E – Erasing Files Securely

In the digital world, nothing is ever truly erased – at least, not without special measures. When a file gets deleted from a normal computer, it goes to the Recycle Bin. However, even when the Recycle Bin is emptied, the data still exists on the computer. Specialized software and equipment can “undelete” files, whether they’ve been deleted or even formatted from the hard drive. This presents a variety of risks, even for those with “nothing to hide.” For instance, a hacker could extract tax forms, bank statements, and other secure information that the user thought was safe. Fortunately, there are a couple of ways to truly delete this data. 

In the first method of erasure, the user requests a “secure erase” from the hard drive. The hard drive firmware then processes this request, hopefully blanking out the data and removing it from the media. Because this relies on the hard drive firmware, it’s harder to verify, and may only work on certain models; thus, this should only be used on data requiring less security. 

For a safer and more reliable alternative, the user can overwrite the data one or more times before deleting it, which prevents recovery. If this method is used, the first several passes of data should be random, but the last should blank-out the data. By finishing with blank data, this makes it less obvious that data previously existed there. 

Though technically possible to accomplish manually, the easiest way to securely delete files is to use pre-made tools. On Windows, the SDelete tool available from Windows Sysinternals is possibly the best solution. Though slightly confusing, as it runs in the command prompt, SDelete is an official tool from Microsoft which can securely delete files within a few keystrokes. SDelete and its associated guide are available here: 

Author: Grey Ruessler, IT User Services


McDowell, M & Lytle, M. (2010, July 13). Effectively erasing files. Department of Homeland Security: CISAhttps://www.us-cert.gov/ncas/tips/ST05-011