Jump to content











Photo

Rewrite free disk space to avoid file recovery


  • Please log in to reply
31 replies to this topic

#1 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 February 2013 - 10:25 AM

Good morning my friends.

 

I am moving from an old computer to a new Windows machine and will soon need to return the old hardware back to the company.

 

Moving the documents from one machine to another was easy. Now I'm in the process of deleting all the files on the old Windows 7 computer before giving it back.

 

One of my worries is that I have no idea about who or how this old machine will be used after leaving my hands. I'd like to rewrite all the free space in order to avoid the typical undelete recoveries from those who have enough time to snoop around someone else's work.

 

I'm looking around for tools that can perform this task, two came to surface:

Mil Shield: http://www.milincorp...milshield2.html

Eraser: http://eraser.heidi.ie/

 

Does anyone around here stumbled on the same problem and would like to share a few words of wisdom in regards to this matter?

 

Thanks for helping!

:cheers:



#2 ambralivio

ambralivio

    Frequent Member

  • Advanced user
  • 195 posts
  •  
    Italy

Posted 20 February 2013 - 12:52 PM

@ Nuno,

 

no experience at all on the matter, but what about using a Linux LiveCD, instead,  to make the job ?

 

Reason is that Linux have a better management of files & partitions (also by using dd command).

In my knowledge no zeroing method is 100 % "safe", so you might need to apply several cycles or more safer algorithms (complementary).

 

Some useful link here

 

 

Or, alternativvely, another good method I read (but which can be time-expensive, though, according to the free-space available) is to "completely fill" all the available space with other "clean & garbage"  files and then cancel them again.

 

ambralivio



#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 February 2013 - 02:27 PM

Things should be made as simple at possible.

 

Meet sdelete (if you plan to wipe the free space in the filesystem/volume):

http://technet.micro...s/bb897443.aspx

 

If you plan to wipe the volume (by re-FORMATting the disk) it will also wipe it (if you are using Vista :ph34r: or later) as long as you don't use the /Q (quick) switch.

 

If you plan to WIPE the disk, use built-in ATA Secure Erase AND NOTHING ELSE.

 

See here:

http://reboot.pro/to...e-from-windows/

http://reboot.pro/to...use-in-win7pe/?

 

:cheers:

Wonko



#4 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 February 2013 - 03:36 PM

Thanks for the suggestions.

 

I should clarify that I don't have admin nor boot permissions on this old machine.

 

The free disk space to be wiped rests on a single partition where Windows is also installed. Tomorrow I need to deliver back the machine with the included windows install still running.

 

Unfortunately not much time available to do a proper cleansing. 



#5 ambralivio

ambralivio

    Frequent Member

  • Advanced user
  • 195 posts
  •  
    Italy

Posted 20 February 2013 - 04:15 PM

Therefore, if SDelete need admin rights, it cannot be used.

 

At this point, if I were you, I'd use the trick to fill-in the entire disk (if not having a so great capacity) with garbage files and then delete them.

 

ambralivio



#6 ady

ady

    Frequent Member

  • Advanced user
  • 165 posts

Posted 20 February 2013 - 04:26 PM

I don't remember whether CCleaner requires admin permissions or not for its wipe functionality.

 

There is an official CCleaner portable version available as zip.

 

CCleaner -> tools -> drive wiper -> wipe: free space only -> simple overwrite 1 pass (which is enough for your personal needs). Then select the drive and wipe.

 

HTH,

Ady.



#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 February 2013 - 04:45 PM

Therefore, if SDelete need admin rights, it cannot be used.

 

At this point, if I were you, I'd use the trick to fill-in the entire disk (if not having a so great capacity) with garbage files and then delete them.

 

ambralivio

Well, even easier would be to use fsz to create a new, empty (all 00's) file the same exact size of available disk space (and then delete it).

This is of course possible only with NTFS, if FAT (16 or 32) you will need to create a number of files, each one smaller than 4 Gb.

fsz is part of dsfok toolkit.

 

Of course, if you don' t have Admin privileges (really I don't think that Sdelete requires them to clear free space) you won't be able to delete a number of files (IF they are system protected or have Admin as owner).

In other words the issues (if any) will appear BEFORE using sdelete, when you attempt deleting the actual files.

 

See also this:

http://forum.sysinte.../topic6065.html

the Admin privileges are needed if you want to "shred" *any* file, once you have free space you should be able to wipe it alright with normal user privileges (free space does not belong to anyone) as long as you have write access to the disk.

 

:cheers:

Wonko 



#8 ambralivio

ambralivio

    Frequent Member

  • Advanced user
  • 195 posts
  •  
    Italy

Posted 20 February 2013 - 05:18 PM

Just for the record, it seems that also the last version of SDelete have some bugs with sub-folders.

 

See this link

 

ambralivio



#9 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 February 2013 - 05:34 PM

Filling up the space with randomly written files could work as intended.

 

Maybe creating these temp files sized in chunks of 250Mb (to keep memory usage short and fast) until we fill up the disk space with only a few Gb's available.

 

Should be simple to code. :)

 

I don't remember whether CCleaner requires admin permissions or not for its wipe functionality.

Will try this tomorrow. If a tool is already available, the better.. :cheers:



#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 February 2013 - 06:02 PM

Just for the record, it seems that also the last version of SDelete have some bugs with sub-folders.

 

See this link

That is not relevant (for the specific task of securely deleting free space), however the 1.51 verson is available here:

http://www.afterdawn...elete.cfm/v1_51

 

All in all, there is not much to think about it, just run sdelete -c or -z on that drive and then run dmde:

http://softdm.com/

or Photorec:

http://www.cgsecurit...g/wiki/PhotoRec

to see if they can find any "residual" file.

 

(for the record the -c is NOT suggested, whilst the -z is)

 

:cheers:

Wonko



#11 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2013 - 02:12 PM

CCleaner -> tools -> drive wiper -> wipe: free space only -> simple overwrite 1 pass (which is enough for your personal needs). Then select the drive and wipe.

Hi,

 

Just tried this one, doesn't work on the same partition where Windows is running or perhaps it fails to work without admin rights. The error message does not specify, sorry.

 

Will keep looking for other options. 



#12 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2013 - 02:20 PM

Anyone knows a tool for writing nnn gigabytes of random data across an nnn number of files?

 

Right now all the other wipe free disk tools that I'm using fail to clean up without admin rights on the C:\ drive.. :(



#13 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 February 2013 - 02:26 PM

Maybe you would need to boot a PE of some kind, I could point you to a couple of builders for such environments, like Winbuilder, but they tend to have a steep learning curve that given the short time you have available may be too much.

 

Of course there are random file generators, these ones come to mind (but still you are making it far more complex than needed):

http://www.mynikko.com/dummy/

http://www.bertel.de...c/index-en.html

 

It must be tough living with a broken google. :ph34r:

 

What I would personally do would be to try the utilman.exe trick, and if it works, create and Admin account on that machine.

 

:cheers:

Wonko



#14 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2013 - 02:35 PM

Thanks, these are good suggestions. 

 

Since my last message that I found another tool called FileFiller: http://www.tothepc.c...les-on-windows/

 

It seems to be working as intended, has no CLI which would have been nice to automate the file creation so I'm creating 20Gb files with random data, one at a time.

 

@wonko, would you be able to write a batch script that automates creating files with a given size until we reach a given limit?

 

For example, loop and write 500Mb files with random data using one of the tools you mention until 200Gb are reached?

 

On my case I can do this manually, just thinking this might be useful for other readers in the future. :cheers:



#15 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2013 - 02:43 PM

What I would personally do would be to try the utilman.exe trick, and if it works, create and Admin account on that machine.


 

 

Yes, would be possible but then I'd be in risk of breaking company policies. Creating big files with random data gets things done..  :)



#16 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 February 2013 - 03:02 PM

@wonko, would you be able to write a batch script that automates creating files with a given size until we reach a given limit?

Well, sure, that is trivial (and again there is NO need WHATSOEVER to create random data, a simple 00's file would do).
 
 
 



FOR /F "tokens=3 delims= " %%A IN ('DIR C:\') DO SET FreeSpace=%%A

 
Should set FreeSpace to "freespace" (in bytes).
 
 
 



SET Freespace=%Freespace:.=%
SET Freespace=%Freespace:,=%

 
should get rid of separators.
Then you can use my divide batch code:
http://reboot.pro/to...deccmd/?p=22754
to divide the above FreeSpace by the size of the intended file to be generated (all in bytes) FileSize.
 
Then you do something like:
 
 
 



SET FileNum= (the result of the division above)
FOR /L %%A IN (1,1,%FileNum%) DO fsz.exe %random%_empty_%%A.000 %FileSize%

 
The issue may be the stupid XP nagging you about filesystem being overfilled (AND it wouldn't be a good idea to have the thingy running on a system with pagefile set on C:\ AND with "dynamic sizing").
 
Then you run again the batch using a smaller filesize (depending on how much residual space is found by a new DIR C:\ ), i.e. you "converge" until no sector is left free.
 
Just FYI, the thing about company policies is b*llsh*t, you are either tasked by the company to do something AND they provide you the right meand to do so (the Admin password of that machine) because they trust you or you are doing this WITHOUT authorization and thus you are not only breaking the company policies but additionally potentially make unreplaceable files (assets of the company) irrecoverable (which in many countries may constitute a criminal offence :ph34r:).
 
:cheers:
Wonko
 
P.S.: Before I forget, this may also be of use /though as said not *needed*):
http://www.mydefrag....Fragmenter.html
 
AND, strangely enough, the idea is NOT entirely "new" ;):
http://www.cylog.org...es/filldisk.jsp
 

 

 

FillDisk v0.02

©2008 CyLog Software

FillDisk is a simple utility that fills up a disk with data. It starts with 1GB files, then drops to 512MB, 256MB and so on until it fills up completely the disk with files.

The reasons why you would want to do something like that include:
testing applications when disks are approaching full capacity
shredding the empty space of a hard disk

FillDisk has a very simple interface, just enter a folder for the files to be created and press the "Go" button. You can stop the operation att any point in time. The file that is currenly being written will close and FillDisk will stop.

  • Brito likes this

#17 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2013 - 05:11 PM

Thank you. On my case the problem is now solved. Data was deleted and overwritten, I was surprised to notice that more than a billion files were hosted on the old workstation.

 

 

Just FYI, the thing about company policies is b*llsh*t, you are either tasked by the company to do something AND they provide you the right meand to do so (the Admin password of that machine) because they trust you or you are doing this WITHOUT authorization and thus you are not only breaking the company policies but additionally potentially make unreplaceable files (assets of the company) irrecoverable (which in many countries may constitute a criminal offence ).

 

On a big place sometimes policies work on opposite direction of what is required or even worse, work against your own basic principles of privacy and information security.

 

What people do this with the old hardware after it goes out of the door is not under my control. Of course that if I ask someone about this matter, then I will be assured that nobody will do anything wrong, that nobody will try to fetch my emails or that nobody will try to recover the deleted data. But the fact is that I simply don't trust this guy called "nobody" nor enjoy allowing these kind of risks to happen. So I'm exercising my right to clean up the machine within what I am allowed to do with it.

 

:cheers:



#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 February 2013 - 05:45 PM

So I'm exercising my right to clean up the machine within what I am allowed to do with it.

NO.

You are abusing of that right, by "blindly" deleting *anything* on that machine, including - most probably - data that you don't "own" and that (if you are not tasked with that specific core) may represent an abuse.

The fact that what you did is "intelligent", and "right" (in the sense of "the right thing to do") you may well be going over the border of company policies.

It simply doesn't work this way (anymore :() you cannot make justice by yourself.

 

:cheers:

Wonko



#19 ady

ady

    Frequent Member

  • Advanced user
  • 165 posts

Posted 21 February 2013 - 06:48 PM

I know this is already solved for Nuno, but the following might be useful for someone else.
 
WipeFreeSpace ( http://wipefreespace.sf.net GPL command line tool) has a java GUI that should work on Windows systems too (read the readme and install files for requirements and procedures).
 
 http://www.softpedia...Space-GUI.shtml
 
I know java is not the first preference for some users, but others are fine with it.

 

I have NOT used it myself.


  • Brito likes this

#20 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 21 February 2013 - 07:07 PM

Sounds that you found the joker :good:

 

I'll make a drive backup and the try!

 

Peter :cheers:



#21 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2013 - 10:44 PM

You are abusing of that right, by "blindly" deleting *anything* on that machine, including - most probably - data that you don't "own" and that (if you are not tasked with that specific core) may represent an abuse

 

I'm quite sure that "nobody" will complain. If someone would (ever) complain (to me) about this matter, it would just admit snooping around data that is not theirs to look.

 

The fact that what you did is "intelligent", and "right" (in the sense of "the right thing to do") you may well be going over the border of company policies. It simply doesn't work this way (anymore :() you cannot make justice by yourself.

 

I wouldn't call this justice but rather an assurance to keep the game fair and square. Unfortunately some work "mates" are as trustworthy as the roman senate.



#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 February 2013 - 11:32 PM

I'm quite sure that "nobody" will complain. If someone would (ever) complain (to me) about this matter, it would just admit snooping around data that is not theirs to look.

 

Sure :), but - as I see it - once you decide to act by yourself - i.e. you consider your right to personal privacy prevalent over some of the (senseless) company policies (or connected incompetence in disposing of used hardware) you could well hack into that machine with Admin rights and make sure you have gone through all the needed steps to assure your privacy (not that most probably you did not actually already do everything necessary :thumbsup:, but IMHO you had not the means to verify that really *everything* was properly "neutralized/deleted/removed")

 

:cheers:

Wonko



#23 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 22 February 2013 - 09:06 AM

but IMHO you had not the means to verify that really *everything* was properly "neutralized/deleted/removed")

 

Yes, I fully agree.



#24 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 18 February 2015 - 08:59 AM

Hello,

 

Had again to clean up a work laptop. This time I'm using a freeware tool called "Hard Disk Scrubber" that you can download from http://www.summitcn.com/hdscrub.html

 

:cheers:



#25 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 February 2015 - 12:33 PM

Hello,

Had again to clean up a work laptop. This time I'm using a freeware tool called "Hard Disk Scrubber" that you can download from http://www.summitcn.com/hdscrub.html

:cheers:

And AGAIN *anything* different from a single pass of zeroes makes NO sense whatever AND represents only a way to stress the hard disk.
Conversely any program that allows anything different from a single pass of zeroes is a contribution to misinformation.

:duff:
Wonko




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users