SDelete, a tool used to securely delete files on NTFS-formatted logical disks, provides users with a reliable method to permanently delete data. Unlike the standard delete option, which only marks the space previously occupied by a deleted file as unallocated, SDelete overwrites the file data on clusters within the file system. This ensures that the data cannot be recovered using forensics tools.
One of the major risks in relying on the standard delete action is that the data remains on the disk until another application utilizes that space. This creates an opportunity for attackers to access and recover the supposedly deleted data by attaching the acquired disk to a system running a different operating system, such as Linux. However, by using SDelete, users can securely delete the files and eliminate the risk of unauthorized data recovery.
SDelete is also effective in removing data within compressed files and information protected by the Encrypting File System (EFS). EFS uses asymmetric encryption to safeguard files when the operating system is offline, as in the case of a stolen disk drive. When a file is encrypted using EFS, the original file copy’s space is marked as unallocated, allowing other programs to utilize it. This poses potential security risks, which can be mitigated by using SDelete to securely delete the original file data.
File compression also presents security and performance concerns. Therefore, SDelete offers two essential features compared to regular delete functions. Firstly, it allows users to implement a secure delete option. Secondly, it facilitates the deletion of file data on unallocated space, including files that were previously deleted and those that are compressed or encrypted.
However, it is crucial to exercise caution when using SDelete. Before experimenting with the tool, it is recommended to back up any important data. Lost data cannot be recovered, which is the intended outcome when securely deleting files. Additionally, it is advised to test SDelete on a virtual machine with trivial data before using it in a production environment.
Installing and using SDelete is a straightforward process. To install SDelete, users can download the entire Sysinternals suite or retrieve it as a zip file. It is compatible with current Microsoft Windows client and server operating systems from Windows Vista and Windows Server 2008 onwards. After downloading and extracting the zip file, the SDelete folder should be added to the system Path variable. This step is crucial to ensure that the SDelete command can be accessed from any location within the system.
The syntax of the SDelete command is simple, with few options to consider. By typing “sdelete” followed by the necessary parameters and the file, directory, drive, or disk to be securely deleted or cleaned, users can effectively utilize the tool. Some of the available options include the ability to clean free space on a specified drive or physical disk, treat letters as files rather than disks, specify the number of overwrite passes, remove the read-only attribute from files, perform directory recursion, and zero free space.
In addition to securely deleting files and folders, SDelete offers several other functions. It can be used to manage free disk space by cleaning unallocated space where confidential files may have been located. This process ensures that encrypted, compressed, and deleted files are completely unrecoverable. SDelete also enables users to zero free space on a disk, which is particularly useful in virtual environments where unused space cannot be easily recovered. Moreover, the tool allows users to set the number of passes, with each pass writing random characters to the space, significantly reducing the chances of recovery by advanced forensics utilities.
Furthermore, SDelete adheres to the Department of Defense’s (DOD) 5220.22-M standard, which is a widely accepted data clearing and sanitizing standard. This compliance allows military personnel and contract workers to meet the necessary requirements to protect classified data. However, it is important to note that the 5220.22-M standard has now been absorbed into the National Industrial Security Program Operating Manual (NISPOM), which became a federal rule in 2021. The NISPOM does not specify any particular data erasure method in its guidelines. Nevertheless, SDelete is still a valuable tool for managing confidential data across various operations, from repurposing systems to disposing of old drives.
Overall, SDelete provides users with a secure and effective method to permanently delete files and ensure that confidential data cannot be recovered. However, users must exercise caution and backup their data before using the tool, as there is no undo feature. By following the installation and usage instructions, users can confidently utilize SDelete to enhance their data security and privacy.