Utility Spotlight SDelete

Lance Whitney

All good IT pros know that when you delete a file in Windows, even bypassing the Recycle Bin, the data isn't removed from disk.

Instead, the file's entry in the Master File Table is marked as deleted and its clusters are freed up to store new data. That process is efficient from a disk-management point of view. But it can leave deleted files vulnerable: Unless new data wipes out all of a deleted file's clusters, that file can still be recovered. The only way to ensure that a file can't be revived is to securely overwrite all its data. One way to achieve that is by using Microsoft's free utility SDelete.

Another great tool by Mark Russinovich, a technical fellow in Microsoft's Platform and Services Division, SDelete can permanently wipe single files or directories or multiple objects by using wild cards. In addition to securely removing existing files, SDelete will purge data in unallocated clusters of a disk—that is, files that have already been deleted.

SDelete can even wipe encrypted files. When you normally delete a file protected by Windows Encrypting File System, the unencrypted contents remain behind. Use SDelete to eliminate the file instead, and the unencrypted contents are removed as well. SDelete uses the Department of Defense standard DOD 5220.22-M, which overwrites all characters of a file with a series of random new values.

To use SDelete, first download a copy, then extract the file sdelete.zip. The extracted contents include an end-user license agreement text file and sdelete.exe. No need to install—just trigger the program from its executable.

SDelete is a command-line utility, so you'll need to run it from a command prompt. Open a command window and move to the folder in which you downloaded SDelete. Typing "sdelete" at the prompt displays a list of its options, as shown in Figure 1 and below:

sdelete [-p passes] [-s] [-q] <file or directory>

sdelete [-p passes] [-z|-c] [drive letter]

-c - Zero free space (good for virtual disk optimization) [Note: This option wipes free spaces with zero values.]

-p passes - Specifies the number of overwrite passes (default is 1)

-q - Don't print errors (Quiet)

-s - Recurse subdirectories [Note: The contents of all subdirectories are included in the deletion or disk wipe.]

-z - Cleans free space [Note: this is similar to the -c option except -z uses a random string of values to more securely wipe free disk space.]

fig01.gif

Figure 1 These options should appear when “sdelete” is typed at the command line.

Of course, you can run SDelete on the PCs in your organization yourself. But you can also make the utility available to your users. Simply create a script or batch file with the appropriate command-line options and deploy that to your users to run within Windows.

Here's a great tip I found in the Sysinternals forum: Copy your SDelete script to the Windows SendTo folder on your users' PCs. Users can then shred any file by right-clicking it, moving to the Send To command, and then selecting your script.

SDelete is compatible with Windows XP and later and Windows Server 2003 and later.

Lance Whitney is an IT consultant, software trainer and technical writer. He has spent countless hours tweaking Windows workstations and servers. Originally a journalist, he took a blind leap into the IT world back in the early '90s.