27

Is there a built-in cmd command/utility on Windows that can shred files (delete and overwrite with random data) without the need to use third party software? In linux i would use shred. It a wonderful tool that not only deletes files, but also destroys any "residue" left on the disk by overwriting the data.

djsmiley2kStaysInside
  • 6,643
  • 2
  • 31
  • 43
Tawfik Khalifeh
  • 397
  • 1
  • 3
  • 9
  • I've never heard of anything "built in" to Windows. A major problem is that if you attempt to overwrite the file the file system may allocate the "overwritten" version in different space from the original, leaving the original untouched. So it takes some significant low-level understanding of the specific system and its configuration. (And this is doubly true if the "disk" is a SSD.) – Daniel R Hicks Sep 06 '12 at 21:00
  • 2
    Microsoft offers an addon program (sdelete) that runs from the command line....http://technet.microsoft.com/en-us/magazine/dd334519.aspx – Moab Sep 06 '12 at 21:09
  • Sdelete can be scripted also...http://forum.sysinternals.com/topic6065.html – Moab Sep 06 '12 at 21:11
  • @Moab That program, according to the cover page, overwrites free space -- not quite the same thing. – Daniel R Hicks Sep 06 '12 at 21:11
  • 1
    @DanH its more powerful than that...http://www.brighthub.com/computing/smb-security/articles/46693.aspx – Moab Sep 06 '12 at 21:13
  • Link is broken to download, here it is....http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx – Moab Sep 06 '12 at 21:17
  • I'm vaguely recalling installable file systems that automatically overwrite space as it's freed. This is probably the only really secure approach. – Daniel R Hicks Sep 07 '12 at 03:06

7 Answers7

12

Probably not. Unless they added one in Windows 8

I recently purchased a new PC with Windows 7, and the manufacturer bundled a third party shredder application. I infer that either there isn't one as standard (and I've never heard of one) or (less likely?) that the manufacturer added some unnecessary bloatware without the usual sliver of justification.

It's hard to prove a negative though.

Notes:

  1. Shred only overwrites a file, it doesn't seek out fragments and copies of the data in unallocated disk space (caused by editing, etc.).

  2. You don't need to overwrite a file more than once. Statements to the contrary have been thoroughly debunked long ago.

  3. It doesn't matter what you overwrite it with.

So just copying a sufficiently large but innocuous file over the top will suffice.

Update:

You could delete the file and then use cipher:

  1. Quit all programs.
  2. Click Start, click Run, type cmd, and then press ENTER.
  3. Type cipher /w:driveletter:\foldername, and then press ENTER. Specify the drive and the folder that identifies the volume that contains the deleted data that you want to overwrite. Data that is not allocated to files or folders will be overwritten. This permanently removes the data. This can take a long time if you are overwriting a large space.

It's probably quicker to just copy a big file over the sensitive file, but safer to clear unallocated space.

G-Man Says 'Reinstate Monica'
  • 7,678
  • 22
  • 41
  • 87
RedGrittyBrick
  • 81,981
  • 20
  • 135
  • 205
  • 1
    nice approach, i use to do exactly that, after using some pro data recovery tools, like recovermyfiles from [GetData](http://www.getdata.com/), i created a small c# program that create dummy data, by specifying the size, to defeat such tools. thanks for your help, i wish i could vote up, but i cant, (still new to super user). regards. – Tawfik Khalifeh Sep 06 '12 at 22:19
  • 1
    Interesting, I learned something today. Thanks for this! – Mark Allen Sep 06 '12 at 22:33
  • Quick question. If i delete some files, say in `C:\Downloads\Goat-pics` and in `C:\Download\favicons\potato-icons` and then run `cipher /w:C:\Downloads` will it cover both of those drives? or does it need to be run on those folders directly? – PsychoData Jul 16 '14 at 16:13
  • @PsychoData: if Goat-pics and potato-icons are in separate **[volumes](http://en.wikipedia.org/wiki/Volume_(computing)#Windows-NT_based_operating_systems)** you need to run cipher on each volume separately. Otherwise you only need to run it once on the one volume that contains both folders. For most home users it is unlikely that there are multiple volumes or mount-points under C: - in which case cipher could just be used on C:. After all "empty" space (including fragments of deleted files) belongs to the drive/volume not to the folder. – RedGrittyBrick Jul 16 '14 at 19:14
  • @RedGrittyBrick yeah, that's what I thought. Free space wouldn't have anything to do with the folder. but, after reading your thing the help text from cipher makes sense. `"If it is a mount point or points to a directory in another volume, the data on that volume will be removed."` So, if the folder is a mount point, then it goes to *that mount point's* volume instead. Thats why it has the folder portion. – PsychoData Jul 16 '14 at 19:53
  • "You don't need to overwrite a file more than once" (I interpret "file" as "data over the same physical space"). You could need, if you care a little bit more than the average. E.g. http://en.wikipedia.org/wiki/Data_remanence and https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html – ShinTakezou May 08 '15 at 07:12
  • @ShinTakezou: As your first reference says, overwriting (once) addresses data remanence. There is no need related to conventional hard disk file storage that isn't addressed by overwriting once. See [you only have to wipe a disk once](http://www.howtogeek.com/115573/htg-explains-why-you-only-have-to-wipe-a-disk-once-to-erase-it/) and [The uban legend of multipass disk overwrite](http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html) – RedGrittyBrick May 08 '15 at 14:38
  • @ShinTakezou: Your second reference also says *"On modern disks, a single pass should be adequate"* – RedGrittyBrick May 08 '15 at 14:53
  • 1
    I think that "to debunk" is for things that have never been true, so the second comments (on modern disks) and "should be adequate" do not make your point 2 of the first list a totally correct statement. Not worth noticing, especially since in any case, if you really are worried, you will destroy physically the disk (after having "degaussed" it) and won't stand on the supposition that it'd be too much expensive even to try to recover some of your data from a randomly-wiped-once disk using clever and futuristic methods, in the hope there's still "deducible information" around… – ShinTakezou May 08 '15 at 16:40
  • 2
    You cannot simply "copy a big file over the sensitive file". Because your editor might create a new file with the new content and simply unlink the old references. Because the filesystem might simply allocates new fragment rather than overwriting older ones. Because the hardware might be allocating the blocks elsewhere rather than overwriting them (esp. true with SSD for performance and wear-leveling). Finally the data might still be there on disk (e.g. snapshots) – Huygens Feb 11 '19 at 11:19
8

Piriform's CCleaner offers an option to wipe out free space. File Shredder allows to wipe out a particular file "on deletion time"

**EDIT: Found something on MS' sysinternas. SDelete. Haven't tried but could give it a try.

Alfabravo
  • 581
  • 4
  • 14
  • already using it, for like 6 years :-), i just want to make sure there is no Microsoft standard for doing such a sensitive task. – Tawfik Khalifeh Sep 06 '12 at 21:38
  • Found something else. Check it out to see if it helps – Alfabravo Sep 06 '12 at 21:51
  • already checked it, given by @Moab in the above comments, found it useful, thanks for your interest. – Tawfik Khalifeh Sep 06 '12 at 22:00
  • 1
    @sarepta MS is not great at providing standard tools for common tasks. Even when it does, third-party tools are often better. Windows is one platform where you shouldn't worry too much about sticking with the "official" way of doing things. – Isaac Rabinovitch Sep 06 '12 at 22:26
  • @IsaacRabinovitch indeed. Anyhow, sysinternal's stuff often solves such needs. – Alfabravo Sep 06 '12 at 23:11
  • @Alfabravo Indeed it does. That's why MS bought sysinternals. But it'd be nice if the built the functionality into Windows instead of making you download stuff, from sysinternals or otherwise – Isaac Rabinovitch Sep 07 '12 at 03:18
4

Not Windows-native, but likely to be already installed for many people reading this question: Git for Windows comes with its own ports of many common Unix utilities, including shred. By default it's located at C:\Program Files\Git\usr\bin\shred.exe.

Usage is the same as on Unix-likes, e.g. C:\"Program Files"\Git\usr\bin\shred.exe myfile.txt

Joseph Montanaro
  • 149
  • 1
  • 3
  • If you read the thorough description of [SDelete](https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete) to see the lengths it goes to to remove all the right bits of data on disk, you'll see why a port of a linux util will write random data that *may* not be on top of the file you were expecting to be shredded. – Walf Nov 14 '22 at 07:44
2

SDelete is as close to native as I've ever found. The reason why it's more secure than other answers is that it doesn't only write random data, it also takes into account the peculiarities of Windows' file systems so it can force the right parts of the disk to be overwritten.

It has no installer, so if you simply extract the files to their own directory in Program Files, than add that to your PATH, you can use it from the command line as you would del. It can delete recursively and shreds both the file contents and name.

The first time it runs, it shows an "Agree to Terms" dialogue, so run it once before you script anything with it.

Walf
  • 430
  • 6
  • 12
1

If you consider Powershell to be built-in, then it is possible to write a script let, maybe using Get-Random to overwrite the content of a file with random values, before deleting it.

This stack overflow question might be useful.

Community
  • 1
Dominique Jacquel
  • 156
  • 3
0

Today I Googled, found an article at lifewire.com, and settled on Eraser. I'm very impressed so far. It integrates with Windows Explorer, adding an Eraser -> Erase right-click menu pick.

tbc0
  • 309
  • 3
  • 13
-2

You can use a batch file:

@echo off

::Here change the name of the file to shred
set shred_file=MyFile.txt


set zero_n=000000000000000000000000000000000000000000000000000000000000000000000000000000000000
set zero_shred=%zero_n%%zero_n%%zero_n%%zero_n%

::Repeat that loop 100 times (delete, overwrite with 100 800‬ zeroes)

for /l %%A in (1,1,100) do (
    del %shred_file% /q /f 2>nul 1>nul
    echo %zero_shred%%zero_shred%%zero_shred% > %shred_file% 2>nul
    for /l %%a in (1,1,400) do (echo %zero_shred%%zero_shred%%zero_shred% >> %shred_file% 2>nul)
)
::Final delete
del %shred_file% /q /f 2>nul 1>nul
exit /B 0

I use that when I need to permanently delete a file smaller than approx ~200 kB

Maybe it's not that the correct answer, but it works as it overwrites the file 100 times

anic17
  • 1
  • 2
    OK, the question says “delete and overwrite”, which seems like bad wording — which you seem to have taken literally.  Your code simply deletes the existing file and then creates 100 new files with the same name. Why do you believe that this functionally shreds the file? – G-Man Says 'Reinstate Monica' May 27 '20 at 20:23