Purge your Hard Drive


This article is about getting rid of sensitive data on your hard drive. You may be replacing your hard drive with a bigger one. You may be selling your computer or giving it away. You may have decided that it's time to encrypt your sensitive data instead of leaving it exposed in the clear. You realize that you need to purge your hard drive of all sensitive data before you take any of those steps. That could be trickier that it seems.

Computers lie. I'm sure you find that shocking. ;-) When you delete a file in Windows, the file is not deleted! When you remove it from the Recycle Bin, the file is still not deleted! Yes, the file name is hidden, but the file's data is still there on your hard drive. All the Windows file system does to "delete" a file is "release" the space for future use. Not only do computers lie, they're lazy too. :^)

Another problem: operating systems are messy. They leave behind all sorts of echos of the data they access or process -- swap files, temp files, hibernation files, shadow files, etc. Many programs also scatter axillary files around in obscure locations that are hard to find. How are you ever going to find all of this junk?

Programs are messy too. For example, your browser may store sensitive information, such as passwords and account numbers in files you never see. Perhaps worse, you may have misplaced or forgotten files that contain sensitive information. You've got to know what you're doing when you purge a hard drive, particularly one you've used a long time.

There's also the hazard of physical access to your PC or laptop. A snoopy guest or burgler might gain access to your computer. You might forget your laptop somewhere, or have it snatched from you. But that hazard is outside the scope of this article. You need encryption, or even full-drive encryption to protect yourself from loss of physical control. ;-)

Don't be mislead by careless use of terms

Work with me here. :-) When you do a "clean install" of Windows (upgrade or reinstall), you need to get the old files out of the way first. To do that, the installation disk (CD/DVD) formats the drive or partition. That's often called wipe, erase, or clean as well as format. But it's a "quick" format, and it merely removes the index to all the files. It does not bother to remove the old file data.

Unfortunately, the terms wipe, erase, and clean are also used in the context of purging sensitive data. But here they have a totally different sense. If you want to purge sensitive data, you need to shred it, not simply cross it out. That gives wipe, erase, etc., a whole new meaning for this job.

At this point, you probably sense that purging your hard drive to protect sensitive information is not a simple task that any simpleton can do. If you're going to do the job, you might as well take the time to learn how to do it right.

Fitting the effort to what's at risk.

See programs to shred and wipe files with below.

Method 1: Minimum effort — moderate risk: Suppose that you have never had any highly sensitive data on your PC, and you decide to just perform a "clean" installation of Windows. This method starts by formatting the partition. Formatting will leave all of your old files behind, and although many of them will be overwritten in the next step, some of them will remain. In effect they are merely hidden in plain sight. Even files that have been overwritten can often be recovered with special software.

You may be satisfied that this is good enough. A "restore" process, using the original CD that came with your PC produces nearly the same results as a simple "clean install". Restoring from a drive image, such as one made with Acronis True Image will potentially leave more sensitive files though. You should consider Method 2 in that case.

You could also follow the reinstall/restore process by wiping the free-space on your drive. Any residual files would be shredded.

Method 2: More effort - less risk: Suppose you've used your PC for online banking and other financial transactions. First, shred all the sensitive files you can think of. Second, delete all the sensitive information from your internet-facing programs, particularly your browser(s). CCleaner is a good program to do that with if you're not sure how to do it directly. Third, remove unneeded temporary files. They might contain forgotten but sensitive information (CCleaner can do this too). Fourth, empty your Recycle Bin because it may also contain old sensitive files, and they will not be wiped in the next step unless you do.

Fifth, wipe all the "empty" or free space on your hard drive. That's because the "deleted" files are still there — remember? The minimum you'd want to do is overwrite every data bit with zeros. It's best to overwrite the empty space with multiple passes of random data. That's what special wiping/purging/erasing software does if it's any good. This step can take several hours. Now that you have it clean, you need to keep it clean.

Method 3: Maximum effort - minimum risk: Even if you use a free-space wiping program, you may still leave sensitive files on your hard drive. What about those passwords that you forgot your browser other program saved? What about the files that you've forgotten? What about stray files? They're stored somewhere in an active file that won't be purged by a free-space wipe. The same thing is true for backups that contain sensitive data. Then there are temporary files laying around, and if you don't have Windows Explorer set to show hidden files, you're likely to have some of them that you also need to delete. And how do you know you've found them all? Even your "swap file" (virtual memory) and "hibernate" file can contain sensitive data. Oh bother. ;-)

If your objective is minimum possible risk, it's safest to assume that you don't know every last place where sensitive information is stored. Thinking practically, you need to eradicate everything on your hard drive or partition(s), and start over again.

First you must extract all the files and data that you want to keep. As discussed in "Keeping it clean" below, you should consider encrypting those sensitive files where you're storing them at this point.

Finally, you want to wipe all the space (partitions or the whole drive) that you want to purge. Now there is no chance of any sensitive data remaining. The minimum you'd want to do is overwrite the space with with zeros. It's best to overwrite all the space with multiple passes of random data though. That's what special wiping/purging/erasing software does if it's any good. This step can take several hours.

Now you can re-install, restore, or upgrade Windows if you want to continue using the hard disk. You'll be doing what is sometimes called a "bare-metal" install, and since you wiped the drive first, no traces of your old files remain. Now that you have it clean, you'll also want to keep it clean.

You may need the CD for your previous operating system in order to complete an upgrade using the "clean install" method. You might even need to install the old version first, and then start the upgrade version from within the old version. There's also a trick for performing a clean upgrade to Vista.

4. What about a dead hard drive? You may not want to just throw it away though, because it's often easy to recover data from dead hard drives. Fred Langa has some ideas on how to prevent that.

Keep it clean

What if you're going to keep using your hard drive instead of disposing of it or the computer. Now that you don't have any sensitive data on it, you want to keep it that way.

The best plan is to encrypt all your sensitive data as you go, rather than using an intermediate step where the data is in the clear. That way there's never any sensitive data to remove. I have used both SafeHouse and TrueCrypt. They both worked flawlessly. TrueCrypt was a bit less confusing to use and it is free.

Here's how to get your sensitive files safely tucked away in an encrypted volume. The first step is to create the encrypted volume. Then you copy the file(s) to the volume (which functions just like a hard drive while it is open). Finally, you need to shred the file(s) that you copied from.

Here's how SafeHouse explains it:

SafeHouse keeps your confidential files in large protected container files which can range in size from a few megabytes to hundreds of gigabytes. In a way, they're sort of like folders.

Some people like to refer to these special files as safes or data vaults, because each one is protected using a password known only to you. In SafeHouse, we call these files "volumes", which is simply a fancy term which has gained popularity over time for describing this kind of technology.

SafeHouse volumes can hold as many files in them as will fit. And if you do ever run out of room, you can easily make your volumes bigger. You'll create your first volume when you install the software; however, there's really no limit to the number of volumes you can create. The only limit is the amount of hard drive space available on your PC. Volumes can also be located on external drives and removable media.

There's more to keeping it clean than just those few paragraphs. I hope to fill in more of the details some day in another article. Meanwhile, you could install SafeHouse or TrueCrypt, and read the manual yourself: ;-)

Programs to wipe or shred with
CCleaner is a good tool to use first. In fact, now that it wipes free disk space, it could be all you need to purge your hard drive. In cleaning Internet Explorer, for example, it removes temporary files, history, cookies, form history, and also the index.dat file, which could leave sensitive remnants behind. CCleaner also conveniently removes temporary files.

Update: NecroFile is pretty much dead {pardon the pun}. However I have discovered Eraser, an Open Source program, and Hard Disk Scrubber, which are better. :-) They can both "shred" files and folders, and "wipe" free disk space. Wunderbar!

http://www.killdisk.com/ -- KillDisk is a program that you install on a floppy disk or CD, and then boot your computer. There are free and "pro" versions. KillDisk can completely purge your hard drive, or wipe empty space. You'll need your original Windows or recovery disk to reinstall the system software if you purge the hard drive.

Darik's Boot and Nuke (DBAN) is an excellent program for completely wiping hard drives. As the name might imply, you create either a bootable CD or bootable floppy with DBAN, boot your computer, and "nuke" any drive or partition that you want to wipe clean.

Shredding a file is much like shredding a paper document. The idea is to (digitally) chop up the space where the file was so that it can't be put back together again. It takes special software to do this right. Most shredding software can also shred entire folders full of files.
Wiping is much like shredding files, except that the wiping process covers a much wider swath. It might be all the free space on a partition, or a whole partition or drive. It won't wipe files that you've forgotten about or don't know about though. :o)
Free space
Storage space that is not currently allocated to files by the file system. It could be space that has never been used, or space that has been de-allocated, but that still contains all the data of files that once were indexed by the file system. That's where your sensitive data could be lurking.
Notes and references
Note: I have not verified the following information, but it would have been the right thing for Microsoft to do. I've read that while a full format with Windows XP does not erase all the data (files) on a partition, a full format with Vista does. However, a Vista (or Windows 7) install disk does not perform a full format, and you can't format the system partition (e.g., C:\) from the system partition itself, so I see no way to do a full format of the system partition with Vista. The question remains, how deeply the is the data erased (on other partitions that you format)? Probably it's just a one-pass, reset-all-bits-to-zero wipe. Good enough for most situations, but not military-grade security at all. ;-)
  1. Hard Drives Exposed
  2. Avoid Data Theft: Clean Your Old Hard Drives (Be sure to go on to the second page.
  3. Wipe hard drive clean or risk ID theftPage 2