Delete files and free disk space securely with SDelete
SDelete is a free command line utility by Microsoft's Sysinternals team that you may use to delete files and free disk space securely.
While you can delete any file on a hard drive connected to a machine running Windows using Explorer, the command line or other means, deleting files this way won't remove the data immediately from the drive.
Without going into too many details, what happens is that Windows removes reference to the data on the hard drive, and makes the space the file occupies on the hard drive available again for write operations.
Once that space gets overwritten partially or fully, the file cannot be recovered anymore. Since you cannot determine when that is going to happen, you may end up with files being still available on the drive that you have deleted months or even years ago.
This is bad for a number of reasons. Say, you want to sell the hard drive or PC, or give it away. Since you hand over the hard drive, the new owner could run file recovery software on it to recover deleted files. Another example is handing over a PC to support or repair staff.
I did use Eraser for that purpose previously, but the program crashes each time I run it on Windows 10 machines.
SDelete
SDelete is a free command line tool that you can use to delete files securely so that they cannot be recovered anymore.
The program overwrites the data on the hard drive directly when it is run to prevent file recovery software from picking up traces of deleted files and data.
The application has two main use cases: delete files securely to prevent recovery, or overwrite free disk space securely to delete traces of previously deleted files on it.
You can download SDelete from the Microsoft website. You find a detailed article on it and its use as well. Extract the archive to your system. Since SDelete is a command line tool, you need to run it from the command line.
One easy option to open the SDelete folder on the command line is to open it in Windows Explorer, type cmd in the Explorer address field, and hit the Enter-key. This should open a command prompt at that location.
Deleting files or folders securely
The command sdelete <file or directory> is the base command for any file or directory operations. Here are some examples that demonstrates the different options that you have:
- sdelete -s c:\users\martin\downloads -- This deletes the folder downloads and all subdirectories securely.
- sdelete -q c:\users\martin\text.txt -- This deletes the file text.txt securely, and suppresses any error messages.
- sdelete -p 5 c:\*.zip -- This deletes all zip files under c:, and runs the operation in five passes.
Deleting free disk space securely
The base command sdelete -c <drive letter> deletes free disk space on the specified drive securely. Here are some examples that demonstrate the various options that SDelete offers:
- sdelete -c c: -- Deletes the free disk space on drive C: securely.
- sdelete -c -p 2 f: -- Runs two delete passes on the free disk space of drive f:
- sdelete -z d: -- Zeroes the free disk space of drive d:
SDelete uses the Department of Defense algorithm by default when it deletes files, folders or free disk space. The -z parameter overwrites the free disk space with zeroes instead which is faster.
The operations may take quite some time to complete. The length it takes depends on the selection. Deleting individual files securely is pretty fast, but it may take hours or even longer if you run the operation on large folders or free space of entire hard drives.
It is recommended to run recovery software afterwards on the path to verify that the files cannot be recovered anymore.
Closing Words
SDelete is a handy, tiny program which you may use to delete files or folders securely, and to process free space on hard drives so that any content that was once store on those drives cannot be recovered anymore.
You may also want to SDelete GUI, which is a graphical user interface version of the app, and our guide on creating a shortcut for drag & drop operations.
@ Simple Shredder
Thank you, for the added advice re: my comment. I have never tried SDelete program, I was simply responding to the CCleaner question above, based on my research, and the program I use, which is eraser.
Deleting files for intermediate users as myself, if mostly mental. If a bad guy steals my laptop, and uses software to uncover what he thinks is the nations secrets, he will be vastly disappointed.
The files I delete are mostly innocuous fluff, that would bore the living daylights out of forensic software.
I do protect myself tho, in the event my laptop was ever stolen. I like to feel safe.
Maybe I will give sdelete a pop … the eraser UI, for me, can be a little problematic at times.
@Rush, sure, I used eraser also, but I needed something lighter/portable even than eraser due that at the time the only thing available was a memory near utterly full to transport the program where no intenet connection existed.
Recently however I found a half decent frontend for the file shredding portion of sdelete and while its not perfect its does what I require and unlike eraser I can see hwat the code actually does, which is a bonus.
See https://github.com/the-j0k3r/batch-101#about—simple-shredder
Its not perfect frontend but its small and light which is what I need.
Sdelete is still a great tool but the article should maybe put more emphasis on the fact that it is useless and should be absolutely avoided with anything other than mechanical, rotating hard drives.
Although a command line utility, sdelete profits greatly from shell integration by means of “send to”, for instance the script below:
1. Zap selection in file manager:
for %%i in (%*) do sdelete -p 1 -s %%i
Can be saved as batch file, adding warning messages and confirmation pauses as needed (recommended). Shortcuts to these batch files should be added to the user profile “send to” folder. The script will then be launched by selecting files and directories in a file manager and making use of the “send to” context menu.
– ‘-p 1’ might be set higher for the truly concerned. This will actually multiply processing time and hardware activity.
After emptying recycle bin, you might have concerns that files are still recoverable, which they are.
2. erase free space on all disks:
for %%c in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
if EXIST %%c:\NUL (
@sdelete -p 1 -z %%c:
)
)
As for secure deletion on SSD, a “renaming before deletion” script is enough confidentiality for me. Once TRIM/garbage collection is executed after deletion, everything seems to be pretty much gone. I know quite little about file systems and storage devices, so someone more knowledgeable might want to correct or add to this opinion.
A file manager able to flatten a root directory down to he last subdirectory will allow “one click renaming”. For instance, in XYplorer, batch renaming such a selection to “deleted. /e /i” will obfuscate each and every file and directory names in the flattened selection without prompts, duplicates or errors. After hard deletion and TRIM, good luck recovering anything usable.
Obviously, you can trigger TRIM manually if you don’t want to wait or don’t trust the OS or the SSD firmware to do it shortly enough. In Windows, a shortcut to the file ‘defragmenter’ will let you ‘optimize’ SSD storages devices. You could also script the whole process and put in in “send to” but this is quite a frightening perspective.
Re-reading my post, I found that less experienced users might possibly not get enough from it and possibly experiment dangerously. Below a workable batch file with added warnings, pauses and shortcut print for script interruption: the sdelete command is one line, ignore the formatting line feeds added by server
CODE/
@echo off
echo .You are about to erase files without recovery.
echo .
echo .
echo . %*
echo .
echo .
echo .Hit CTRL-C to cancel or …
echo .
pause
for %%i in (%*) do sdelete -p 1 -s %%i
pause
/CODE
Another, more complicated approach with loop, that also handles protected files by attempting to reset attributes. I launch as system account (psexec, also from Russinovitch) instead of administrator when cacls still fails:
CODE/
@echo off
:START
if “%~f1″==”” (
echo more files. End.
exit /b 0
)
:WORK
ECHO Y| cacls %1 /T /C /G Administrators:F
attrib -h -s -r -a %1 /S /D
attrib -h -s -r -a %1\*.* /S /D
sdelete -p 1 -s -q %1
:NEXTARG
shift
goto START
/CODE
The second script is not for the faint hearted.
@archie
why complicate things when Simple Shredder does it all already?
@archie
like I said above in https://www.ghacks.net/2017/11/14/delete-files-and-free-disk-space-securely-with-sdelete/#comment-4281821
Simple Shredder is also a good option in addition to your suggestion that can be found in the SDelete forums though. ;).
I’m sorry if you ever posted a script comparable or similar to the code I posted here; this batch file has been sitting on my hard drive since 20001 or so… on a NT4 system. Please do not feel ripped off, as you were not.
Glad to know they still help with forums . I haven’t been there for a good dozen years, since back when MS entered the room.
Still, while few people wander over there, Ghacks is quite the public venue and I believe script samples belong here also.
imo, once sdelete sits in %path%, there is little reason to bother with another program, and that how I configure Windows PC’s I touch. Other’s opinion might vary, depending on cosmetic or profit.
Copy sdelete2.exe to the SendTo Folder. Then right-click any file and SendTo sdelete2
C:\Users\UserName\AppData\Roaming\Microsoft\Windows\SendTo
This is an extremely hazardous suggestion. I wouldn’t put such an executable file in a 2 clicks context menu. Better put a batch file there or better a shortcut to said batch file. Pauses, information and confirmations are a must when launching this.
See example scripts below if you will.
I usually use SDelete in Sandboxie to delete the files. Works since years.
What about the Secure File Deletion option in CCleaner?
CCleaner also offers Wipe Free Space drives and Wipe MFT free space options.
The only definite, absolute, and fool proof way to destroy data on an SSD or HDD is to reformat the device. You could even go one stage further, and squash it with a steamroller,
CCleaner’s Wipe Free Disk Space limitations
CCleaner can’t wipe every deleted file from your free disk space. There are some limitations, because of the way Windows stores some files. Here are some examples:
*The file has been overwritten by another file (so no need to overwrite this again)
“The file had been overwritten by another file before you ran CCleaner, but the second file has now been deleted as well.
*The file was created almost exactly when you ran CCleaner.
A forensic software could easily retrieve files after a ccleaner free space wipe.
I do believe Martin has reviewed “eraser”. And I am not paid to endorse “eraser.” Which is the free program I use. Secure deletion of files, with this program, could frustrate even the best forensic software.
@Rush
Thats not quite like that, Sdelete uses a DoD algorithm to shred files, that combined with number of passes, and if you look at the description of how the program operates, you will see that it wont vary so much from eraser where it comes to potential forensic recoverability.
CCleaner also has complex algorithms, but they dont actually disclose which in program.
What I think though is that hardly anyone will Shred a file or files and them zero the empty space, if you had to do this daily and really had some concern about data recovery, you probably use some encryption as well.
But yes, if youre disposing of an old system or old hard drives that you really dont want anything recovered from, a steamroller is a safe bet. But if it only had your old collection of porn, would you even steam roll that?
sdelete even has the ability to fix MFT issues. If you notice sporadic bad block errors (like those caused by faulty Microsoft updates) in the event log and chkdsk tells you there are no issues, run sdelete -c -z DRIVELETTER:\. Since sdelete is cleaning up the MFT as well, those bad blocks errors may be fixed afterwards.
I’ve been using the always useful nircmd filldelete command.
Great program, here is the review: https://www.ghacks.net/2009/04/02/nirsoft-command-line-tool/
Sdelete was great 15 years ago when mechanical drives ruled,
but SSD’s make nonsense of this as well as Eraser.
To delete on SSD, the safest method is to wipe the entire drive,
hardly practical for most.
Mentioning this would make for a better article.
@mike
Not every consumer has only SSDs, its still a prohibitively pricey proposition to have storage and secondary drives for backup or other uses that are also solid state, so I think your observation counts as far as this reminder, you wording it as most users only have SSD’s, Im certain this is not the case.
I think you will find thats its far more common for OEM to ship devices with a main OS drive as SSD or NVME and if configuration has secondary drives they are still good old fashioned mechanical hard drives, external disks are still only mechanical in majority due to the high cost.
System builders, still do this mix, not only because the old fashion mechanical hard drives can take more punishment for really heavy daily write intensive scenarios.
I believe mechanical hard dives will be with us for many, many, many more years to come and are in no danger to go away any time soon, so while this is true, tools like SDelete have a place.
Command line is the best… when you are trying to wipe something but it wipes you important files or all the drive.
Is this better (or even different) than using the built in cipher /w command?
You can use both. I don’t use cipher so cannot say anything about speed comparison or functionality.
@Martin
I came across this https://github.com/the-j0k3r/batch-101#about—simple-shredder it also uses Sdelete but simplifies the process for I guess users who like that sort of thing.
The bug mentioned above that hangs at 100% is present but only for zeroing empty space on HDD’s, shredding operations dont seem affected.
Current version actually has a bug which remain stuck at 100% and never-ending operation
https://forum.sysinternals.com/sdelete-hangs-at-100_topic32267.html
Yes, that’s why still use v1.61 which fortunately I still had lying around on another system.
Can’t believe that after nearly 2 years this hasn’t been fixed.