DELETE files FOREVER?

  • Thread starter Thread starter 8-Ball
  • Start date Start date
8

8-Ball

Ok, so when I delete something it goes to the recycle bin.
When I delete something from the recycle bin it is gone forever. -THINK AGAIN-
I deleted somthing from the recycle bin and got it back a few days later...I
also found a ton so stuff I was told was "deleted" forever by Windows. I
brought it back (using some uber-simple free program) just to see it it was
really there (not just a file name) I was able to open it and read it as well
as continue to edit it... This is PROBLEMATIC; some of these files contain
sensitive data such as SSNs', medical info, and other stuff that I had
believed to be "deleted" and wasn't.

Why is it still on there and how do I delete it FOREVER? (Without drilling
holes in my HD) >>I'm packing a Dell XPS 1530 running a home edition of
Microsoft Vista<<
 
Your experience has been written about in the media for the last couple of
decades, at least. If you Google on "Deleting files", you will find all
kinds of articles about the subject. This is not a Vista unique situation.

There is one item that you write about that is ambiguous. Are you saying
that the deleted file came back all by itself after you deleted it from the
recycle bin, or did you use the 3rd party software to get it back? If it's
the later, then that's very possible and not unusual.
 
You new to computers? It's always worked like this.
There are programs that overwrite the deleted files...
Google "Vista file wipe"
 
Ok, so when I delete something it goes to the recycle bin.
When I delete something from the recycle bin it is gone forever. -THINK AGAIN-
I deleted somthing from the recycle bin and got it back a few days later...I
also found a ton so stuff I was told was "deleted" forever by Windows. I
brought it back (using some uber-simple free program) just to see it it was
really there (not just a file name) I was able to open it and read it as well
as continue to edit it... This is PROBLEMATIC; some of these files contain
sensitive data such as SSNs', medical info, and other stuff that I had
believed to be "deleted" and wasn't.

Why is it still on there and how do I delete it FOREVER? (Without drilling
holes in my HD) >>I'm packing a Dell XPS 1530 running a home edition of
Microsoft Vista<<

There ARE true file deleters but Windows has ALWAYS done it the way
you are seeing it happen! What happens when you delete a file, in
Windows, is it's space on the hard drive is marked as available to the
computer to write something else to. It does not actually remove the
data, just makes that sapce available for something new. When the new
data is written over the top of the old data, then and only then is
your old data truly gone. Or is soooo expensive to try and recover as
to make it gone for most of us. There are disk wipers that will wipe
the whole disk drive and as stated in the other messages there are
true file wipers, but be VERY careful when using them. You push the
wrong buttons and lots more than you wish can be GONE!!! At my work we
also have tons of personal data such as you do and that is why we
ALWAYS wipe every drive before it leaves our hands when the machine is
being replaced.
At home I use DBAN, Darik's Boot And Nuke, but it is a total drive
wiper not a file wiper. I do NOT have any personal data like you have
at my home!!!
 
Deleting files has always been this way. All that actually happens is that,
when a file is deleted, the area that the file occupied is marked as
'available' so that another file can use the space. The file is still there
until it gets over-written by another file. This is a good permanent file
eraser which I have used many times: http://www.heidi.ie/eraser/ It is also
free.

--
--
John Barnett MVP
Associate Expert
Windows Desktop Experience

Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
 
8-Ball said:
Ok, so when I delete something it goes to the recycle bin.
When I delete something from the recycle bin it is gone forever. -THINK
AGAIN-
I deleted somthing from the recycle bin and got it back a few days
later...I
also found a ton so stuff I was told was "deleted" forever by Windows. I
brought it back (using some uber-simple free program) just to see it it
was
really there (not just a file name) I was able to open it and read it as
well
as continue to edit it... This is PROBLEMATIC; some of these files contain
sensitive data such as SSNs', medical info, and other stuff that I had
believed to be "deleted" and wasn't.

Why is it still on there and how do I delete it FOREVER? (Without drilling
holes in my HD) >>I'm packing a Dell XPS 1530 running a home edition of
Microsoft Vista<<

8-Ball,

How long have you been using computers and how much knowledge do you
possess concerning operating systems?
When you delete a file on an operating system you are only deleting the
operating system's memory of the existence and/or location of the file.
Nothing more, nothing less. Unless the file has been overwritten or shredded
properly it will always exist.
Another misconception is that reformatting the drive will permanently
delete any existence of the file. If you don't reformat the drive using
numerous overwrites consisting of various methods the possibility exists
that the files can be recovered.

C.B.
 
8-Ball said:
Ok, so when I delete something it goes to the recycle bin.
When I delete something from the recycle bin it is gone forever. -THINK
AGAIN-
I deleted somthing from the recycle bin and got it back a few days
later...I
also found a ton so stuff I was told was "deleted" forever by Windows. I
brought it back (using some uber-simple free program) just to see it it
was
really there (not just a file name) I was able to open it and read it as
well
as continue to edit it... This is PROBLEMATIC; some of these files contain
sensitive data such as SSNs', medical info, and other stuff that I had
believed to be "deleted" and wasn't.

Here's the deal, followed by a few suggestions that don't involve using
external tools:

Windows guarantees to protect erased data from being accessed by other
normal Windows processes - i.e. those processes that don't have privilege to
read and write raw data from selected random sectors of your hard drive.

There are two ways to do this - you can either zero-on-open, or
zero-on-close. Zero-on-open means that when a file access requires assigning
a disk cluster to a file that didn't own that cluster before, it will zero
out the data at that time. Zero-on-close means that when a file relinquishes
its assignment of a disk cluster, it is zeroed at that time.

Zero-on-close is time-intensive. You can't delete a file without filling its
contents with zeroes. You can't even guarantee that this will happen,
because someone may turn off the computer half-way through a delete
operation.

Zero-on-open is much less time-intensive, because by the time you actually
need to zero clusters on the disk, the zeroing operation may be unnecessary
anyway, because the application opening the file usually has data to put in
that cluster.

Zero-on-open has the problem that deleted files leave their contents in
place on the disk until such time as those clusters are allocated to a new
purpose.

File shredders generally only 'shred', or write repeatedly over, the
clusters that the file occupies _now_, and as such they give a false
impression of security.

The file whose contents you're trying to destroy will generally have been
copied to a number of different locations:
* temporary folders (open a Word document, it creates a temporary copy, for
instance - most applications will create temporary copies of your files
while working on them)
* pagefile and hibernation files - if your file's contents are loaded into
memory, unless they are marked specifically to only be loaded into physical
memory without going through an intermediate cache, they will at some point
be swapped out to the pagefile. After some time, they will be wiped over by
other memory contents, but this can be a concern; if you hibernate your
computer, the hibernation file contains a copy of all the contents of your
memory, including files.
* slack space - if you ever defragment your drive (and by default, Vista
defragments drives when you're not looking), your files are moved around to
different clusters on disk. The old clusters they used to occupy are not
wiped over.
* backup store - volume shadow copy services retain copies of older versions
of files.
* search index - some contents may be locatable in a search index.

So, to delete files so that no evidence of their contents remains on disk,
here's what you have to do:
1. Delete the file.
2. Delete all temporary files and folders (you have to know your
applications in order to determine where and how these temporary files are
stored)
3. Disable hibernation and either disable or encrypt the pagefile
4. Disable volume shadow copy service
5. Disable any desktop search utilities
6. Wipe the slack space using the command "cipher /w"

Better still is to never have the data on the hard-drive in the first place.

How do you do that?

You encrypt the whole drive - and when you want to lose the data on that
drive, you format and reinstall Windows. Or you can follow steps 1-5, and
then decrypt and re-encrypt the drive. The free space may contain your
protected data, but it's encrypted with a key that you have wiped by virtue
of decrypting and re-encrypting. Sadly there isn't a single-step process to
re-encrypt an encrypted drive with a new key, an operation you might want to
do if you fear exposure of the old volume encryption key, or if you want to
unambiguously wipe old data so that it cannot be recovered.

Alun.
~~~~
 
8-Ball said:
Ok, so when I delete something it goes to the recycle bin.

Not really. There is a path to that file that the filesystem uses to locate
the
file's data on disk, you have changed that path - the data hasn't moved.
When I delete something from the recycle bin it is gone forever.

I think the 'filename' part of the path is prepended with a special
character so
that the filesystem will ignore it. This removes protection to allow that
data
to be overwritten if need be by the system. Data can't really be 'deleted'
in the ordinary sense - it needs to be overwritten (or obliterated - get out
the drill) to be really gone.

....and then there's microscopic analysis requiring you to use even more
extreme measures like half-tracking and multiple passes of random(ish)
overwrites to thwart those efforts.

Make the recoverable files useless to anyone who goes through the effort
to recover them - encrypt! Some versions of Vista already have this as a
feature.
 
Back
Top