When you have an external HDD containing encrypted folders or containers and you delete any file inside any of these containers What´s the better way of wiping free space so, no trace of deleted files can be retrieved?
When you have an external HDD containing encrypted folders or containers and you delete any file inside any of these containers What´s the better way of wiping free space so, no trace of deleted files can be retrieved?
Oh noes, not again.
http//www.forensicfocus.com/Forums/viewtopic/p=6568259/#6568259
http//www.forensicfocus.com/Forums/viewtopic/p=6568267/#6568267
use sdelete on that free space as well BUT it would be smarter, if you are paranoid, to use sdelete directly to delete the files when you delete them the first time.
jaclaz
Thanks for yor answer. I am aleady getting familiar with sdelete(thanks to your advices). But still some doubts
1-If the external drive is named F and the encryoted container is X, What´s the way I should write the commands line? I see that always appears "C" which is the main, PC, HDD.
2- I have just learnt to delete the file directly with sdelete. However, some time ago before me knowing that, I deleted it, simply. What should I do now? sdlete and wipe free space to the encryoted container, or wipe free space to both, encrypted container and the PC to which the external hard drive(with the encryted containers)were stored?
But still some doubts
Read again the previous answer AND the referenced previous-previous answer for #2.
1-If the external drive is named F and the encryoted container is X, What´s the way I should write the commands line? I see that always appears "C" which is the main, PC, HDD.
You mean that when you open a command prompt you seeC\>You do know how a command line prompt works, don't you? roll
Or you need to go first through something like this?
http//
Do you understand the syntax of sdelete?
http//
(or more generally the syntax for a command line program)?
jaclaz
I have read the links. Let me know if I have properly understood, please.
I have a PC, which main HDD drive is "C". Then I plug external HDD, "E" containing the encrypted contaner "X". Then at cmd, I change the default letter "C", by the name of external HDD "E", followed by the letter of virtual encrypted, mounted container "X"
X\ name of de folder to clean\sdelete -z
Is correct?
Is correct?
No.
You invoke a command and pass to it the parameter(s) and the target.SDelete - Secure Delete v1.61
Copyright (C) 1999-2012 Mark Russinovich
Sysinternals -
usage sdelete [-p passes] [-s] [-q] <file or directory> ...
sdelete [-p passes] [-z|-c] [drive letter] ...
-a Remove Read-Only attribute
-c Clean free space
-p passes Specifies number of overwrite passes (default is 1)
-q Don't print errors (Quiet)
-s or -r Recurse subdirectories
-z Zero free space (good for virtual disk optimization)
If sdelete.exe is in C\myniceapps, you will call it by eitherC\>C\myniceapps\sedelte.exe[ENTER]
orC\myniceapps\>sdelete.exe[ENTER]
in the first your current directory is in the root of a drive (and thus you need to supply the full path to sdelete), in the second you already changed directory to the C\myniceapps\ one and you just need to provide the executable name.
Then you add to it the parameters you wish to use (like -z and -s) and then you add the destination/target "X\ name of de folder to clean\".
Additionally, review in detail what the -z switch does and what the -c one does, and be careful about the exact version of sdelete you are using, since there was an "inversion" in the syntax
http//
You need to learn the very basics before fiddling with (powerful and potentially dangerous) command line tools, as an example if a path contains spaces it needs to be enclosed in double quotes.
jaclaz
thanks for your answer. Sorry that I did not express myself correctly. I tried to explain that I was going to follow these steps
http//
According that, IN ORDER TO WIPE ONLY FREE SPACE in the encrypted folder X
(which is in an external HDD named E ) then I think that I should type at cmd
C\Users\Name\>sdelete -z X
IS correct now?
IS correct now?
Yes and no. 😯
Meaning that IF the container is mounted to drive letter X, then yes it is correct, BUT the fact that the container is residing on a volume that gets drive letter E is perfectly irrelevant.
I believe that an "encrypted folder" (and one named "X", particularly) does not exist (though this is what you wrote)
"X" (included the colon) is a drive letter, "X" is a file or folder name, they are not the same thing.
AGAIN, the link you provided is about a version 1.51 of sdelete (current is 1.61) and the meaning of the -z and -c switches have been inverted.
Make sure that you choose -z or -c according to the EXACT version that you are using and to what you actually want to have sdelete do.
jaclaz
X(or any other letter you choose on Truecrypt)is, in fact, the name of the encrypted container(which, although irrelevant, is in the HDD, E)
Inside X there are some folders. I want to wipe all free space inside the X drive, included that of each folder. So, would be the task done by wiping ALL free space in X?
By the way, you mention that in 1.61 versión c and z have been inverted, bein now -z to zero free space (fill with zeroes), and -c is cleaning free space. Are not both similarly valid?
I want to wipe all free space inside the X drive, included that of each folder. So, would be the task done by wiping ALL free space in X?
Yes.
By the way, you mention that in 1.61 versión c and z have been inverted, bein now -z to zero free space (fill with zeroes), and -c is cleaning free space. Are not both similarly valid?
Define "similarly".
One option "zeroes", the other "cleans".
http//
http//
https://
Remember, Google is your friend. )
jaclaz
