How to delete a Folder as if it hasn't existed at all

Question

As the title says, not only I want to completely erase it's bits and bytes from the disk but also it's trace on file system, so NO Undelete software can show that it HAD been there at all.

There are good software that will do the first task ( SDelete comes to mind ) but what about ways to accomplish the second task?

The disk type is HDD and the OS is Win7.

Answer 1

The crucial pieces nobody has mentioned so far are the change journal (USN journal) & MFT (master file table). Please see steps 2 & 3 of the below necessary steps which must be done to achieve what you want.

1. Delete the folder/files (side note: holding shift while you press delete skips the recycle bin)

2. Delete the change journal. See this answer for how to do it on Windows 7.

As files, directories, and other NTFS file system objects are added, deleted, and modified, the NTFS file system enters change journal records... Each record indicates the type of change and the object changed. - https://learn.microsoft.com/en-us/windows/win32/fileio/change-journal-records

3. Clear the entries in the MFT which have been marked as "free" (unallocated). The MFT contains the metadata of all the files you have ever deleted, and points to the location where their data is (or was) stored. This is why some tools can actually tell you what specific file(s) overwrote previously deleted files. These entries never get cleared unless you use a utility that specifically clears them.

4. Wipe the free space of the drive using a multi-pass wiper. These are all the sections of the drive that contain the actual data which is allowed to be overwritten. In other words everything that's been "deleted", which until it is overwritten really just means "hidden from view".

Notes:

• After step 2 & 3 are complete, nobody should be able to see that the file (or folder) ever existed. But if they know that it did, they could find it by sifting through all recoverable data that has yet to be overwritten. If they are looking pretty soon after you completed steps 1-3 but not 4, they will encounter the data that file contained since it won't have been overwritten yet.
• Regarding step 4, you may not need to go nuts with the multi-pass overwriting. I would set it to between 2 - 5 times just to be safe. See this article for reference. It may be that some utilities only overwrite part of the data in order to corrupt it, but not overwrite the entire free space. This would be a time saving mechanism since it can be a time-intensive process to overwrite every single free bit on a drive. That could possibly allow someone extremely determined to somehow rebuild parts of the file, although I personally don't know how that would be done.

Answer 2

*This advice is for an HDD and NOT an SSD drive.

*Re: SSD drives.. The cipher command should be fine but SSDs have a limited lifespan and any time you write to a block, it will decrease the lifespan of said block (unlike HDD). cipher will write a block THREE TIMES. For an SSD, this is probably going to be three different addresses making the purpose irrelevant and yet still deteriorate the drive. Things like the windows disk derangement will simply refuse to defragment an SSD drive but with this said, I am not going to be responsible for telling someone to do them. For SSD drives, see what TRIM is all about.

There are free tools on the internet that will do all of this in close to one sweep. Some of those tools (in the past) have been compromised with malware or questionable governments. The suggestions here use nothing but tools already built into Windows.

First.. clean up

1. Close everything possible.
2. Run "Disk cleanup" clean out everything you are comfortable removing.
3. Delete all files in %TEMP%. Empty internet caches where willing.
4. Defragment your drive. This step alone will get rid of a large amount of entries left behind but not 100%.
5. Use the built-in Cipher utility to wipe free space. Technically, you could have ONLY done this step but then your file system would still be MESSY!

Using the Cipher utility.

There is a built in program in windows that can be used to wipe the free space on drives. It only takes a folder name and intends that you will only run it from the drive you want to wipe free space on.

1. Open cmd.exe as administrator.
2. Run cipher /W:C where C is the drive you want to wipe the free space on.

There are many other tools to do this process but SU doesn't like people giving software recommendations (so I won't) but here is a nice page full of them including more detailed information on the built-in cipher utility.

Answer 3

This answer is for the case when you are going to create this folder in the future.

While Windows 7 is a stable and fine system, it's not the best one to use for high privacy concerns.

Anyway - I would:

• disable any swap file,

• save my critical data on an unique USB key and directly work on it ONLY,

• as Windows saves MRU and recent files opened, this can be deleted - but can be recovered also - maybe you'd use non meaningful names, like random digits or chars.

When you wish to delete it, as per your question: take a hammer and reduce the USB key chips into small enough pieces.

It won't be recoverable.

Again, it's not 100% safe - nothing is - especially due to how windows work, and in particular if you've a swap file. DRAM content can be accessed and read in some conditions even after being powered off (it's called coldboot).

Answer 4

The science and technology behind drives makes this not a binary state of readable/unreadable.

Data recovery has ALWAYS been a case of "how much do you (or those you suppose may want to recover this data) want this data back?"

You take the type of data you have, guage its likely value, and take steps appropriate to those choices.

These will range between writing over (and over, and over, and over) with random bit patterns (more effective for HDDs), to encrypting the drive during use and then just deleting the recovery key (valid for all drive types), to sending the ATA Erase Command (SSDs, but don't trust this) to physically destroying the drive.

Physically destroying the drive is the best way to be certain the data is irrecoverable, both for HDDs and SSDs. If there is data you do not want recovered: destroy the drive.