PaulSadowski.com 

Windows Command Prompt
 Securely Deleting Files
Did you know that when you delete a file or directory you are not deleting the data itself but merely the pointers that the file system maintains to the data?

Also, did you know that there are a number of ways to recover deleted data including freeware utilities, paid utilities and even professional services?

Sometimes you want to be able to recover files deleted accidentally, but sometimes you never want a file to be seen again. Examples of situations when you might not want a file(s) seen again is when you give an old computer away or leave a job.

You may, for example, want to delete financial records, private correspondence, emails, spreadsheets, document files, personal pictures and videos, and more. Anything that may contain sensitive information or material you would not like the world to be able to see.

Just like there are programs available to recover data, there are programs available to make sure your deleted files are not recoverable.

One of those free tools that works from the command prompt and can be automated is SDelete by Mark Russinovich available for free from the Sysinternals web site.

SDelete - Secure Delete v1.4
Copyright (C) 1999-2005 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: sdelete [-p passes] [-s] [-q] <file or directory>
           sdelete [-p passes] -z [drive letter]
    -p passes Specifies number of overwrite passes (default is 1)
    -s Recurse subdirectories
    -q Don't print errors (Quiet)
    -z Clean free space

You can visit the SDelete page to read the technical details on how it works. Here I will present two short batch files showing how you might use it.

What I will illustrate here is how to use SDelete to make all the currently deleted data on your drives unrecoverable.

The first method is to use a for loop that specifies exactly which drives to 'clean' the data from. In the example below I am cleaning drives C, D, E, F & I.

I am using a single pass. (See the SDelete web page.) To change the number of passes simply increase the number after -p to the number of passes you want to use. (You can also run this directly from the command prompt by replacing the %%s with a single %.)

for %%c in (c d e f i) do @sdelete -p 1 -z %%c:

It's a very simple batch file but one that can save you much embarrassment or even prevent identity theft in some circumstances. You might want to run it manually or schedule it from a the task scheduler every once in a while, daily, weekly, monthly, as you prefer, perhaps overnight when your computer is turned on but not in use.

The batch script below will check every possible drive letter and clean each drive that exists. You should keep in mind that you may have external disks mounted and should use this with version when that is not an issue.

for %%c in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
  if EXIST %%c:\NUL (
        @sdelete -p 1 -z %%c:
  )
)

You will need to run these scripts from an account with administrative privileges.

SDelete is currently available here, http://www.sysinternals.com/Utilities/SDelete.html

© 2003-2006 by Paul R. Sadowski   
All Rights Reserved. Used By Permission.  
Comments to: Scripting