How to Securely Delete Sensitive Files on Windows 11
Cybersecurity
Key Takeaways
- Deleting files on Windows doesn’t actually erase them, making it possible for them to be recovered easily.
- Encrypting your files or using the Cipher command to overwrite free space can prevent file recovery.
- For added security, use file shredder apps, securely wipe entire drives, and consider physically destroying drives if needed.
When you ask Windows to delete a file, it’s usually with the hope that the file will be gone forever. However, a good data recovery service can often bring those files back from the dead. So it’s important to know how to keep your sensitive information dead and buried.
Why “Deleting” Isn’t Really Deleting
When you delete a file on Windows, it doesn’t vanish from your drive immediately. Instead, Windows marks the file’s storage space as free, signaling that it can be overwritten by new data in the future. Until this happens, bits of your files still exist on the drive, making it relatively easy to retrieve them with the right tools and knowledge.
Encrypt Files to Prevent Recovery
One easy way to get around this is to encrypt your hard drive, or the individual files and folders you want to delete. You can use Bitlocker or third-party apps like Veracrypt to get the job done. This doesn’t prevent someone from recovering the deleted data, but it’s all gibberish without the decryption key, so it might as well be deleted
The Cipher Command Overwrites Free Space
Windows has a built-in tool called “Cipher” that will overwrite all empty space with random data. This prevents files from being “undeleted”, although it can take a long time if you have lots of free space, and I wouldn’t recommend doing it on an SSD since it will increase the amount of wear on the drive. Cipher is actually an encryption tool, as the name suggests, but if you use the “/w” switch it overwrites unallocated space.
All you have to do is open the Command Prompt or Terminal app as an administrator and type:
cipher /w:c:
This will overwrite all the free space on your C drive. Change the drive letter as needed. You don’t have to do the whole drive either, you can use a full path such as “C:secretstuff” which is faster because it only overwrites stuff that was deleted from that folder. Just keep in mind that this will only work with drives using the NTFS file system.
Use a Third-Party File Shredder
You can also use a special “file shredder” app, which will overwrite the deleted file multiple times until there’s little to no chance of it being recovered. Again, thanks to how SSDs work, the same method is inadvisable, but some file shredder apps are “SSD aware” and will use the right methods to ensure that a file can’t be recovered from the drive after deletion.
Securely Wipe Entire Drives
For SSDs, the best method to ensure that data isn’t recoverable is the “secure wipe” function. Now, the way SSD housekeeping works (particularly the TRIM command) makes it highly unlikely that data that’s been deleted can be recovered, but you can sometimes find a secure SSD wiping function in your computer’s BIOS, or, even better, use the software provided by the drive manufacturer.
For example, Samsung’s Magician software offers a “secure erase” option. Before using a BIOS or other third-party tool to securely erase your SSD, check if the manufacturer doesn’t offer its own official tool for this purpose.
Try Recovery as a Test
If you’re feeling paranoid, a good step to take after you’ve securely erased your disk, is to attempt file recovery yourself. You can use an application like Recuva to check if any files are in a recoverable state. You don’t actually have to go through with the recovery, just check if the software finds anything, but do stop short of actually recovering the data.
Physically Shred Drives if Needed
If you’re going to throw a drive away, or if the drive fails before you have the chance to properly erase it, the best option is to physically destroy the drive. If you take a hammer and smash everything into little pieces, you’re probably going to be OK, but if you’re worried about a three-letter agency getting their hand on your data, then you may want to make use of drive shredding services.
These are companies that have special equipment to magnetically wipe and/or physically shred a ride so that all the king’s horses and all the king’s men, can never put your data back together again.