web analytics

Periodically scrubbing unused drive space may help with data recovery later.

Most computers contain many old deleted files even years after they’ve been deleted. This is because deleting a file and emptying the recycle bin doesn’t permanently remove the files from the computer’s hard drive. It only hides it from view.

If there’s a file you mistakenly deleted, and you need to get it back, recovery is typically possible using special software, but you may need to search through a long list of recoverable files.

You can periodically scrub unused space on your hard drive by overwriting any area of the drive not used by the operating system, the programs, or your files.

If you do this, then any future attempts to recover recently deleted files should just yield a short list of recently deleted files that are recoverable.

Before performing this procedure, make sure there are no recently deleted files that you’ll want to recover. Because after the process is complete, recovery will be nearly impossible.

An added advantage of periodically wiping unused space is that your deleted files containing sensitive data will truly be deleted.

You can use the built-in Windows Cipher Security Tool to overwrite deleted data. Here are the instructions as provided on the Microsoft Support website.

How to Use the Cipher Security Tool to Overwrite Deleted Data

Note: The cipher /w command does not work for files that are smaller than 1 KB. Therefore, make sure that you check the file size to confirm whether is smaller than 1 KB. This issue is scheduled to be fixed in longhorn.

To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command:

  1. Quit all programs.
  2. Click Start, click Run, type cmd, and then press ENTER.
  3. Type cipher /w:folder, and then press ENTER, where folder is any folder in the volume that you want to clean. For example, the cipher /w:c:\test command causes all deallocated space on drive C to be overwritten. If C:\folder is a Mount Point or points to a folder on another volume, all deallocated space on that volume will be cleaned.

Data that is not allocated to files or folders is overwritten. This permanently removes the data. This can take a long time if you are overwriting a large amount of space.

Cipher Commands, Options, and Switches

Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher displays the encryption state of the current folder and any files it contains.

Syntax

cipher [{/e|/d}] [/s:dir] [/a] [/i] [/f] [/q] [/h] [/k] [/u[/n]] [PathName […]] | [/r:PathNameWithoutExtension] | [/w:PathName]

Parameters

/e   : Encrypts the specified folders. Folders are marked so that files that are added to the folder later are encrypted too.

/d   : Decrypts the specified folders. Folders are marked so that files that are added to the folder later are encrypted too.

/s:   dir   : Performs the selected operation in the specified folder and all subfolders.

/a   : Performs the operation for files and directories.

/i   : Continues performing the specified operation even after errors occur. By default, cipher stops when it encounters an error.

/f   : Forces the encryption or decryption of all specified objects. By default, cipher skips files that have been encrypted or decrypted already.

/q   : Reports only the most essential information.

/h   : Displays files with hidden or system attributes. By default, these files are not encrypted or decrypted.

/k   : Creates a new file encryption key for the user running cipher. If you use this option, cipher ignores all of the other options.

/u   : Updates the user’s file encryption key or recovery agent’s key to the current ones in all of the encrypted files on local drives (that is, if the keys have been changed). This option only works with /n.

/n   : Prevents keys from being updated. Use this option to find all of the encrypted files on the local drives. This option only works with /u.

PathName   : Specifies a pattern, file, or folder.

/r: PathNameWithoutExtension   : Generates a new recovery agent certificate and private key, and then writes them to files with the file name specified in PathNameWithoutExtension. If you use this option, cipher ignores all of the other options.

/w: PathName   : Removes data on unused portions of a volume. PathName can indicate any directory on the desired volume. If you use this option, cipher ignores all of the other options.

/?   : Displays help at the command prompt.

Remarks

  • Using /w

    /w removes data from portions of the volume it can access and have not been allocated to files or directories. It does not lock the drive, so other programs can obtain space on the drive, which cipher cannot erase. Because this option writes to a large portion of the hard volume, it might take a long time to complete and should only be used when necessary.

  • Encrypting or decrypting files

    To prevent an encrypted file from becoming decrypted when it is modified, it is recommended that you encrypt both the file and the folder in which it resides.

  • Using read-only files and folders

    Cipher cannot encrypt files that are marked as read-only.

  • Using multiple folder names

    You can use multiple folder names and wildcard characters.

  • Using multiple parameters

    You must separate multiple parameters by at least one space.

Examples

To use cipher to encrypt a subfolder named May in a folder named MonthlyReports, type:

cipher /e monthlyreports\may

To encrypt the MonthlyReports folder, the January through December subfolders, and the Manufacturing subfolders within the month subfolders, type:

cipher /e /s:monthlyreports

To encrypt only the Marketing.xls file in the May subfolder, type:

cipher /e /a monthlyreports\may\marketing.xls

To encrypt the Marketing.xls file, the Maintenance.doc file, and the Manufacturing subfolder (located in the May folder), type:

cipher /e /a monthlyreports\may\ma*

To determine whether the May folder is encrypted, type:

cipher monthlyreports\may

To determine which files in the May folder are encrypted, type:

cipher monthlyreports\may\*

Formatting legend

Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (…) Parameter that can be repeated several times in a command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example: {even|odd} Set of choices from which the user must choose only one
Courier font Code or program output

Command-line reference A-Z

__________________

Source: Microsoft Support as of 15 May 2017

By Greg Johnson

Greg Johnson is a freelance writer and tech consultant in Iowa City. He is also the founder and Director of the ResourcesForLife.com website. Learn more at AboutGregJohnson.com

Leave a Reply