Securely Erase Data With Cipher, a Built-in Windows Tool

8 Comments

While there are plenty of tools available for securely wiping a disk, overwriting the data with a stream of random bits and obliterating it completely, for Windows users, there is another option: cipher.exe, a built-in Windows command line utility. While it’s not as convenient or user-friendly as the third-party tools, it’s free, it comes with the OS — and it works.

Cipher can be used to both encrypt and decrypt data , but using it with the /w switch enables you to securely erase deleted data from a directory. So, for example, if you’d like to erase the contents of a folder called “SECRET” that lives on your C: drive, you need to first ensure that you’re logged in as an administrator, then go to the command line (click Start->Run, then type “cmd”) and enter:

cipher /w C:\SECRET

Warning! Use this tool with caution — once data is erased using this method it will be irrecoverable.

(Mac users: You can do something similar using the “Secure Empty Trash” option, available through the Finder.)

What tools do you use for securely erasing your data?

(via gHacks)

8 Comments

MB

the command should be
CIPHER /W:C:\secret
Note the colon after the /W

bk

Hmmmm. Are you sure about that? The way I read the command’s help description (cipher /?), it wipes the unallocated space on the volume on which the specified folder resides. Doesn’t say anything about deleting the folder or its contents.

And executing the command, you can see that it doesn’t delete the specified folder, but it does do a lot of disk writing, consistent with the documented action.

So, I’d say that the way to securely delete c:\secret is to delete the folder and its content first, then use cipher /w, like this:

rd /s c:\secret
cipher /w c:\

This does what you want. Takes a really long time, too.

bk

bk

Hmm, those are supposed to be two separate commands:

rd /s c:\secret

cipher /w c:\

JD

“using it with the /w switch enables you to securely erase deleted data from a directory”

I don’t think the confusion is about erasing deleted data as it is about the amount of data erased. The command appears to erase ALL deleted data on the ENTIRE volume. The directory is immaterial and only serves to identify the volume to clean.

Comments are closed.