Recipe 8.4. Securely Deleting a File

Previous page
Table of content
Next page

Problem

You want to delete a file so that it cannot be retrieved by undeleting it.

Solution

Using downloadable software

Use the Sysinternals sdelete command to securely delete files:

> sdelete <FileName>

Use the -p option to specify the number of passes to overwrite the disk segments. The more passes, the less likely the file can be recovered.

The -s option can be used to recursively delete everything within a folder:

> sdelete -p 4 -s c:\logs

Using VBScript
' This code runs the sdelete command ' ------ SCRIPT CONFIGURATION ------ strCommand = "sdelete -p 5 c:\logs\tue.log" ' ------ END CONFIGURATION --------- set objWshShell = WScript.CreateObject("WScript.Shell") intRC = objWshShell.Run(strCommand, 0, TRUE) if intRC <> 0 then    WScript.Echo "Error returned from running the command: " & intRC else    WScript.Echo "Command executed successfully" end if

Discussion

When you delete a file through Windows Explorer, it is sent to the recycle bin. You can use the recycle bin to restore the file back to its original location or you can permanently delete the file by emptying the recycle bin. But wait a second the file doesn't really get deleted when you empty the recycle bin. All that happens is that the link to the collection of bits on the hard disk that make up the file is deleted. The bits that make up the file are still present on the disk. And it stays like this until the file system overwrites those bits with a new file. That means that if a bad guy stole your computer, he could run a program to examine the hard drive and restore files that have been previously deleted and not overwritten. That is, unless you securely delete the file using the Sysinternals sdelete command. sdelete works by writing random characters to the bits that made up the file before. This prevents programs from piecing the file back together. This doesn't prevent someone from restoring a previous copy of the file from backup, but no one will be able to take the hard drive and restore a deleted file on which you used sdelete.

You can also use the cipher tool to overwrite deleted data. See MS KB 814599 for more information.


See Also

MS KB 136517, "How the Recycle Bin Stores Files," and MS KB 814599, "HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows Server 2003"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
MySQL Stored Procedure Programming
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Lotus Notes and Domino 6 Development (2nd Edition)
Managing Enterprise Systems with the Windows Script Host
Special Edition Using Crystal Reports 10
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy