4.4. Securely Deleting a File

Problem

You want to delete a file so that it cannot be retrieved by undeleting it.

Solution

Using a command-line interface

Use the Sysinternals sdelete.exe command to securely delete files:

> sdelete <FileName>

Use the -p option to specify the number of passes to overwrite the disk segments. The more passes, the less likely the file can be recovered.

The -s option can be used to recursively delete everything within a folder:

> sdelete -p 4 -s c:\logs

Using VBScript

' This code runs the sdelete command
' ------ SCRIPT CONFIGURATION ------
strCommand = "sdelete -p 5 c:\logs\tue.log"
' ------ END CONFIGURATION ---------
set objWshShell = WScript.CreateObject("WScript.Shell")
intRC = objWshShell.Run(strCommand, 0, TRUE)
if intRC <> 0 then
   WScript.Echo "Error returned from running the command: " & intRC
else
   WScript.Echo "Command executed successfully"
end if

Discussion

When you delete a file through Windows Explorer, it is sent to the Recycle Bin. You can use the Recycle Bin to restore the file to its original location or you can permanently delete the file by emptying the Recycle Bin. But wait a second—the file doesn't really get deleted when you empty the Recycle Bin. All that happens is that the link to the collection of bits on the hard disk that make up the file is deleted. The bits that make up the file are still present on the disk. And it stays like this until the file system overwrites those bits with a new file. That means that if a bad guy stole your computer, he could run a program to examine the hard drive and restore files that have been previously deleted and not overwritten. That is, unless you securely delete the file using the Sysinternals Sdelete program. Sdelete works by writing random characters to the bits that made up the file before. This prevents programs from piecing the file back together. This doesn't prevent someone from restoring a previous copy of the file from backup, but someone won't be able to take the hard drive and restore a deleted file on which you used Sdelete.

Tip

You can also use the cipher tool to overwrite deleted data. See MS KB 814599 for more information.

See Also

MS KB 136517 (How the Recycle Bin Stores Files), and MS KB 814599 (HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows Server 2003)

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.