Cleaning Free Space On Disk Drives

Before I get into it, I want to address this right off the bat. Too many people approach security issues with a "why bother" attitude. That sort of attitude will only come back to bite you in the end. Never EVER approach a security issue assuming that another person "will never figure it out", or "what are the chances someone will find this?", because eventually you will lose. You might get lucky and never have an issue, but real security does not rely on luck. The consequences of not protecting yourself FAR outweigh the "hassle". Once you see how easy it is to get real security, you won't have an excuse not to use it.

-----

The whole time you've had your computer you've been generating all sorts of data on it; saved games, financial information, passwords, family pictures, etc... Now you have a new computer (or even just a new hard drive) -- and it's time to get rid of the old one.

But what about all of that data? You want to remove it in a way that makes sure the new owner (or someone who picks it out of the garbage) can't get to it. Your first thought might be to delete the files by moving them to the Recycle Bin, then emptying it. Your second thought might be to format the drive. If you only do either of those (or both), you just failed "Security 101".

The problem is that deleting files from a hard disk does not delete the data itself, just the entry in the table of contents. It's like crossing your name out of the phone book -- it doesn't actually knock down your house. Formatting is similar, except instead of crossing out one name, you are making a new, blank, phone book. Doing that doesn't actually destroy the whole city. Most people don't know this, and some simple experiments on drives bought from eBay have turned up interesting results.

The fix for this problem is to wipe the free space on the drive. The empty space on the drive needs to be overwritten with other data, so even a detailed analysis cannot recover it. This can be more tricky than it sounds because there are systems on the computer that could get in the way, such as disk caching. Fortunately there are programs already out there that handle this for you, and they're free and easy to use. The only real effort needed is to wait for them to finish running, because the process can take a few hours.

I'm going to go over 2 different tools you can use for this, but you only need to choose one. Using both will just waste your time -- you won't gain any additional security from it. The tools are Sysinternals "sdelete", and Eraser. "sdelete" is a command line tool, but I feel that it's easier to use then eraser, so don't let that scare you away! "Eraser" is more full-featured, lets you schedule tasks, integrates with the shell, etc... but for a one-time wipe, it might be more than you need.

A word of caution: The process I am describing will wipe out the FREE (empty) space on the drive. It does not destroy data that you have not already deleted. However, each of these tools also has the capability to destroy your real data, so don't mess around unless you know what you are doing. Once you do this, you will not be able to "undelete" anything by using an "undelete" program. This procedure will NOT destroy data stored in Vista "Previous Versions".

Before You Begin

This process is a very disk intensive process. It may slow down your system while it's running, and you should not run other disk intensive processes at the same time, such as an anti-virus/spyware scan, large zipping/unzipping of files, etc... Doing so will drastically slow down both processes, and could potentially overheat your disk drive.

Using "sdelete"

  1. Download sdelete from Sysinternals/Microsoft: sdelete
  2. Open the zip file and copy the "sdelete.exe" file into a place you won't lose it, like "c:\"
  3. Open a command prompt as administrator. Find the command prompt in the start menu, right click on it, and select "Run as Administrator". If you're on a version of Windows other than Vista, you won't find this option and you can open it the regular way.
  4. At the command prompt, type:
    cd c:\

    then press [Enter]

  5. To start the process, type:
    sdelete -z -p 3 c:

    The "-p 3" tells sdelete to run 3 passes. You can change this amount if you want (I usually use 1 pass), but 3 should be more than enough.

  6. Wait. This is going to take a while, probably hours, depending on the size of your drive. During the process, you may receive "disk full" warnings from Windows. Don't worry about this, but you need to be aware of this in case you are also doing other things on the computer at the time. Some applications may not respond nicely to running out of disk space. Once sdelete is done, you will get all of your space back.

Using Eraser

If you used "sdelete" above, you do NOT need to use Eraser.

  1. Download and install eraser: Eraser
  2. Once you have it installed, start Eraser and the main window will appear:
  3. Next, we want to change the method used to erase the free space because some of the methods are overkill. Open the erasing preferences box by going into "Menu: Edit / Preferences / Erasing..."
  4. Select the "Unused Disk Space" tab and make sure "Pseudo random Data" is selected. Then press the "Edit" button.
  5. Change the number of passes from 1 to 3. Even 1 pass is plenty to wipe away data, but 3 will certainly make sure of it. Then press "OK" and then "OK" again to get back to the main screen.
  6. Now we will make a new task for Eraser to tell it to erase all of the free space on the disk. Go to "Menu: File / New Task..."
  7. In the task properties, select the drives you want to clean. You can also tell Eraser to shut down or reboot the computer when it's done.
  8. Press "OK" and you will see the new task listed in the main window
  9. To run the task, right-click on it, and select "Run..." from the menu
  10. You will be presented with a warning, so make sure this is really what you want to do!
  11. Eraser will start running, and it will show a progress bar:
  12. Wait until it's done. It will probably take hours to run, so you'll want to go do something else.

F-A-Q

  • Why not use the Gutmann Method? The Gutmann method was devised in 1996 to deal with this issue for hard disks of that time period. It uses 35 different patterns to account for the variety of ways data was stored on those disks. Hard disks of today do not use the same methods to store data, and so most of those methods are no longer needed and would only result in wasting time, and not additional security. Peter Gutmann himself acknowledges this in the epilogue to his original paper on the subject. To quote, "For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do."

UPDATE:
Recent versions of Windows have a built-in command that can also wipe free space, "cipher".

To wipe free space using "cipher":
cipher /W:X:
where "X" is the driver letter you want to wipe.

I've found what works best is a ball-peen hammer. It's very easy to turn those platters into dust. It's the only sure way to make information on a drive irretrievable.

I had used Eraser before but did not know about 'sdelete'. Very nice to have in my folder of CLI utilities.

For whole drives that are to be permanently retired I use an old Radio Shack VCR tape eraser. It's an AC powered electromagnet that is powerful enough to pick a lightweight drive up off the table. A few seconds of BRRRRAAAPP! and that drive is toast! Very handy. Hammer not required.

Regards,
-felipe

wow - well done post, you answered everything that was on my mind in regards to freeing up some disk space. I appreciate the time and effort you put into getting this together.

Many Thanks!

That's absolutely true. With the time and the technology all of data taking drive method has been changed. We can get more than more powerful hard drive on yet. Your tips and trick are really appreciated, also its help me get the solution of my queries. I had used this method two times on my PC with operating system XP. I had got my solutions even I have one more query on my mind yet, I hadn't tried it on windows 7 OS. Did it work on windows 7? I have found windows 7 OS it really advance to use, I would like to use on it as well. I hope you will help by giving some useful conclusions.