Eraser, leaving behind more temp files of nonsense information (whereas Eraser doesn't usually allow recovery programs to read any bytes as recoverable). But I wasn't able to view anything of use from File Shredder's full wipe leftovers.
Related Cleaners for Both File Shredding & Full Free Space Wiping For low resource alternatives that work similar to File Shredder try these:
Related Cleaners for Individual Files/Folders Shredding Only
|
|
General Sources and Information
Other TSA Articles Mentioning Secure Erasers
Find more free software at The Editors' Choice List: Our Selection of the Best PC Freeware! |
|
Have Your Say
|
|
You are invited to share and discuss your views in our freeware forum. To post in the forum you need to register first but that's quick and immediate. Alternatively, anyone can leave a comment at the bottom of this page. You can also help us by rating this review at the end of the article. |
|
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
6.0 
Unrestricted Freeware 
Windows XP/Vista/Server 2003 & 2008/Windows 7
|
Editor
|
| This article is maintained by volunteer editor Rizar. Registered site users are allowed to edit and improve this article wiki-style. |
|
Tags
|
|
eraser, secure erase utility, data erase, erase/wipe hard drive, erase sensitive data, secure delete, erase deleted files, securely erase data, eraser review, eraser 6, Darik's Boot and Nuke, File Shredder |
Delicious
Digg
StumbleUpon
Please rate this article
What would be the best tool for simply blanking out a file (or directory), so it is not seen by recovery tools?
**************************
(I think i have some lost files on a drive, so I want to remove known files completely so that they are not "seen" by recovery tools later if I try to recover.
I though Recuva had this option for "found" files, but it is not so clear how it works.
I thought I should post this in case anyone looking for erasers wants to try it out before it expires.
http://www.techsupportalert.com/content/free-download-east-tec-eraser-20...
I would like to wipe my free space on my laptop...which product would be best for that? I am aware of users having more than just the intended free space wiped and having to reinstall the OS.Also do you recommend some type back up before hand? I so which one? Please in layman's terms as I am new to the pc world.This inquiry perhaps should have been in the reg cleaner section-sorry if that is the case.
Hi,
I never had problems with free space erasing so far.
I always recommend backing up. It's certainly a necessity if you run a registry cleaner of any kind.
What is your Windows version? Sometimes they have excellent backing up features built-in.
Hi Rizar-I am using Vista SP2.You may answer this in your next reply anyway but, again which free space erase utility do you recommend?
I like to use Eraser for free space wiping. It seems to do the best job overall and it allows for scheduling.
If you have Vista Ultimate/Business editions you can use the windows backup program. Control Panel > enter "Restore and Backup Center" in the search box > Create a Windows Complete PC Backup and Restore Image.
You probably have Home Edition; it's the most common. It doesn't have a full drive image feature. So you have to install a complete backup imaging program.
The best way to backup is to have (1) a partial backup of your personal files (http://www.techsupportalert.com/best-free-backup-program), (2) a complete backup image (http://www.techsupportalert.com/best-free-drive-imaging-program.htm), and (3) have restore points enabled (they are by default).
So if you have problems, you work backwards. (3) Go into the Control Panel and type "Backup" in the search box > Backup and Restore Center > Repair Windows using System Restore. And then you can use restore points to see if they correct your problem.
(2) If that doesn't fix your problem, you can use a full backup drive image. Step 2 is one of the most important to get right. Make a drive image after you reach a "safe" point where computer has zero significant problems. If you have questions, it would be best to visit the forum (http://www.techsupportalert.com/freeware-forum) and ask about creating and testing a drive image.
(1) Backing up your personal files is only used as a safeguard; it allows you to restore any personal files and recent document changes that might not be in your latest drive image. So if you have major PC problems and have to use a full restore image, then you will have a backup of the most important files. And in any case, it gives you an additional backup of them. Plus, if you have to re-install windows completely. For example, if your drive image doesn't work, then you will at least have a backup of your key files.
Here are Gizmo's Partitioning/Imaging Guides to Avoid Ever Having to Re-install Windows:
http://www.techsupportalert.com/partitioning-hard-drives-1.htm
http://www.techsupportalert.com/partitioning-hard-drives-2.htm
http://www.techsupportalert.com/partitioning-hard-drives-3.htm
Great reply! Thank you! I will post further on the forum per your suggestion.
hey guys do you use WIPE ..what i don't know is if this or which can clean correctly the flash cookies...
i think this WIPE does a good job.
Which product mentioned here (or any other) would be best for wiping a pc hard drive before giving it away? The recipient will install XP on the comp when it is received...It is currently not connected to the Internet so I will have to use an app from a CD or flashdrive.
Darik's Boot and Nuke if you have installation disks to get a new OS up and running. Some other options are here, see Hard Disk Cleaning:
http://www.techsupportalert.com/content/probably-best-free-security-list...
Otherwise, use Eraser to wipe most data remnants (copy the setup file for Eraser to a flash drive and install it to the computer).
Hi Rizar. If using either DBAN or Eraser will the new owner be able to simply reinstall XP with the installation disc included when I bought the pc? We are trying to avoid complicated procedures when reinstalling.From some reports on the web it seems as if it can get complicated if certain programs are used to wipe or erase...I simply want to erase fully and then allow the recipient to reinstall XP...Thanks for your help
Hi, DBAN is geared for bulk or emergency hard disk wiping, but it's the perfect choice for what you want if it works as expected. After its erasing, you should be able to format the drive and install XP with the installation disks.
I see one poster in the SourceForge forum with major problems (the poster who can't install windows after correctly using DBAN) and a couple in the Eraser forum. So problems are a possibility.
Another route is to reformat and re-install XP. And then have Eraser wipe the free space. Eraser would make most everything unrecoverable, except a few 0 byte nonsense file names. This would probably be as secure as you need.
Rizar -Thanks for this option! Are you aware of any tutorials I can use for reformatting and reinstalling? I am almost certain I am able to do it with no problem but of course I want to be sure.Thanks
No problem.
This looks like a very detailed and interesting guide:
http://lifehacker.com/157578/geek-to-live--how-to-format-your-hard-drive...
I'm not able to check it, but someone made a highly rated video guide on YouTube, with several other video guides in the related section:
http://www.youtube.com/watch?v=n0cop_am1WM
New version of Eraser 6.0.6 has been released.
I tried it out since they don't have it in portable yet. I liked the HAL eye blinker, but I hated its huge memory consumption. The interface is clean and friendly and it has some very interesting features now. It can easily setup to erase the recycle bin and it can replace file names for better anonymity. I was very impressed, except the mammoth size -- it would be like having another antivirus running all the time just for its scheduling. It needs a small scheduler like Avira has to avoid having the main program running all the time.
Eraser is No1 Choice.
For the ones who don't like Eraser, here it is another choice:
*** File Shredder ***
http://fileshredder.org/
A nice simple but good tool for file shredding how about...
http://download.cnet.com/AbsoluteShield-File-Shredder/3000-2092_4-101135...
I need a secure erase for a SSD and the ones I've come across are over my head most likely, involving tricking the BIOS and such. With SSDs, like magnetic platters, marking the space as available or free doesn't remove anything. With SSDs eventually all the units, or pages get filled and you need to mark each page as empty, not free. I've tried HDDSecure erase and gpart, some kind of Linux disk you need to burn and boot off of, and Wiper without luck. My only computer's a Dell Preciison m6400 Covet and it won't let you mess with the BIOS settings to make any of them work, apparently and I'm starting to go crazy trying to figure it out. My seek times have gone from .1 to .3 and I know that sounds pretty silly if you're talking spinning disks but it's enough evidence for me to learn how to do it regularly. Do any of the programs getting discussed here have anything to offer someone trying to tune up a SSD?
Is it possible to erase the drive so it does not look like it's been erased? Gizmo's recommended utility unfortunately leaves evidence of the erasure (plenty of junk files and directories when you try to recover data).
You would need to make the drive appear "used". You can do one of two things:
Clone another drive's used partition(s) on top of the erased drive or manually create a "used" disk (see steps below).These would be the only ways to make the drive look "used" that I can think of. Alternately, you can claim you just bought it at a "flee market."
Step 1)
Reformat
Step 2)
Fill the disk with files that vary in age.
Step 3)
Erase (not wipe) some and over write them with files of varying age.
Step 4)
Repeat step 3 several times erasing some of the same and some different files.
NOTE:
Varying age means that the file's Created, Modified and Accessed dates are random past dates. You can't just copy the files that will change the Modified and Accessed dates. You will need some sort of backup/restore utility that does not alter the dates.
Do flash drives need a secure erase?
Or is it enough to just place a large dummy file onto them so all free space is used?
I'm about to try a program called Roadkil's Disk Wipe:
http://www.roadkil.net/program.php?ProgramID=14
"Securely erases the contents of a disk replacing it with random data or leaving the drive completely blank. Numerous passes can be performed to ensure data is totally unrecoverable. Program works on hard and floppy disks aswell as USB/Flash drives."
UPDATE: I used Roadkil's Disk Wipe to erase a 500 GB Seagate drive that's crapping out and that I'm returning to the manufacturer for warranty replacement. I set the program to 2 pass and instructed it to insert random data. Before using it, I had deleted all the files from the drive (which was almost full) and reformatted. The drive was in an external USB enclosure. The process of wiping the drive took almost 12 hours. Afterwards, I scanned the drive with a freeware data recovery program called Disk Digger. I used the slower, thorough mode, since having reformatted the drive, the faster mode wasn't available. After five hours of scanning and no results, I had had enough and stopped the program (it had scanned about 75% of the disc).
I'd say Disk Wipe did a good job. Unless you've got a drive full of confidential customer information or national defense secrets, going to the extreme of degaussing or physically destroying it isn't necessary.
Do these erasers also erase the BIOS ? Just want the hard drive erased not the BIOS>
They can only erase the hard drive and the BIOS is not on the hard drive, so no.
thnx
Hi,
I have used eraser with Windows XP without any problem.
I tried to use it with Vista and it's impossible to erase a file. It always says "Administrator privileges required".
How is it possible to use it with Vista?
Thanks in advance for your help
Fernando
You have to browse over to the directory that eraser is installed, and rightclick on the main exe file, and select run with administrator privileges from the submenu.
Check this out
http://www.fileshredder.org/
I guess if I was that concerned about the data on my hard drive I would just have to buy a new one. I am not technical at all. But you seem to indicate that it's quite difficult to remove data. If I take it somewhere will others be able to remove the data? This sounds like a tough road to hoe.
Thanks for the great review. Along with the comments, it shows that (a) there are simple solutions for average users and (b) users with more serious security issues should either destroy their disks or do a lot of research before proceeding.
I would like to make a small clarification for anyone considering Derick's Boot and Nuke. The process is simple, but the shredding does not start immediately on booting from the CD, at least not as originally downloaded. So users don't need to fear that simply booting the computer with the CD in the drive will destroy their hard drives.
For users type (a) eraser will do, but for (b) users try as you said Derick's Boot and Nuke or Active Kill disk for integral disk wiping or use HDDEraseWeb where it can be used. For files or folders case(b) only bcwipe will do what it claims or else encrypt the files and "forget" the key.
I have a bot on my computer. Will a simple reformat of the hard drive remove it? Or do I need a disk scrubber?
Yes simple format will remove everything on the partition, obviously including any type of malware. Disk scrubber is only needed if you want to prevent deleted data from being recovered with an utility. The most typical case for the average user is when a hard disk is sold and you want your sensitive data being permanently removed.
you can also try this secure delete and wipe utility JDelete wich is cross plateform (Windows XP/Vista/7, Mac OS, Linux, ...)
When data is written to a magnetic medium, such as a disk, there is created a pattern of magnetic "ones" and "zeros". When that data is overwritten (as when erasing for security purposes), a new pattern is impressed onto the existing old data. Two possibilities for data recover exist at this point:
1. The read/write head may track slightly differently depending upon from which direction is was moving between tracks. This leaves a very small "edge" of the old data exposed along with the new data.
2. The "density" of the "ones" in an area where there had previously been a "one" will be greater than a new "one" in a place where there had previously been a "zero". Clever software can read these differences and discover what the previous data had been.
To what degree can either of these methods recover old data? I don't know. I have read articles in tech manuals that claim the two systems used together, as needed, can read through more than 5 overwrites, and some claim that at least partial data can be recovered following even more -- the exact number, of course, unknown until recovery is attempted.
If the data is sufficiently sensitive (national secrets, patient records that could result in a law suit, or your wife climbing out of the shower and your level of paranoia is sufficiently high, I would recommend my favorite "eraser", an afternoon of target practice with my .40cal service pistol, followed by a tension-releasing session with a large hammer!! I have heard also that a few minutes with an acetylene torch works quite well ! ! !
Your .40 cal method would work. Reference this article where it states the only true way to make a drive secure is total destruction. Keep in mind that all these software companies that state their software meets DoD 5220.22-M standards are using an out-of-date reference. The Defense Security Service (DSS) issued an update to the NISPOM (DoD 5220.22-M) in February 2006 and later Industrial Security Letter #2007-01 (dated Oct 2007) which removed ALL over-write options to sanitize a hard drive. Their only approved method now is either to degauss with Type I, II, or III degausser or by total physical destruction. DSS recognized that recover software is getting too advanced for the overwrite method to continue to be viable.
JohnB
I found a freeware program called: Revo Uninstaller:
http://www.revouninstaller.com/. It has Many features to permanently
uninstall programs, files, folders, etc. and perform several other functions, including cleaning up and optimizing your pc.
There is a tool Revo calls "The Evidence Remover" which claims to do the following (found here: http://www.revouninstaller.com/evidence_remove_secure_delete_wipe.html):
"Deleting your files and folders does not mean that they are gone forever. When you empty Windows Recycle Bin your files and folders are just marked as deleted but they are not erased physically. There is a chance to recover deleted data from a 10 years or older PC and this data may be very important and confidential. With any recovery tool or un-delete program you can easily get back your important documents and other files that you have deleted. And here comes the Evidence Remove tool of Revo Uninstaller. Evidence Remover will eliminate all chances to get data back from your hard drive. It will erase forever files and folders, which already have been deleted but left physically on your hard disk. No matter what tool you or somebody else will use to recover the data, including professional and expensive recovery and un-delete tools, the result will be always one and the same - the data erased with Evidence Remover is impossible to recover!"
I have read all the comments on this Best Free Secure Erase Utility posting.
Could someone tell me if, in fact, Revo Uninstaller really can make it impossible to recover the data erased?
Thank you.
I don't understand why an erasing application doesn't give the option of replacing everything with nulls (or spaces). Is this due to operating system restrictions? Even if it's an efficiency issue, I would still want to have the option. I would rather wait longer than leaving any chance of recovery.
Everytime I erase something with eraser (Using the uber-setting of Gutman-32), Recuva easily finds some of the files, what gives? I did better using Gutman-32 option in Ccleaner.
I think it can see the file name but not actually recover the file, maybe you could try to recover some to make sure.
How about East-Tec Eraser 2008?
CyberShredder
http://cylog.org/utilities/cybershredder.jsp
Hi Guys if ya after wiping a full drive just use a ubuntu disk and format with ext3 or ext4 job done ya wont get anything back after that when ya run recuve no way have fun.....
Format, even on linux, is not at all a secure erase tool. Most of the data is untouched.
Very true.
dd if=/dev/urandom of=/dev/hda
get's the job done though. Good luck recovering anything after that :)
thanks very much for this article
Regards
Has anyone tried Hard Disc Scrubber? See http://www.summitcn.com/hdscrub.html
I saw this mentioned on a PC magazine "top freeware" site.
I Use The Free Edition Of Active Kill Disk.
The Only Thing I Hate About It Is The 1 Pass Limitation.
DBAN Does Not Seem To Work On My 2 500GB Sata Drives.
Post new comment