privacy software - secure deletion of contents of recycle bin

Phantom also wrote this post:

He seems to contradict himself in his next post. I believe he is right in the first post, saying the same thing I wrote. I think the answers to both of your questions are no.

As for storing it in "info" as he says in his second post, that is very old. Windows 95 used "info" Win98 used info2. Windows XP uses two different ways of manipulating the Recycle Bin based on the filesystem used. It's either "Recycled' on the C drive or Recycler on the disk the info was deleted from.

In fact, some privacy programs create there own version of a "Recycle Bin" which actually securely moves the file to the bin and then when the bin is securely erased there is no remaining original file on the disk.

The only possibility is that some programs (maybe ERASER?) actually reads the information in the Recycle Bin and then erases the original file. But, most programs with "secure deletion" of Recycle Bin simply don't do it.

Of course, I am not perfect. But, based on my own research, I think I am correct. But it's not like I've never been wrong before.

 

Okay, I ran my own tests and here's what I found.
Windows XP Pro SP2 120GB HD with 100GB free space and nothing in the recycle bin.
The hard drive contains a 2GB file along with other data.
I put the 2GB file in the recycle bin.
The file instantly appears in the recycle bin with no noticeable hard drive activity.
The free space remains at 100GB.
This proves several things:
1. The file is not copied or moved, just a pointer(shortcut) is created in the recycle bin.
2. The free space did not increase by putting the file into the recycle bin.
This proves that the original physical location of the file on the hard drive is protected by the OS from being overwritten while the file is in the recycle bin.
Otherwise, the free space would have increased by 2GB by putting the file into the recycle bin.

I then empty the recycle bin.
The file instantly disappears from the recycle bin with no noticeable hard drive activity.
The free space increases to 102GB.
This proves that upon emptying the recycle bin, the original physical location of the file on the hard drive has been released and is ready to be overwritten by the system (there are 2GB more free space).

I created a new 2GB file.
The free space is 100GB.
I put the 2GB file in the recycle bin.
The free space is still 100GB.
I then Erased Recycle Bin (Eraser 35 pass).
Eraser showed it would take about 72 minutes to erase and there is a lot of hard drive activity.
This proves that it is not just the pointer that is being erased, but the original physical location of the file on the hard drive.
After erasing the file, the free space is 102GB.

So.....

The answer is yes, Phant0m is correct.

The answer is yes.

The answer is yes.


Here's The Bottom Line:
-----------------------
You do not have to wipe the hard drive free space if you use Eraser to Erase the Recycle Bin.
If you just Empty the Recycle Bin, then you do need to wipe the hard drive free space.
You can securely delete a file simply by putting it into the recycle bin then use Eraser to Erase the Recycle Bin.
If you want to securely delete the file at once, just right click the file and select Erase.

P.S. the C: drive recycle bin folder in Windows XP Pro is also named RECYCLER.

 

Yes, Eraser is has the most simple interface and full option to secure erase anything.

Eraser let you terminate any files by a right click option, don't even need to goto recycle bin. But no matter how you use Eraser to devastate a file, if you want to check if it's secure del, use a file recovery program and scan the harddisk for the file you del, then you'll know if it gone, if you forgot to "erase" it, then you can go ahead with a earse unused space.

Thus if you want to leave no tracks or marks,
I will suggest this:

clean up all temp files, cache, Temp Internet Files, etc
Then run Eraser's erase unused space to clean up the mess.

P.S. for the unused space clean up, I suggest to make a option only using 0s and run over the harddisk for only once if you feeling dam sure or twice/3 times if you want to do it just to sure.

 

Genady Prishnikov



I didn’t contradict myself; but I just weren’t going into great details for the untrained eyes.


1st post - “When you delete files to Windows Recycle Bin all the data remains on your hard disk …”

• When you put files in the Recycle Bin, do you not normally right-click on-it and go-to ‘DELETE’? (‘When you delete files ‘to’’ Windows Recycle Bin …), sorry I was trying to keep it real, what people are familiar with.

2nd post – “… when a file is normally deleted it’s not moved anywhere but only assigned to Windows Recycle Bin, the physical location of the actual data does not change here and ...”


1st post – “… what actually happens is the file system's pointer to the file (a reference / entry) gets moved …”

* Create a file C:\AAA.txt now access MS-DOS / Command Prompt and type; CD \
Then type; MOVE AAA.txt BBB.hidden
When moving a file it doesn’t necessarily mean that it’s going into another directory or even with the same named file system’s pointer…

Please explain this, how I contradict myself so I can avoid some possible future issues, thanks.

 

Hi Devinco

Yes on both accounts, and I’m glad you didn’t wait and have investigated for yourself, now you know the facts from fiction that gets published on public forums and several times a day…

 

There's an interesting article here: http://www.niiconsulting.com/checkmate/2006/06/file-slack-vs-ram-slack-vs-drive-slack/ which points out the need to make sure a program such as Eraser has all the freespace wipe options checked.

Actually, the whole site contains a wealth of information that you'd never really think about unless you were in the computer forensics business. Go back through all the monthly newsletters (Archives) listed on the right-hand side of the main page: http://www.niiconsulting.com/checkmate/ and read them.

Did all my own "tests" a long time ago, and Eraser's so darned good I contributed. Have also used SDelete: http://www.sysinternals.com/Utilities/SDelete.html (not as comprehensive since it does not securely delete file names when cleaning disk free space) and own a registered full version of Clean Disk Security ( http://www.theabsolute.net/sware/clndisk.html ).

All these programs have pretty comprehensive explanations of what's going on with secure erasure and why it's needed, in their "Help" files, on their web-pages or both. It's not like it's a secret and can't be found out, learned and utilized by the average user. You just have to want to learn and utilize effective procedures.

Outta here. Pete

 

If I'm not wrong, I think Secure Delete is just a "light" version of Heidis Eraser. The interfaces are identical. The only thing missing in Secure Delete, that exists in Eraser, is the option to clean free space, which would explain the non-fuctional interface option in Secure Delete.

 

Very good question and discussion Devinco as usual. I used to wonder the same too. Cos I was pretty lazy, and I found it easier to send files to the recycle bin then erase everything in the recycle bin at one shot, rather than erase each file one by one.

I figured the same as you, it probably made no difference, but it's nice to have it confirmed.

 

when i used windows i always deleted files where they were because moving them moves/copies the file and not the pointer. that doesn't happen with Linux, Linux moves the pointer.

you can securely move files using eraser though using "Secure Move With Eraser"

right-click the file you want to move, drag (while still holding the mouse button), then unclick and select - Secure Move With Eraser

 

i just tried to boot into windows but i must have installed something else over it. i was going to see if a file gets moved to the bin, or the pointer is changed. i've read more of the thread now and see it doesn't get moved.

the bin must be the only place which doesn't move the file. moving it anywhere else makes a copy and deletes the original pointer doesn't it? that's what i thought anyway.

 

LOL, I have done up lengthily post in response to your first and ended up seeing you post an update and now have to re-do my post for in response to you…

Two posts that should be seen at minimum are post #21 and #27…

Also regarding Heidi Eraser ‘Eraser Secure Move’, I think you may have the wrong concept of it, stated in Eraser’s ‘Help’ file – “When moving files or folders across drives, the operating system is forced to delete insecurely the source files after copying them to the new location. The Shell Extension allows you to securely move files, erasing the source files after copying them.”

 

I was just about to post over at MntOlympus but since you're here I won't.
Are you saying that this option in Eraser is not needed if another secure eraser was used; other than yours, for instance SDelete (here)? If not it might be a good idea, if possible, to add the 'Secure Move' option to the context menu....then it will be the best.

 

the bin is the only place which doesn't make a copy of the orginal file when it's moved. i know this because you can see files being copied in XP when you move them around the OS if you turn off file indexing. the bin is the only place where a file can be moved to instantly, move it anywhere else and it takes more time.

if the file has been moved from it's original place, then to the bin, the original file will still be on the HDD, but without a pointer, and the bin's copy will be erased by the eraser.

Phant0m
i don't have windows so i can't test to see what eraser's Secure Move does. i know i've used it in the past and thought it erased the original copy leaving the HDD with just the one file - where it is moved to. that's how it looked to me when i used it. i'll take your word on it though

 

Hi n8chavez


No I believe this to be a very convenient feature and should be seen across the board of secure deletion products, it beats the alternative method which involves some clickings, copy NOT move an then securely delete the original file

 

Hi iceni60

The only way it’ll be making a copy is if you do a Windows ‘COPY’, but MOVE or ‘CUT’ to the same drive doesn’t duplicate, make copies.

 

My my D, my celtic humour drew blood. The means embarased, since I said you guys all must have interesting waste baskets and then I purge mine I thought the contidication I had would be funny! I guess not.

PS I also use a paper shredder, but I don't want to end up in F wing being treated for being a

Every one has things we are not proud of in our pasts... I'm no exception.

 

The only blood drawn was the blood of laughter, that's why I said it was funny and made a big grin . So your humor was successful.
Humor is a great way to get a message across, so please continue.
The statement about our right to privacy is important so I said it.
It was not directed toward you.

Cheers

 

Not that there is a question about securely moving a file, but in case there is still a question, I thought I'd test it too.

Here's what I found.
The test computer has Windows XP Pro SP2 100GB HD in two partitions C: 20GB and D: 80GB.
The test computer also has another 120GB HD in one partition E:.
The C: partition contains a 2GB file in the root folder C:\ along with other data.
I moved the 2GB file into a new folder on the same partition C: (by right dragging and selecting Move).
The file instantly appears in the new folder with no noticeable hard drive activity.
I repeat the procedure, this time cutting and pasting the 2GB file from the new folder to the root folder C:\.
Again, the file instantly appears in the root folder C:\ with no noticeable hard drive activity.
This proves that moving or cutting and pasting a file within the same partition only moves the file pointer.
The original physical location of the file on the hard drive remains the same.
This also proves that there is no benefit to securely moving a file within the same partition.

It is very different when a file is moved to a different partition or hard drive.
I moved the 2GB file From C:\ to a new folder on the partition D: which is on the same hard drive.
The file took a while to appear in the new folder on the different partition and there was significant hard drive activity.
I repeated the procedure, this time cutting and pasting the 2GB file from the new folder on the D: partition (on the same hard drive) to the root folder in the C:\ partition.
Again the file took a while to appear in the root folder C:\ and there was significant hard drive activity.
This proves that moving or cutting and pasting a file to a different partition makes a copy of the file.
The original physical location of the file on the hard drive has been released and is ready to be overwritten by the system (there are 2GB more free space). But it is still there on the partition ready to be recovered.
This also proves that you should securely move a file when moving to a different partition.
The same result occurs when moving a file to a different partition on a different hard drive.

So...
If the file is being moved within the same partition, you do not need to use Secure Move with Eraser. There is no benefit. There is also no harm, other than wasting time.
If the file is being moved to a different partition on the same hard drive or a completely different hard drive, you should use Secure Move with Eraser.
Otherwise you will need to wipe the free space on the Hard Drive.

 

Yea, I forgot to specify down to same partition instead of saying same HDD, now days almost everyone has a split partition. Thanks for mentioning it here

 

Hi Pete,
Niiconsulting.com is an excellent site, thank you for pointing it out. The articles are very informative.

The Cluster Tip Area option in Eraser should take care of File Slack(both RAM slack and Drive slack) when securely deleting files, securely moving files, and Erasing the recycle bin.
The Eraser Help file shows the Cluster Tip Area option as:

And while you don't need to Erase Unused Disk Space if you just want to securely delete a file, securely move a file, or Erase the recycle bin, the article shows how much hidden data can be recovered from apparently "empty" disk space. Just by normal usage everyday, tiny bits of old and new data are left inside every file in the Cluster Tip Area (File Slack).
So at least an occasional wipe of the Unused Disk Space (including all the Overwrite options) is a good idea. Just schedule it in Eraser and we are good to go.

Thanks again!

 

Devinco - You're quite welcome.

 

Thankyou all for your contributions.

Phantom's Secure Delete seems to be a very convenient answer to my problem - that Tracks Eraser will not securely delete files from the recycle bin. Acesoft say that they are considering adding the function to the next version of Tracks Eraser.

I noted that one of the contributors was concerned that Tracks Eraser may not delete all index.dat files, and recommended using Index.dat Suite, but, although I did not test extensively, I did not find any instance of the latter program detecting such a file after running Tracks Eraser with the option to delete such files selected.

I wonder whether there is an angle still uncovered? I gather that when a file is moved from one folder to another within a drive the pointer is moved but that the data is not. But what if the file is moved by defragmentation software such as Diskeeper? Presumably in that case the data is copied to its new location, and then the pointer is amended to the location of the copy data, leaving the original data on the disk, in what would have become free space when the pointer was amended. If so, then disk defragmentation will rapidly litter the freespace with data that is not securely deleted, and frequent cleaning of free space will still be necessary notwithstanding the operation of measures to secure delete the contents of the recycle bin.

Any comments or solutions?

 

If you're concerned about fragmented files not being over-written, then defrag and run Disk Maintenance with all options selected before running a free-space wipe. (That's one of Index.dat Suite's strong-points - it has an option to defrag all drives when it runs at next start-up).

You can always tell if this will work by simply running either RecoverMyFiles or File Recover and searching for the extension-type of the file you're wanting to be sure you're rid of.

My concern with TEP wasn't that it doesn't over-write the index.dat files that it finds (it does), but that it wasn't finding the same quantity of index.dat files that IdS does, and thus could be missing some. Pete

 

What happens if you get a knock at the door while you are still in your session?

-rich

 

I go answer the door, of course - what do you do?? Pete