How to Erase Private Data Permanently

It is believed that a lot of Windows users have saved private or sensitive information on

their hard disk or removable storage device, and most of them know it is a must to clear

these files when they are no longer useful so as to avoid privacy leakage. Well then, what

measures are you taking to erase private data permanently?

--Source from

http://www.partitionwizard.com/partitionmanager/how-to-erase-private-data-perma

nently.html

Commonly Used Ways to Erase Private Data

Here we list 4 commonly used ways:

1.Right click the useless file, choose “Delete” command, and then empty recycle bin.

2.Select the target file and delete it via key combination “Shift + Delete”.

3.Delete the entire partition which saves sensitive information in Disk Management

(Windows built-in disk management tool).

4.Format the partition with “Format” command.

Which way you have used or plan to use? As a matter of fact, all these ways cannot clear

files thoroughly, and a piece of data recovery software can make data recovery possible.

What’s the reason?

Why Deleted or Lost Data Can be Recovered

To answer this question, we need to know the essence of deleting a file, deleting a

partition, and formatting a drive.

How is a File Deleted in Windows

When we save a file in Windows, the real file will be saved to data area while its attributes

such as file size, starting cluster number, and creating time will be recorded to file system

area. Well then, how is a file deleted from our hard disk or removable device? Under

different file systems Windows need to take different operations, and here we just take

FAT32 for example. Suppose the file DATA.txt saved under root directory will be deleted.

Windows will take the following steps to delete a file on FAT32 partition:

Read boot sector of the volume to locate file allocation table (FAT), root directory,

and data area.

Locate the entry which is allocated for DATAtxt in root directory to find the starting

cluster number of the file. For example it starts from cluster 5.

Go back to FAT to find all clusters the file takes up according to cluster link (FAT

records information of all clusters in this partition) . Supposing the file occupies cluster 5,

6, and 8, information for cluster 5 will show the next cluster the file takes up is 5, and

cluster 5 will show the last cluster is 8.

Set FAT entries of cluster 5, 6, and 8 to 0.

Reset the first byte of the entry for DATA.txt to E5 in root directory.

After these steps, we can say the target file is deleted. From this example we

know deleting a file just operates root directory and FAT (on NTFS partition, Windows

just modifies master file table (MFT)), and the real file is still saved in data area. At this

time, a piece of data recovery software can recover it with ease.

How Is a Partition Deleted

After we initialize a hard disk to either MBR or GPT, space for master partition table will be

reserved. Here we take MBR disk for example. Master partition table on MBR disk

provides 4 entries to record information of primary partitions and extended partition, and

one entry is for one partition. To better understand this issue, please see the structure of

MBR disk:

After a primary partition or extended partition is created, corresponding partition

parameters like partition size, partition state (active or inactive), file system (FAT or NTFS),

and starting position will be recorded to the allocated entry in master partition table. Let’s

see the master partition table via Winhex:

Tip: to get the following interface, we need to open the target disk in Winhex, then click

“View” button on the top, next choose “Template Manager”, and finally apply “Master Boot

Record”.

After a logical partition is created in extended partition, the extended boot record and

extended partition table will be created, and simultaneously partition attributes for this

partition will be recorded to extended partition table. Extended partition table is shown

below (EBR functions like MBR, so we use the template of MBR to view EBR):

This partition table also records partition state, starting position, file system, partition size

(in sector), and so on.

To delete a partition just changes all or some of partition parameters to 0 or directly empty

these parameters so that Windows cannot locate it. As a result, the very deleted partition

will be invisible in Windows Explorer and unallocated in Disk Management. But in fact, the

real partition like partition 1 and partition 2 shown in MBR disk structure is still intact

before new partitions are created. Under this situation, a piece of partition recovery

software can recover it as well as its data.

How Is a Partition Formatted

Here we also take FAT32 partition for example. To format a FAT32 partition, Windows

needs to take the following operations:

1.Write boot code to sector 0 (boot sector of the partition), write FSINFO to sector 1, and

write end signature “55AA” to sector 2.

2.Zero clear sector 3, 4, and 5, and then make a backup for sector 0, sector 1, and sector

2 in sector 6, 7, and 8.

3.Zero clear FAT area and respectively write a starting signature for FAT1 and FAT2 (FAT2

is the backup of FAT1), and set end signature of FAT in FAT2.

4.Zero clear the cluster allocated to root directory. If the partition is set with a label, create

entry for label in entry 0.

Now the very partition is formatted successfully. From the introduction above we can see

step 1 and step 2 are made in reserved area which is located before FAT1, and step 3

aims at FAT1 and FAT2, and step 4 operates root directory. That is to say all these

operations are not made in data area so that real data are still saved completely. At this

time, as long as we turn to data recovery software or data recovery companies, data

originally saved in formatted partition can be recovered.

Tip: please see structure of FAT32 partition to get visualized information about reserved

space, FAT, and root directory.

Now that deleted files and files saved in lost or formatted partition can be recovered, do

we still have chance to erase private data permanently? Definitely there is, and it is to

overwrite original data. That new file takes up space deleted or lost data occupies is called

overwriting, and it is almost impossible to recover overwritten data (both data recovery

software and data recovery technicians are powerless).

How to Overwrite Private data

Once a file is deleted, new files can be saved to the space deleted file occupies in real

data area. After a partition is formatted, new files can be stored to any place in data area

of the formatted partition. Therefore, the simplest but most stupid way to overwrite data is

contiguously writing new files to the very partition after deleting or formatting. However,

this is a piece of much time-consuming and troublesome work since we do not know when

or whether the deleted file(s) has been overwritten. In addition, after a partition is deleted,

space it occupies will be marked as usable and new partitions can be created. Therefore,

users who have certain knowledge of data recovery plan to create new partitions to

overwrite the original partition and think it may overwrite original data. This is indeed an

effective solution to a certain extent, but some powerful data recovery programs or

technicians may recover a part of information since there are traces more or less

remained.

Actually, we can ask third party programs, like Winhex and partitioning tool, for help, which

is the most effective method. Next, let’s see the following demonstration to get detailed

steps.

How to Overwrite Private Data with Winhex

Winhex is a quite powerful and multi-functional tool but requires complex and professional

knowledge. Once a minor mistake is made, we may suffer data loss or even system crash.

Therefore, when using this program, we should be very careful. Let’s see detailed

operations to overwrite a file, and all my operations are done in virtual machine.

First of all, I created a text file named New Text Document, and then wrote numbers 1, 2,

and 3 to it and saved.

Next, open the newly created file in Winhex by taking these steps:

1.Click “Open Disk” icon on menu bar.

2.Select the target disk to open.

3.Double click the partition which saves the target file to open the partition.

4.Double click the target file namely New Text Document.txt to open it.

After opening the file we can see all its content below:

5.Write new different data to replace all original values in this file, and then shut down the

file. It is suggested that users write random data, because data recovery may be possible

if we fill up the target data area with the same value.

After all these operations are done, we can open the file in Windows Explorer to view its

content, only to find this:

At this time we can say the file has been overwritten. However, what I erase is just a very

simple and small file. If the file takes up dozens or thousands of sectors or there are a

huge number of files, we have to cost lots of time to do the overwriting, which is so

troublesome and time-wasting. So is there an easy way to erase private data permanently?

Of course there is. Nowadays, there is third party partitioning tool which helps write

random data like 0 and 1 to data area of a partition to permanently overwrite all original

sensitive information. The biggest reason for recommending this kind of software is that all

operations will be performed automatically by the program, and users only need to

perform several mouse clicks.

How to Overwrite Private Data with Partitioning Tool

First of all, we need to download such a program from the internet. Here, we take MiniTool

Partition Wizard for example, which provides 2 modules to erase data, including “Wipe

Disk” and “Wipe Partition”. The former aims at erasing data saved on the entire hard disk

or device while the latter just wipes files stored on a single partition.

Tip: If you just want to overwrite one or several files, Winhex is suggested. After all, third

party tools will erase all data saved on a disk or partition.

After successful installation, we need to launch the program to get its main interface

shown below:

All disks and partitions are listed here. To overwrite data in certain partition, we need to

select the partition and choose “Wipe Partition” function from the left action panel. To

erase a disk, we should select the disk and choose “Wipe Disk”. After that, 5 wiping

methods are shown:

Fill Sectors with Zero: write the number 0 to every sector of the partition to overwrite all

original data. Fill Sectors with One: write 1 to replace original data.

Fill Sectors with Zero & One: write 0 and 1 alternately to every sector so as to wipe

original data.

DoD 5220.22-M (3 passes): fill every sector with a group of random data for 3 times.

DoD 5220.28-STD (7 passes): fill all sectors with random data for 7 times.

From the top to the bottom, time spent in overwriting data increases, but the effect

becomes better and better. We have said data recovery may be possible if we fill up data

area with the same value. Therefore, the former 2 methods are not suggested thought

they are time-saving. And in general situations, we highly suggest choosing the last one

although it costs much time, because data recovery is no longer possible after we are

making such a wiping. Please see DOD Standard 5220.28 STD to get more information.

If you do not believe what I said, try wiping a partition or disk with MiniTool Partition Wizard.

Then download a piece of data recovery software to check whether wiped data can be

recovered.