Skip to main content

Overwriting Deleted Files in Windows

 Once a file is deleted, most operating systems will still hold on to the file. The link between the operating system and the file is removed, but the data is still on the disk waiting to be overwritten or used for something else. A common utility seen in the wild is Eraser but it's a bloated utility that takes a long time. It's a good utility if you really need to overwrite a Windows machine more than 3 times - but the use case for this is minimal. 

pause: this article surrounds mostly HDD, as files are recoverable on these drives if not overwritten. For SSDs, this is just going to cause more wear to your drive!

An underutilized tool is cipher. In Windows, it displays or alters the encryption of directories and files on NTFS volumes. But, with the option w it overwrites deleted files and empty space of a drive. You can use it on the same drive the OS is located, external drives, and removable media. It's easy to use! If your OS is installed on C: and you want to remove all your deleted files and empty space try cipher /w:C or replace C with the drive letter.


The process doesn't take long, but it is a good idea to not only close applications it recommends, but to close background processes as well. My favorite shortcut for the Task Manager is Ctrl + Shift + Esc, make sure to close as many background processes as possible while this is running.  

The best use case for this is when getting rid of HDDs before reusing them elsewhere for other purposes. In lab setups, this can be quite useful. 

Do you overwrite space on your HDDs? Why or why not?

Fun fact! Did you know modern OSs already scatter data around when writing to a SSD to more evenly wear it and reduce malicious recovery? Cool!


Labels:

Comments

Post a Comment

Popular posts from this blog

Wardriving OSINT & SE

 Disclaimer: do NOT use this information to be a jerk. Don’t try to get the location of my examples, or you’re a big meanie. There's already a post out there about tracking people with wifi. It's helpful for those who use a hotspot or maybe a vehicle hotspot. I believe a personal device that broadcasts Bluetooth is more likely than a hotspot.  Tracking What wardriving can’t do = track people via Bluetooth devices Or shouldn’t be able to work. Most modern Bluetooth devices use MAC randomization, which changes the MAC address of the Bluetooth device at random. Even if you can track a device it may only be short-term, as it’ll change again.  But sometimes they don't turn over to a randomized MAC. Do what you will with that. If you want to see how easy it is to make a random MAC go here . But what if you only need a short-term answer? Better start stumblin’. Let’s forget the purpose of needing that MAC address long-term. With all MAC addresses, OUI can tell you what the
Post a Comment
Read more

The big list of remote job openings

From a conversation in my Discord ; one member brought up a lot of the best remote jobs and job boards come from Twitter. This is a decentralized way of distributing information, which is better than not sharing the information but can be hard to find.  This list is not a replacement for that, but it's pretty close. Here's the master remote vacancy list for remote jobs in the United States. This job board is in no way just for IT jobs, there are all sorts of jobs from sales, teaching, upper management, data entry, design, customer service, and more. Take a look if you're looking for a new job.  Some Tips: Try searching the full row for the job in Google. There are better job boards where the job posting is more up to date; instead of using the link provided. Don't spam one company, make sure if you're using the shotgun approach, you aren't letting the companies you're applying for know that There's a lot of advice on how to get a job online. Some of you
Post a Comment
Read more

Common techniques for accessing phishing attacks

Can't load the phishing site that you know is there? Here to do some incident response or some SOC tasks? If you’re attempting to respond to an incident or just investigate some phishing pages, you may find that they are inconsistently accessible. Fraudsters will make phishing sites less available to their non-targets to curb their detection. Here’s what to know about phishing attacks and how to access them. What is a fake 404 page? It’s pretty easy to make a fake 404 page to display. <html><head> <title>404 Not Found</title> </head><body><h1>Not Found</h1>                  <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>                    <hr>                    <address>Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at localhost Port 80                                <style>  
Post a Comment
Read more