0

I am aware of tools which write zeros or other useless data to fill up your harddrive, however so far all of the tools I have come across must fill up the entire harddrrive.

My understanding of the tools filling up the hard drive is so that when forensics attempt to recover, they only get the zero/useless data.

I am wondering if its possible to just fill up a part of the hard disk instead of the whole thing - This free space I want to fill was used space which contained my important files, so filling up only this part seems adequate.

I also have the problem that my OS files are on this same disk, so filling the whole disk with zero/useless data will cause me to lose my OS.

Does a tool exist? Is this a bad strategy?

BadToTheBone
  • 111
  • 2

3 Answers3

5

Yes, it is a good strategy if a disk has held sensitive data and may be accessible by others. A Google search for "wipe disk free space" finds numerous such tools.

There are a couple of other considerations. One is "slack space." That's the unused space in the last cluster of a file. It's not part of free space, so it won't get wiped by many disk wiping utilities, but it will contain whatever was there before. If your operating system uses 32K clusters, on the average, each file will have 16K of "old" data at the end.

The other consideration is the directory structure. Deleting a file releases its space, but often the directory entry is just marked rather than overwritten; it depends on the operating system. So, if I delete "breakingbad.dat" some or all of the file name is likely to remain in the directory structure. It can be even worse for NTFS. Very small files are stored entirely within the master file table (MFT) so a file of size less than about 1K may not get wiped when you clear free space. That's the file contents, not just the directory entry.

What this means is that you will want to choose your wiping tool carefully. For general cleanup, just clearing the free space may be enough. For sensitive data, you need to clear slack space and directory entries, too.

Bob Brown
  • 5,293
  • 1
  • 19
  • 28
1

Alternatively, just delete your files securely in the first place, using a tool such as shred.

JBRWilkinson
  • 111
  • 2
0

The NTFS cipher.exe tool can be used to clear free space in a particular folder only.

e.g.

cipher /w:c:\foo

I recently answered a similar question regarding cipher and OS secure deletion.

Community
  • 1
SilverlightFox
  • 33,698
  • 6
  • 69
  • 185
  • I don't think the cipher command wipes just free space that was allocated for that specific folder, it wipes all free space on the entire drive that folder is on. From the [MS support site](https://support.microsoft.com/en-us/kb/298009): _Type cipher /w:'folder', and then press ENTER, where folder is optional and can be any folder in a local volume that you want to clean. For example, the cipher /w:c:\test command causes the deallocated space on drive C: to be overwritten. If c:\test is a mount point or points to a folder in another volume, deallocated space on that volume will be cleaned._ – Johnny Jan 12 '16 at 06:59