Secure Data Deletion on Windows (Or Not)

How to: Delete Your Data Securely on Windows

From the post:

Most of us think that a file on our computer is deleted once we put the file in our computer’s trash folder and empty the trash; in reality, deleting the file does not completely erase it. When one does this, the computer just makes the file invisible to the user and marks the part of the disk that the file was stored on as “available”—meaning that your operating system can now write over the file with new data. Therefore, it may be weeks, months, or even years before that file is overwritten with a new one. Until this happens, that “deleted” file is still on your disk; it’s just invisible to normal operations. And with a little work and the right tools (such as “undelete” software or forensic methods), you can even still retrieve the “deleted” file. The bottom line is that computers normally don’t “delete” files; they just allow the space those files take up to be overwritten by something else some time in the future.

The best way to delete a file forever, then, is to make sure it gets overwritten immediately, in a way that makes it difficult to retrieve what used to be written there. Your operating system probably already has software that can do this for you—software that can overwrite all of the “empty” space on your disk with gibberish and thereby protect the confidentiality of deleted data.

Note that securely deleting data from solid state drives (SSDs), USB flash drives, and SD cards is very hard! The instructions below apply only to traditional disk drives, and not to SSDs, which are becoming standard in modern laptops, USB keys/USB thumb drives, or SD cards/flash memory cards.

This is because these types or drives use a technique called wear leveling. (You can read more about why this causes problems for secure deletion here.)

If you’re using an SSD or a USB flash drive, you can jump to the section below.

On Windows, we currently suggest using BleachBit. BleachBit is a free/open source secure deletion tool for Windows and Linux, and is much more sophisticated than the built-in Cipher.exe.

BleachBit can be used to quickly and easily target individual files for secure deletion, or to implement periodic secure deletion policies. It is also possible to write custom file deletion instructions. Please check the documentation for further information.

The EFFs reminder:


Time required: 10 minutes to several hours (depending on size of files/disks to be securely deleted)

is reassurance that most drives retired from government and industry may be loaded with goodies.

If in doubt, share this EFF resource with office level decision makers. It’s almost certain they will not tax their users with secure data deletion duties.

Comments are closed.