How to completely remove all traces of a file in Windows 7?
The Honest Truth Answer:
Unless you physically destroy the drive by putting it through a metal shredder, there is no way to completely prevent that information from having a chance to be recovered by a skillful individual. If government level actors factor into your threat model, then you need to physically destroy the drive.
The Good Enough Answer:
If the NSA, FBI, Chinese Intelligence, etc. do not factor into your threat model, then you can get by with applications such as CCleaner. For all but the most extremely sophisticated threat actors, a 25+ pass rewrite will suffice on a HDD.
SSD are a different matter all together due to wear leveling (as Rory already stated) and about 30%+ of the SSD industry are not following the established standard practice for how to handle rewriting those "Bad" memory blocks. Which brings me back to the honest truth answer, shred the drive.
There are so many incorrect tinfoil hat solutions
here. Allow me to present a correct tinfoil hat solution
that fits into your "without formatting" requirements.
Even magnetic force microscopy isn't going to get the files back if they've been deleted properly. Burning the drive is an extreme tinfoil hat
option that is completely unnecessary.
Taking Your Tinfoil Hattery to the Next Level
What are the steps I have to take if I want to completely erase all traces of these files without reformatting or doing something similar?
- Disable Windows Hibernate, Pagefile, and System Restore.
- Disable Shadow Copies
- Delete the information in the AppData icon db
- Move the temporary files to another folder,
FolderA
, along with recent items and shortcuts. - Move the files in question to
FolderA
. - Rename all the files in question to something random.
Private Health Information.csv
?Secret Chinese Dissident List.pdf
? You shredded them, right? Yeah, the file names are still searchable, even if nothing can be recovered, even after shredding them, in a large majority of cases. In many countries, the mere possession of banned materials will get you arrested and/or executed. Religious documents, anti-government propaganda, etc. Just finding a file name is all they need to compel you to donate your organs. Use a tool like Recuva to verify this. Even if it's securely deleted, having the file name listed would make people realize you've been in possession of those documents. Make it something like "derp.exe." - Securely overwrite every single renamed file.
- Delete these securely overwritten files.
- Reboot in safe mode with a command prompt, or use a separate drive to boot off of. I recommend a separate drive.
cipher /w:drive letter
2 times for good measure.- Unplug the power for 20 minutes. Start the computer, and use normally.
Keep in mind that if your drive/files have already been copied by someone else before the deletion begins, you're boned (network transfer of hard drive data / physical copying) if they find your Chinese Dissident List.pdf
. A simple diff
of the contents of the drive will reveal it, and you'll end up generously donating organs to the local cadres.
Alternatives
Would your life be in danger because of this? Alternatively, encrypt the drives with a super-long password, then format, and dban boot and nuke, then reformat.
Otherwise, shred the drive.