How to securely delete files on Windows PCs using Cipher

The most secure way to permanently destroy data on your Window’s PC is to remove the hard drive and take a hammer to it. However, this technique is not always possible – you might want to hand your laptop down to your kid or an other family member with the operating system intact; or perhaps you are leaving your current employer and want to remove any trace of your personal files before the IT department takes a look.

Well, there’s a program currently installed on your Windows PC that can do this for you – called Cipher.

Apparently, it’s been there since Windows XP and was originally developed to encrypt / decrypt files… but it also has a “wipe” option that securely removes the files that you have already deleted. It seems that very few [technical] people know about this program and I only discovered it last year too!

When you delete a file on a PC, it doesn’t actually get removed. The space on the hard drive where it was saved is simply “deallocated”. This means that someone can use a low-level disk editor and recover the files that you thought you’d deleted (you see this used on TV and in the movies by hackers or forensics labs).

The solution to this problem is to not simply just delete the file, but write over the space that was deleted with different information. The disk space is still deallocated, but it now doesn’t contain your personal information. And this is what Cipher does.

Cipher has a “/w” option which stands for Wipe. When you run it, it overwrites all of the unused / unallocated space on your hard drive (or a specific folder) three times – three passes. The first pass replaces all of your deleted file information with one’s, the second pass with zeros, and third pass with random numbers.

So, here’s how you permanently and securely remove files from your Windows PC.

  1. Uninstall all the software programs that you don’t want to leave behind. Some software keeps local files (e.g. caches) that are not stored in the places where you would normally delete.
  2. Delete the files you want removed.
  3. Run cipher as follows:
  4. You need a command window to run this program and it needs to have Administrative rights. So press the Start Menu (bottom left) and type “command” – as you do so, you will soon see “Command Prompt” appear in the search results above. You want to right click on this option and select “Run as Administrator”.

 Screen Shot 2015-01-17 at 09.06.18

  1. You then will get a command window. Simply type in the following and press return:
cipher /w:C:

 Screen Shot 2015-01-17 at 09.06.56

Assuming that the drive you want to clear is the “C:” drive. If you have a different one then replace C with your alternative (e.g. “cipher /w:D:”) – but remember to include the additional colon after the driver letter (“D:” and not just “D”).

You will then see that Cipher is doing its thing.

 Screen Shot 2015-01-17 at 09.09.34

Depending on how large your hard drive is, this process could take a while as it has to read and overwrite every unallocated sector on your drive – three times. So let it run overnight perhaps. But once its done, you can sleep a little easier about your personal / private data.

Happy deleting.

3 Comments

  1. I entered the command to wipe free space (cipher /w:E) on a very small flash drive and it ran for over an hour and then I got a pop-up saying my hard drive was nearly empty (only 2Gb left out of 1Tb). Closed the window and magically my 725Gb reappeared. Does this mean that it starts wiping the C drive before doing anything else, no matter what?

  2. Hi Jenna.

    Wiping the free space on an external drive can be slow – also, there was an error in this post that has now been corrected. You need to add the colon after the drive letter otherwise it will just use the default drive (e.g. C:). And so for your situation, this would be “cipher /W:E:”). Also note that this tool just wipes the free space and does not delete any files.

    Matt

Leave a Reply