How to wipe free space in Windows natively
up vote
7
down vote
favorite
Due to the nature of how filesystems like NTFS work, files that are deleted "permanently" from within Windows aren't immediately deleted - they're simply marked as deleted from the Master File Table (the hard drive's index) and therefore inaccessible from within the operating system using normal means.
This means that although a little harder to get to, they still exist on the drive until the space they occupy is overwritten by a newer piece of data, which can be never at all depending on how much free space the hard drive has. This makes deleted data easily recoverable to anyone capable of using dedicated data recovery tools like Recuva and GetDataBack.
On Windows, the wiping of free space is usually done via a (typically bloated) third-party GUI, despite the fact that it can be done relatively simply via the command-line in Linux.
Does such a command-line tool exist for Windows?
windows hard-drive command-line security cmd.exe
add a comment |
up vote
7
down vote
favorite
Due to the nature of how filesystems like NTFS work, files that are deleted "permanently" from within Windows aren't immediately deleted - they're simply marked as deleted from the Master File Table (the hard drive's index) and therefore inaccessible from within the operating system using normal means.
This means that although a little harder to get to, they still exist on the drive until the space they occupy is overwritten by a newer piece of data, which can be never at all depending on how much free space the hard drive has. This makes deleted data easily recoverable to anyone capable of using dedicated data recovery tools like Recuva and GetDataBack.
On Windows, the wiping of free space is usually done via a (typically bloated) third-party GUI, despite the fact that it can be done relatively simply via the command-line in Linux.
Does such a command-line tool exist for Windows?
windows hard-drive command-line security cmd.exe
add a comment |
up vote
7
down vote
favorite
up vote
7
down vote
favorite
Due to the nature of how filesystems like NTFS work, files that are deleted "permanently" from within Windows aren't immediately deleted - they're simply marked as deleted from the Master File Table (the hard drive's index) and therefore inaccessible from within the operating system using normal means.
This means that although a little harder to get to, they still exist on the drive until the space they occupy is overwritten by a newer piece of data, which can be never at all depending on how much free space the hard drive has. This makes deleted data easily recoverable to anyone capable of using dedicated data recovery tools like Recuva and GetDataBack.
On Windows, the wiping of free space is usually done via a (typically bloated) third-party GUI, despite the fact that it can be done relatively simply via the command-line in Linux.
Does such a command-line tool exist for Windows?
windows hard-drive command-line security cmd.exe
Due to the nature of how filesystems like NTFS work, files that are deleted "permanently" from within Windows aren't immediately deleted - they're simply marked as deleted from the Master File Table (the hard drive's index) and therefore inaccessible from within the operating system using normal means.
This means that although a little harder to get to, they still exist on the drive until the space they occupy is overwritten by a newer piece of data, which can be never at all depending on how much free space the hard drive has. This makes deleted data easily recoverable to anyone capable of using dedicated data recovery tools like Recuva and GetDataBack.
On Windows, the wiping of free space is usually done via a (typically bloated) third-party GUI, despite the fact that it can be done relatively simply via the command-line in Linux.
Does such a command-line tool exist for Windows?
windows hard-drive command-line security cmd.exe
windows hard-drive command-line security cmd.exe
edited Nov 9 at 23:24
asked Nov 9 at 0:25
Hashim
2,83962852
2,83962852
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
7
down vote
Such a tool exists in the form of a little-known Windows utility called cipher
.
cipher.exe has been included in Windows systems since Windows 2000, and had the original purpose of encrypting and decrypting files and folders using EFS encryption.
However, all that's needed to securely wipe the free space on a hard drive is Cipher's /w
switch:
cipher /w:C:
Note that cipher
's syntax is slightly odd in that it requires one colon after the /w
switch, followed by the drive letter of the drive that you want to securely wipe. If your system contains both a boot drive and a data drive, you'll want to wipe both separately with cipher /w
for maximum security, or wipe just the data drive to cover yourself for most purposes.
cipher
works by creating a folder called EFSTMPWP
on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
7
down vote
Such a tool exists in the form of a little-known Windows utility called cipher
.
cipher.exe has been included in Windows systems since Windows 2000, and had the original purpose of encrypting and decrypting files and folders using EFS encryption.
However, all that's needed to securely wipe the free space on a hard drive is Cipher's /w
switch:
cipher /w:C:
Note that cipher
's syntax is slightly odd in that it requires one colon after the /w
switch, followed by the drive letter of the drive that you want to securely wipe. If your system contains both a boot drive and a data drive, you'll want to wipe both separately with cipher /w
for maximum security, or wipe just the data drive to cover yourself for most purposes.
cipher
works by creating a folder called EFSTMPWP
on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
add a comment |
up vote
7
down vote
Such a tool exists in the form of a little-known Windows utility called cipher
.
cipher.exe has been included in Windows systems since Windows 2000, and had the original purpose of encrypting and decrypting files and folders using EFS encryption.
However, all that's needed to securely wipe the free space on a hard drive is Cipher's /w
switch:
cipher /w:C:
Note that cipher
's syntax is slightly odd in that it requires one colon after the /w
switch, followed by the drive letter of the drive that you want to securely wipe. If your system contains both a boot drive and a data drive, you'll want to wipe both separately with cipher /w
for maximum security, or wipe just the data drive to cover yourself for most purposes.
cipher
works by creating a folder called EFSTMPWP
on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
add a comment |
up vote
7
down vote
up vote
7
down vote
Such a tool exists in the form of a little-known Windows utility called cipher
.
cipher.exe has been included in Windows systems since Windows 2000, and had the original purpose of encrypting and decrypting files and folders using EFS encryption.
However, all that's needed to securely wipe the free space on a hard drive is Cipher's /w
switch:
cipher /w:C:
Note that cipher
's syntax is slightly odd in that it requires one colon after the /w
switch, followed by the drive letter of the drive that you want to securely wipe. If your system contains both a boot drive and a data drive, you'll want to wipe both separately with cipher /w
for maximum security, or wipe just the data drive to cover yourself for most purposes.
cipher
works by creating a folder called EFSTMPWP
on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.
Such a tool exists in the form of a little-known Windows utility called cipher
.
cipher.exe has been included in Windows systems since Windows 2000, and had the original purpose of encrypting and decrypting files and folders using EFS encryption.
However, all that's needed to securely wipe the free space on a hard drive is Cipher's /w
switch:
cipher /w:C:
Note that cipher
's syntax is slightly odd in that it requires one colon after the /w
switch, followed by the drive letter of the drive that you want to securely wipe. If your system contains both a boot drive and a data drive, you'll want to wipe both separately with cipher /w
for maximum security, or wipe just the data drive to cover yourself for most purposes.
cipher
works by creating a folder called EFSTMPWP
on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.
edited Nov 17 at 23:02
answered Nov 9 at 0:25
Hashim
2,83962852
2,83962852
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
add a comment |
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
Please be aware that on SSDs with overprovisioning, there are blocks that the OS is not aware of. The SSD itself will necessarily have vendor-specific tools for wiping those.
– Christopher Hostage
Nov 18 at 0:02
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1373948%2fhow-to-wipe-free-space-in-windows-natively%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown