wiping free space i...
 
Notifications
Clear all

wiping free space in encrypted containers

electronic_x
(@electronic_x)
Junior Member

When you have an external HDD containing encrypted folders or containers and you delete any file inside any of these containers What´s the better way of wiping free space so, no trace of deleted files can be retrieved?

Quote
Topic starter Posted : 16/08/2013 10:22 pm
jaclaz
(@jaclaz)
Community Legend

When you have an external HDD containing encrypted folders or containers and you delete any file inside any of these containers What´s the better way of wiping free space so, no trace of deleted files can be retrieved?

Oh noes, not again.
http//www.forensicfocus.com/Forums/viewtopic/p=6568259/#6568259
http//www.forensicfocus.com/Forums/viewtopic/p=6568267/#6568267
use sdelete on that free space as well BUT it would be smarter, if you are paranoid, to use sdelete directly to delete the files when you delete them the first time.

jaclaz

ReplyQuote
Posted : 16/08/2013 11:45 pm
electronic_x
(@electronic_x)
Junior Member

Thanks for yor answer. I am aleady getting familiar with sdelete(thanks to your advices). But still some doubts

1-If the external drive is named F and the encryoted container is X, What´s the way I should write the commands line? I see that always appears "C" which is the main, PC, HDD.

2- I have just learnt to delete the file directly with sdelete. However, some time ago before me knowing that, I deleted it, simply. What should I do now? sdlete and wipe free space to the encryoted container, or wipe free space to both, encrypted container and the PC to which the external hard drive(with the encryted containers)were stored?

ReplyQuote
Topic starter Posted : 17/08/2013 12:03 am
jaclaz
(@jaclaz)
Community Legend

But still some doubts

Read again the previous answer AND the referenced previous-previous answer for #2.

1-If the external drive is named F and the encryoted container is X, What´s the way I should write the commands line? I see that always appears "C" which is the main, PC, HDD.

You mean that when you open a command prompt you see
C\>You do know how a command line prompt works, don't you? roll
Or you need to go first through something like this?
http//www.7tutorials.com/command-prompt-how-use-basic-commands

Do you understand the syntax of sdelete?
http//technet.microsoft.com/en-us/sysinternals/bb897443.aspx
(or more generally the syntax for a command line program)?

jaclaz

ReplyQuote
Posted : 17/08/2013 12:32 am
electronic_x
(@electronic_x)
Junior Member

I have read the links. Let me know if I have properly understood, please.

I have a PC, which main HDD drive is "C". Then I plug external HDD, "E" containing the encrypted contaner "X". Then at cmd, I change the default letter "C", by the name of external HDD "E", followed by the letter of virtual encrypted, mounted container "X"

X\ name of de folder to clean\sdelete -z

Is correct?

ReplyQuote
Topic starter Posted : 21/08/2013 4:46 pm
jaclaz
(@jaclaz)
Community Legend

Is correct?

No.
You invoke a command and pass to it the parameter(s) and the target.
SDelete - Secure Delete v1.61
Copyright (C) 1999-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

usage sdelete [-p passes] [-s] [-q] <file or directory> ...
sdelete [-p passes] [-z|-c] [drive letter] ...
-a Remove Read-Only attribute
-c Clean free space
-p passes Specifies number of overwrite passes (default is 1)
-q Don't print errors (Quiet)
-s or -r Recurse subdirectories
-z Zero free space (good for virtual disk optimization)

If sdelete.exe is in C\myniceapps, you will call it by either
C\>C\myniceapps\sedelte.exe[ENTER]
or
C\myniceapps\>sdelete.exe[ENTER]
in the first your current directory is in the root of a drive (and thus you need to supply the full path to sdelete), in the second you already changed directory to the C\myniceapps\ one and you just need to provide the executable name.

Then you add to it the parameters you wish to use (like -z and -s) and then you add the destination/target "X\ name of de folder to clean\".

Additionally, review in detail what the -z switch does and what the -c one does, and be careful about the exact version of sdelete you are using, since there was an "inversion" in the syntax
http//serverfault.com/questions/165070/how-to-zero-fill-a-virtual-disks-free-space-on-windows-for-better-compression

You need to learn the very basics before fiddling with (powerful and potentially dangerous) command line tools, as an example if a path contains spaces it needs to be enclosed in double quotes.

jaclaz

ReplyQuote
Posted : 21/08/2013 5:23 pm
electronic_x
(@electronic_x)
Junior Member

thanks for your answer. Sorry that I did not express myself correctly. I tried to explain that I was going to follow these steps

http//www.guidingtech.com/2834/sdelete-permanently-delete-windows-files/

According that, IN ORDER TO WIPE ONLY FREE SPACE in the encrypted folder X


(which is in an external HDD named E ) then I think that I should type at cmd

C\Users\Name\>sdelete -z X

IS correct now?

ReplyQuote
Topic starter Posted : 21/08/2013 9:19 pm
jaclaz
(@jaclaz)
Community Legend

IS correct now?

Yes and no. 😯

Meaning that IF the container is mounted to drive letter X, then yes it is correct, BUT the fact that the container is residing on a volume that gets drive letter E is perfectly irrelevant.
I believe that an "encrypted folder" (and one named "X", particularly) does not exist (though this is what you wrote)
"X" (included the colon) is a drive letter, "X" is a file or folder name, they are not the same thing.

AGAIN, the link you provided is about a version 1.51 of sdelete (current is 1.61) and the meaning of the -z and -c switches have been inverted.
Make sure that you choose -z or -c according to the EXACT version that you are using and to what you actually want to have sdelete do.

jaclaz

ReplyQuote
Posted : 21/08/2013 9:30 pm
electronic_x
(@electronic_x)
Junior Member

X(or any other letter you choose on Truecrypt)is, in fact, the name of the encrypted container(which, although irrelevant, is in the HDD, E)
Inside X there are some folders. I want to wipe all free space inside the X drive, included that of each folder. So, would be the task done by wiping ALL free space in X?

By the way, you mention that in 1.61 versión c and z have been inverted, bein now -z to zero free space (fill with zeroes), and -c is cleaning free space. Are not both similarly valid?

ReplyQuote
Topic starter Posted : 21/08/2013 10:17 pm
jaclaz
(@jaclaz)
Community Legend

I want to wipe all free space inside the X drive, included that of each folder. So, would be the task done by wiping ALL free space in X?

Yes.

By the way, you mention that in 1.61 versión c and z have been inverted, bein now -z to zero free space (fill with zeroes), and -c is cleaning free space. Are not both similarly valid?

Define "similarly".
One option "zeroes", the other "cleans".
http//forum.sysinternals.com/sdelete-the-diff-between-zero-and-cleanse_topic18729.html
http//forum.sysinternals.com/sdelete-whats-the-diff-between-clean-and-zero_topic26552.html
https://forums.virtualbox.org/viewtopic.php?f=7&t=44640

Remember, Google is your friend. )

jaclaz

ReplyQuote
Posted : 22/08/2013 2:21 pm
electronic_x
(@electronic_x)
Junior Member

1.in current version 1.61 -z is for filling with zeroes and -c is for filling with random data, but, as I think you meant that the best option, always, for securely wiping was a single zero pass, I asked if these two ways are similarly valid, useful, and effective for the task.

2. So,coming back again, repeating, and ending with the original and first question, the correct way for wiping only all the free space without damaging any of the folders contained in it, in a truecrypt container which can be named with several letters,lets say "X which is into an external HDD called "E " is

C\users\name\>sdelete -z X

Thanks

ReplyQuote
Topic starter Posted : 22/08/2013 5:40 pm
jaclaz
(@jaclaz)
Community Legend

1.in current version 1.61 -z is for filling with zeroes and -c is for filling with random data, but, as I think you meant that the best option, always, for securely wiping was a single zero pass, I asked if these two ways are similarly valid, useful, and effective for the task.

I know what you asked ) , still -z and -c do two different things, that may seem similar, but that are not.
You have to make a choice on what you want to do and then choose the corresponding option (and due to the mishap in different version make sure that the parameter corresponds to the choice you made).
And you now need to define "best".
"different" is objective, "similar" and "best" are subjective.

Referring to doing a single zero pass, I never said "best", I said "enough" and "faster" (objective), some people will think (subjective) that doing more passes is "better" or "best", I find it an unneeded waste of time and of wear on the device, but if these people are more confident that it is safer to do more passes, such practice will actually be the "best" for them.

2. So,coming back again, repeating, and ending with the original and first question, the correct way for wiping only all the free space without damaging any of the folders contained in it, in a truecrypt container which can be named with several letters,lets say "X which is into an external HDD called "E " is

C\users\name\>sdelete -z X

Thanks

Yes.

jaclaz

ReplyQuote
Posted : 22/08/2013 6:53 pm
Share:
Share to...