Ask Leo! by Leo A. Notenboom

Secure Delete: what is it, and do I need it?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » General Computing

Summary: Secure Delete is a way to make sure that when you delete a file it cannot be recovered. Understanding Secure Delete is important to protect sensitive data properly.

Although there are many software utilities that claim to be able to delete data files from hard drives securely and thoroughly, can't you accomplish the same thing simply by overwriting sensitive files with large, non-sensitive ones?

To be honest, it depends on your level of paranoia. I suppose that also depend on the level of sensitivity of your data.

But you are correct in the implication that a plain old "delete" isn't nearly enough.

Let's look at that, and how far you might need to go.

As you may already know, deleting a file in Windows doesn't actually delete the data. In fact, it doesn't really even delete the file - in Windows Explorer if you delete a file it just gets moved to the recycle bin. The file's not really deleted until the recycle bin gets too full, or until you empty it yourself.

Naturally it's trivial to go digging around in the recycle bin to see what's been "deleted", and recover it intact.

"Because of the way magnetic material on hard disks works, it might be possible to actually recover data that has been overwritten."

Even a "permanent" delete after, or bypassing, the recycle bin doesn't really delete the data. In a sense, it just tells Windows "This space over here where there used to be a file? You can put something else there, if you like."

It's kind of like moving out of an apartment by only taking your name off of the door. Until someone moves in and replaces with their own, all your stuff is still inside and available to anyone who knows how to look for it.

That's where the concept of "secure delete" comes in. A secure delete overwrites the data in the file when the file is deleted. This takes longer, of course, as it has to actually go access the entire file, but it ensure that the data is no longer accessible to the casual observer. It's kind of like making sure your apartment is empty - or at least full of stuff that isn't yours - before leave.

Unfortunately simply overwriting one file with another does not do this. The problem is that you can't control where the operating system is going to write the data. Depending on how the copy is implemented it may copy the data to a new file on the hard disk, delete your old file, and then rename the new file to the old file. (A very common technique.) Note the "delete" in the middle - that's not a secure delete. Your data is still out on the hard disk.

The bottom line is that, yes, a secure delete utility is probably what you need. It will ensure that the actual sectors on the hard disk that your file occupied are overwritten with other data.

Our friends over at SysInternals have such a utility for free: SDelete.

Alternately, there are also "free space wipers" that will simply write data to all the free space on your hard drive. This removes the data from any and all files that have been permanently deleted. As it turns out, SDelete will do this as well.

Now, there's one more step we need to look at before we say we're done, and this is where your level of paranoia, and the sensitivity of the data, come into play.

Because of the way magnetic material on hard disks works, it might be possible to actually recover data that has been overwritten. It's most definitely not trivial, and often requires special tools and techniques (and often a fair amount of money), but it sometimes can be done.

The solution is to ensure that the secure delete utility has the option to overwrite the data multiple times. (It can actually involve much more than that, based on things like physical disk configuration and disk head movement.) By writing over those soon-to-be-free sectors multiple times, the original data is well and truly gone.

Related:

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Article C2766 - August 23, 2006

Recent Comments
15 Comments

Please, does secure delete work with xp windows?
Thank you.

Elizabeth.

Yes.

-Leo

Posted by: Elizabeth at August 5, 2008 1:11 PM

Hi Leo
Do you have a BAT file that will automatically start sdelete? If not can you explain more about how to set up sdelete, select the various option?
Gordon

SDelete's options are covered quite well on it's download page.
- Leo
09-Aug-2007

Posted by: gordon at November 8, 2008 6:05 PM

We let go an employee wholived out of state.
We asked him to return his laptop.
All the company email he had on his coputer he had delteted, and we can't seem to retrive it or recover it.
How much does it cost for someone who really knows Windowsxp professional & Outloook to try & recover?
I understand it may not work.
His provider for internet was AT&T.
Isn't it against the law to on purpose delete company imformation?
Thanks
Mike

Posted by: Mikw at December 26, 2008 6:46 PM

well I have downloaded it, unzipped it but still have no idea how to make it work. All I get is an icon which doesn't open or apparently do anything.

a) it's a program you run in a windows command shell, and b) the usage instructions are on the page you downloaded it from.
- Leo
16-Jan-2009

Posted by: Michael Paul at January 15, 2009 8:01 AM

I want a secure delete application that integrates into the recycle bin, such that any time a true file delete operation is emitted the secure deletion utility is used to shred the file content on disk. Know of anything like that?

File under: don't make me think; help me do what I need done.

Posted by: PaulProgrammer at January 30, 2009 9:57 AM

Leo, I am not paranoid about what is on my computer, I am just scared all that stuff is slowing the computer down and filling it up.
we show and breed Shar-Pei. I can hear again from someone who bought a puppy 8-10 years ago, put their name in Search, and pull up 7 copies of every email they sent me and I sent them. And they weren't anywhere I could find them.
My computer blew in 2005, and March 2008, and we got a new one each time, with the geeks transferring as much as they could.
When I wrote to someone about a puppy, obviously I am including pictures. Surely this fills up my hard drive! Thanks, Susan Lauer

Posted by: Susan Lauer at March 3, 2009 9:47 AM

Does sdelete work with Vista? Thanks.

It should.
- Leo
04-Mar-2009

Posted by: Emily at March 3, 2009 1:06 PM

I use a free program called Eraser. It will securely wipe the free space on your media or a single file or folder or mulitple files/folders. Plus it has a shell context menu. So you can right click on the file or folder and erase it. It also has a scheduling feature. You can choose your erase method from 1 pass to 35 passes or create your own method. It works on XP and Vista and comes in a 32 bit or 64 bit version.

Acronis True Imgage Home also alows you to securly "wipe" your files.

I have one question though. Generally speaking which erase method should a person use? There are so many out there from the US DOD 7 pass to Gutman's 35 passes. Which would be the best one to use?

Thanks in advance to everyone who answers the question.

Posted by: Craig at March 4, 2009 8:20 PM

To everyone that requires secure delete use a much better software as KILLDISK or Erasedisk to achieve the results you want.

Posted by: VAL at May 19, 2009 4:13 AM

hi leo,

i'll try to overwritten data several times to hdd.. but it take long time to complete.. do u have any suggestion how I can shred hdd quickly but securely?..

thanks

Posted by: ngahz at November 4, 2009 8:19 PM

Post a comment on "Secure Delete: what is it, and do I need it?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!