Several tools like CCleaner and Eraser allow you to wipe unallocated space on your hard-drive. To wipe data that has yet to be deleted, as well as to wipe the partition table itself, a tool like DBAN or anything equivalent that zero-wipes the drive would be needed, but for data that has already been emptied from the Recycle Bin or "permanently" deleted from within Windows in some other way, is it sufficient to wipe unallocated space to make that data irrecoverable?
If it isn't sufficient, then what exactly is the purpose of these tools, and are they as much of a gimmick as being able to use CCleaner to run 35 zero-write passes on a drive?
Answer
... for data that has already been emptied from the Recycle Bin or "permanently" deleted from within Windows in some other way, is it sufficient to wipe unallocated space to make that data irrecoverable?
It depends on how "irrecoverable" you need to make that data.
Since the file system allocates pieces of the hard drive in multi-byte clusters, you might find parts of deleted and wiped files in clusters that are shared with files that have been created after the deleted files were deleted.
Since that was confusing to read, here's an example:
Windows 10 uses the NTFS file system, which by default allocates space on the hard drive for files in 4KB clusters for HDDs smaller than 16TB. Let's say you download a file - foo.txt - that is 4KB in size. The file system allocates the 4KB cluster B
to hold foo.txt. Now you delete foo.txt, and then download bar.txt, which is 6KB in size. The file system allocates two 4KB clusters to hold bar.txt: A
and B
. It write the first 4KB of bar.txt into A
, and the remaining 2KB into B
. The rest of B
holds the last 2KB of foo.txt still. Now you run your free space wiping tool, which, since it operates at the file system level, bypasses cluster B
because it is occupied by bar.txt, so at the end of that wiping, the last half of foo.txt remains on the hard drive:
Download foo.txt:
A B
|********|ffffffff|
Download bar.txt:
A B
|bbbbbbbb|bbbbffff|
What does this mean? Well, if you want to pass your old computer on to a friend, you can remove all of your data, wipe the free space, and pass it on with the OS and programs intact, secure in the knowledge that you will not be embarrassed by anyone finding your old bank statements or love letters. If your computer holds secrets valuable enough for someone to spend lots of time doing a bit-by-bit examination of the hard drive to recover, you'll want to do a complete wipe, such as what DBAN does.
No comments:
Post a Comment