How to Securely Erase Private Data
CAUTION: Reading the following instructions carelessly could cause you to disable your system and / or lose data you want to keep. So be sure to read them carefully.
WARNING: Running your browser, e-mail program, word processor or other program in Sandboxie with its cache, or sandbox, in unencrypted form leaves your browsing history, e-mail, private documents or other private files vulnerable.
I recommend either encrypting your Windows partition or your whole hard drive, or moving the sandbox to an encrypted removable medium.
To move the sandbox:
WARNING: A program running in the sandbox locks the sandbox, keeping Eraser from erasing it.
Before erasing the sandbox in Windows, make sure all programs running in the sandbox have been terminated / stopped / closed.
Note: Closing all processes (programs) running in Sandboxie may or may not unlock the files. If it doesn't, when erasing the sandbox Eraser will, if you've checked the locked files setting in the preferences, pop up a message saying ''File locked by another process. Do you want to Erase after restart?'' Click on Yes.
Note: Deleting or erasing the top-most Sandbox folder won't harm anything. It'll just be re-created the next time Sandboxie is started.
WARNING: If you're comfortable with editing the registry, you can configuring Sandboxie to use eraserl or some other secure erasing program to erase the sandbox when Sandboxie is closed, but you have to close it every time before logging off or shutting down. Forgetting to do that every time leaves your private data vulnerable.
If in spite of the risk you choose that option anyway, follow the Secure Delete instructions below with one difference: replace the default delete command with the following one:
eraserl.exe -folder "%SID%" -subfolders -method DoD
(DoD is 7 passes, DoD_E is 3, Gutmann, for older, less dense drives only, is 35)
To avoid leaving your data vulnerable and dealing with locked files, I recommend creating a batch file instead to erase the sandbox on logoff or shutdown.
Caution: Eraser Launcher (eraserl.exe) does not ask for a confirmation before erasing your data.
Once you've finished creating the tasks, export a backup file of these settings to a floppy disk by clicking File and selecting Export and the location to save it to, name the file, and click on OK.
Having done all that, now do the following five things every time you use your computer. Before shutting it down, first run chkdsk / scandisk to recover any lost clusters, right-click on them and erase them with Eraser.
Start and run Eraser. Here's how: if Eraser's window isn't selected, click on it's top bar, press the Ctrl and A keys at the same time, to select all the tasks in the list, and click on the Run button to erase the unnecessary files that have accumulated and the subfolders they're in.
Then repeat this step in a second user account (if you don't have one, create a temporary one) to erase all your index.dat files. (Make sure you delete the temporary account after you're done, for security.)
CAUTION: If you prefer, instead of pressing Ctrl and A, you may press and hold the Ctrl key and select the tasks for the index.dat files in other user accounts than the one you're currently logged in to. But I strongly recommend pressing Ctrl and A and selecting all the tasks, even though most of them have already been done. Otherwise you may miss some index.dat files.)
If you don't erase temporary and history files, your computer will slow down. My dad's computer was extremely slow after a year of accumulation, and it took 16 hours, instead of the usual 1 to 10 minutes when done every day, to delete these files!
'Course that's because it was set to 35 passes per file, I later found out, instead of 7 or 3. But it still would've taken quite a while. So try to do it every day, if you can.
Incidently, I've since learned that erasing expert Peter Gutmann, in an epilogue to his paper, said ''performing the full 35-pass overwrite [a method meant only for old, low-density hard drives] is pointless [for modern, high-density hard drives]...a few passes of random scrubbing is the best you can do.'' So the DOD's 7 passes setting should be sufficiently secure.
WARNING: Alternate Data Streams skip
To erase your swap or page file or files (each partition has one), either create a Scheduler task for each one in Eraser (see Set Up Eraser for instructions), to erase the file(s) on reboot, or follow the steps below to erase it or them from the command prompt.
Note: Erasing free space takes several hours. If you prefer, you may erase your free or empty space in Windows with Eraser's interface, but it won't be as thorough as the command prompt from the boot menu, because some files are in use and it can't erase them.
eraserd -file c:\pagefile.sys -passes 7
eraserd -disk c: -passes 7
Now, if you've followed these instructions, your computer is virtually* free of bloat and ''deleted'' files, especially private ones, for FREE!
*As I said in my disclaimer, these instructions are in no way a guide for thorough erasing of all your private data stored on digital media. For that, please consult an expert.
Get notified when this page changes.
Please read my disclaimer before visiting the following top sites.
Brent's Place at brentsplace.info
©2000-2006 All rights reserved.