In a Hurry?
|Go straight to the Quick Selection Guide|
Data Recovery Risk
We've all heard the horror stories about someone buying a used hard drive at a flea market or garage sale and then finding tons of personal data left on the drive by the previous owner.
Or even worse, people getting their credit trashed by ID thieves that make their living by taking that information and using it to wipe you out financially.
"That would never happen to me," you say. "I'll delete all the files first" or "I'll re-format the drive before I trade it in or sell it." Not so fast there Scooter! That data you think you erased is still stored on the drive.
When you delete a file it isn't really removed from the disk. The file content remains on the disk until another file is written over it. Basically the same thing happens when you re-format a hard drive. Most of the data remains; the space on the drive is just made available to be written over.
Recommendations: Dealing with the Risk
To be as safe as possible, you must overwrite/erase/wipe both the slack space and free space. Also, the Windows swap file (a.k.a page file) could contain private data that you wouldn't want to have fall into the wrong hands.
Eraser allows you to easily add tasks to securely erase selected files and folders, unused disk space (aka free space), cluster tips (aka slack space), and the recycling bin. Eraser can overwrite the data area with your choice of a variety of random data patterns (14 default patterns and a custom pattern creator). It comes with a very detailed built-in help file. And the forum seems quite responsive to questions and problems. It works with any drive (including IDE, SCSI, and RAID), and with FAT16, FAT32, and NTFS partitions.
It was very effective in my testing on a medium size hard drive (with 120+ GB partitions). After it erased the free space with a single pass of random data wiping ("simple pseudorandom data"), PC Inspector File Recovery only found 0 bit nonsense file names (none of which were recoverable). And it produced informative reports for files it could not erase, such as those in use.
If you consult its FAQ Forum section (here), you can also set it to wipe data in the Internet cache, temporary files, Internet cookies, and other custom locations, but CCleaner is easier to use for such cleaning (see below).
In the negative, it was fairly heavy in memory use. It also became heavier over time as I used the windows explorer extension to erase particular files/folders. If it starts to get too heavy, then I suggest deleting the "Task List.ersx" file (it will delete all your existing tasks, though). My task list file got around 200 MBs before I thought to delete it; it's located in your user folder under "AppData" > "Local", but you can just use the search box to find the file. I suggest exporting your existing tasks at an early stage to be able to import them later (in case the program starts to bulge). The new interface received a bit of criticism, but the underlying erasing engine surpasses the competition.
CCleaner is a unique and useful file shredder because it cleans a number of places where data can secretly lurk. It will help you scrub data left behind by web browsers and other applications (windows explorer, system temporary files, and excess files created by applications/utilities/windows). These are difficult to find and erase on your own, so CCleaner has advantages over other file shredders. Before it can erase the junk files that it finds, you must set it to erase what it deletes (Options > Settings > "Secure File Deletion").
It wipes the free space of a drive in "Tools" with a "Drive Wiper" (preset with four erasing methods). It also allows you to automatically wipe the free space during its normal cleaning: select "Wipe Free Space" (scroll down in the Windows tab to Advanced) and "Run Cleaner", but you still have to manually check/uncheck the "Wipe Free Space" option (to avoid waiting a lengthy time every time it runs).
Finally, it shreds custom files/folders, but you have to jump through a few hoops by manually selecting the file or folder (Options > Include), setting it to clean "Custom Files and Folders", and clicking Run Cleaner. Alternatively, you could delete files normally to the recycling bin and then have CCleaner erase it later. Other file shredders are much easier to use for erasing custom files/folders.
File Shredder - Despite its name, it has both free space wiping and file shredding capabilities. File Shredder has a small download size, simple interface, and it's very easy to use. It's a lot lighter than Eraser on active memory resources, but higher in CPU usage on my system. It lacks scheduling or a built-in help, and has very limited online help.
It uses a DoD (5220-22.M 3 pass) erase pattern by default, but it has four other patterns to choose from (versus the 14 patterns of Eraser). The default may be way too slow for free space wiping, so you may want to change it to one or two passes. The free space wipe works a little differently than Eraser, leaving behind more temp files of nonsense information (whereas Eraser doesn't usually allow recovery programs to read any bytes as recoverable). But I wasn't able to view anything of use from File Shredder's full wipe leftovers.
Eraser and File Shredder have explorer and context menu extensions, so you can right click on a file and send it to the erasing/shredding programs.
SDelete: A command line utility that securely erases using a default DOD 5220.22-M pattern at a specified number of passes. It can erase files/folders, or the free space of a drive. Like other erasers, it doesn't erase file names (instead it renames them 26 times). To quibble, I found it a bit less effective on a 1 pass wipe of free space than others above (some data was recognizable in PC Inspector's hex view, but not much of importance).
Since it has no interface, you have to use old school DOS commands, but you can easily copy and paste over the commands (you may have to use the context menu to paste). After you download it, open a command window (click Start > Run > type "CMD"), and then, for example, enter "sdelete -p 2 -z c:" (without quotes) to wipe the free space of C drive with two passes. See its download site and Bright Hub for guides.
Related Products for Erasing
A somewhat different alternative is Darik's Boot and Nuke (DBAN). It's used to construct a floppy disk or CD that will automatically wipe the hard drives of any PC that's booted from the disk. It's great for bulk disk cleaning of PCs, and is also useful as an emergency tool for quickly removing sensitive information. However, the power of this app makes it a dangerous tool in the hands of beginners.
When you delete a file it isn't really removed from the disk. The operating system (OS) only removes the reference to the file from the file allocation table. This is like going into a book or magazine and removing a chapter reference from the table of contents. The actual chapter is still in the book. The only thing removed was the page number reference in the table of contents. With the file location reference removed the OS now sees that disk space as being available for use.
The DOS and Windows file systems use groups of disk sectors, known as clusters, to store data. These clusters are of a fixed size which is normally determined by the size and number of partitions of the disk volume itself and the file system being used. If the data you're storing requires less space than a full cluster, the entire cluster is still reserved.
For example, you've saved a file that required 15.5 clusters of drive space. Because the OS can't reserve a half cluster, the allocation table had to reserve 16 whole clusters for the file. That remaining half cluster that was not used may still contain data from a previous file. That unused half cluster is known as "slack space".
Data recovery programs can read slack space and retrieve the data stored there. Even worse, let's say the file system places your 15.5 cluster file over the "unused" area of a deleted file that originally took up 35 clusters. More than half of the previous file would still be retrievable! You could have thousands of clusters on your hard drive (a.k.a free space) that contain data you thought was deleted! Scary thought, huh?
To test this idea, use a data recovery utility (such as Recuva or PC Inspector File Recovery) and see if it recovers any files.
You can also use recovery programs to check whether an erasing program successfully overwrites your data. Some data gets nicely erased down to 0 bytes, some mixes with other random data to create files of nonsense information, some fails to get erased (whether because it's in use or it's in a protected area), and some are more difficult and require free space wiping. Very little of consequence is leftover after free space wiping on modern drives.
Do You Need to Use 35 Passes?
The quick answer is "no." In the epilogue to Peter Gutmann's secure deletion paper, he notes the importance of huge hard drive sizes and the use of perpendicular recording on modern computers. He compares the thinking behind the wide use of his Gutmann 35 pass erase method to the belief in voodoo:
In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques... It will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive... If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.
Looking at this from the other point of view, with the ever-increasing data density on disk platters..., it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-canceling techniques. In particular the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.
Why Would Anyone Want to Erase?
General Sources and Information
[node:2490 body collapsed]
Have Your Say
|You are invited to share and discuss your views in our freeware forum. To post in the forum you need to register first but that's quick and immediate. Alternatively, anyone can leave a comment at the bottom of this page. You can also help us by rating this review at the end of the article.|
Darik's Boot and Nuke
eraser, secure erase utility, data erase, erase/wipe hard drive, erase sensitive data, secure delete, erase deleted files, securely erase data, eraser review, eraser 6, Darik's Boot and Nuke, File Shredder, CCleaner, SDelete
Please rate this article: