Windows 7 Deleting Windows Restore Points, then wiping the free space

[NevadaGirl90]

Hello:

I am trying to sell a computer to someone else, and want to more or less sanitize my personal info from the computer. I secure-deleted the files with sensitive info, uninstalled my financial software, and then ran a program like Eraser that claimed to effectively wipe all free space. I was able to verify this worked to an extant using a basic file recovery program --- it seemed to show that all my old deleted files were gone (whereas it had shown them as recoverable prior to the free space wipe).

So then I went into "System Protection" and deleted all my System Recovery Points, as I don't want my buyer to be able to inadvertently restore all my old financial software (and it's program files) by running a System Restore.

Here's my question, now that I have deleted all my system recovery points, If I re-run the free-space wipe program, it should theoretically be able to wipe the sectors that were previously occupied by the System Recovery Point files, correct? Meaning, am I correct to assume that Windows 7 does not store the System Recovery files in a virtual location of the harddrive that will never be normally assessable to a free-space wipe program? For note, I don't have the old Windows re-install disk around, and I'm not looking for anything drastic like wiping the whole harddrive and re-installing windows. I just want to sell the computer basically as-is without worrying that my financial software and its (program files with my info) can be later restored or accessed by any tech-savvy user. Believe me, this is a legitimate concern for my situation.

ALSO, If I go to Control Panel>System>System Protection, and then Click "Delete," that does in fact delete ALL of the System/File Recovery Points, correct?

I hope this makes sense. Thanks for your help.

 

[Neemobeer]

Restore points don't contain any user data, so there's no reason to delete them. You can use CCleaner and use the built-in disk wiper. Select free space only and that should be good enough.

 

[pnamajck]

nevadagirl90 … welcome to windowsforum … hope you are getting settled in … last i noticed, there were still couple donuts on tthe coffee table … but the coffee is no longer hot.

okay … this probably is not what you want to hear … but, nevertheless, i will offer a frank opinion.

while you have been diligent in "cleaning" your computer … you have only shuffled around bits of data and datum … a professional recover utility could probably harness most of your personal files … at the very least, your cc# and ss# and dob and dl# …and probably all your contacts. would the friend consider betraying you? of course not … but, once malware has seized your computer … your friend won''t have any say in the matter.

now then, nevadagirl90 …

• make sure you have copied all your personal data safely to your new computer (or disks).
• go to your new computer … and visually see/open each personal file.
• go to your old computer … yank out the current hard-drive … bore (all the way) a dozen holes in that drive with an electric drill. better yet, take it to a metal shredder (probably $15-20) … watching them shred that paperweight into junk.

then, if you still wish to sell the computer for $20 … offer as parts. [unless the computer is less than three years old.] if it's a friend you wish to give the computer to … give him the computer free (without hard-drive) … he can purchase new drive for $30 and a copy of win-7(pro) for less than $150 … win-8.1 is even cheaper and probably supported for an additional two years.

what's my basis? security updates for win-7 won't be around much longer … old hardware means won't be able to upgrade (win-10) … computer is, basically, worthless as it stands.

happy to have you here, nevadagirl90 … best wishes with your new computer.

ref:
TOSHIBA MK3261GSYN 320GB 7200 RPM 16MB Cache SATA 3.0Gb/s 2.5" Internal Notebook Hard Drive - Newegg.com
Windows 7 Professional SP1 64-bit-Newegg.com
Microsoft Windows 8.1 Pro Full Version 32 & 64-bit (Download) - Newegg.com

 

[BIGBEARJEDI]

I concur with Jack. What you really have to watch out for is someone buying your computer with the intent of committing a crime, or more specifically a cybercrime! You are responsible for getting rid of 100% of your personal data!! Using free programs without knowing how to do it properly, is like taking all your money out of your bank and giving it to someone you meet in line at a coffee shop and asking them to keep it safe for you! Not a good idea anywhere or anytime.

That being said, if you want this done right, I suggest you take Jack's advice, or better yet, take your computer to a licensed Computer Pro, if you take it to a major computer chain such as Best Buy Geek Squad, Staples, or Fry's they are all licensed and can wipe your drive, or pull it and wipe it for you. After that, if you want to drill holes in it or take it to a machine shop and have them saw it in half while you watch (one of my Students had that done, and brought it into one of my classes for show & tell!), more power to you.

Your method at best will produce unpredictable results, and it's best to spend some money here so you are not charged with any kind of a crime that the person who you sell your computer to commits with it! The real question is how much money are you willing to spend to stay out of jail? In today's world, this is a real concern, and I've been teaching people this for over 30 years.

Best of luck,
<<<BIGBEARJEDI>>>

 

[Neemobeer]

If you're following DoD specs and the drive had top secret data destruction is required; however, since it doesn't using a program like dban and do a multi-pass wipe should be good enough. Another option is encrypt the drive with versa crypt then format and re-install Windows. This also will completely scramble any data on the disk.

 

[NevadaGirl90]

I appreciate the help, but I feel as though I get some conflicting information.

you have only shuffled around bits of data and datum … a professional recover utility could probably harness most of your personal files … at the very least, your cc# and ss# and dob and dl# …and probably all your contacts.

The software is called PreventRestore, and the premium version offers the ability to select your flavor of a freespace multipass wipe. I have run several multi-pass wipes (Gutman, DoD, etc), and using some free file recovery software before and after the freespace wipe, it seems to have worked at some level. Meaning, before, it showed recoverable deleted files, and afterwards, showed virtually nothing.

SO, assuming the software actually effectively performs a multipass wipe of free space..........is the quoted info above regarding "merely shuffling around bits" true? I mean, is software-based mutilpass wiping even an effective means to make data difficult/nearly impossible to recover?

Either multipass wipes work, or then don't. I don't understand how there is a "maybe here." Barring a FBI team with $10,000 dollars in funding and tools, am I safe to some degree? Thanks again. Also, I'm not into the whole re-installing Windows, encryption thing if I don't have to.

 

[Neemobeer]

The only 100% way to make data unrecoverable is to destroy the platters or run a powerful magnet over the disk which will also typically make the disk unusable. Disk wiping programs work by writing different patterns to disk, so essentially changing what is on the disk. Since disks write data by magnetizing small areas of the disk multiple passes will make it harder for recovery utilities to analyze and determine the previous analog signal produced from the reading the magnetic field and make it much harder to determine old data. Most if not nearly all of your data will not be recoverable after a multi-pass wipe. The likelihood decreases with more passes.

Formatting and even re-installing an operating system does very little to nothing in regards to data. Formatting simply wipes out the partition table and when you reinstall an operating system the MFT is written over. All of the data remains on the disk, the same when a file is deleted, the data is not removed, but rather the entries in the MFT are removed leaving the data to be recovered.

Also note wipers do not shuffle data around in any way, they simply write over the data.

 

[BIGBEARJEDI]

Hi again Nevada Girl,
Sorry about the confusion for you on our replies. The last explanation by Neemo is quite accurate. Differing answers to your questions are based on differing levels of experience with regular data recovery used by most Repair Techs, and then there is a thing called Forensics Data Recovery, which I have been involved in. This is sort of like the stuff you see on TV on crime shows such as CSI and NCIS (which is pretty accurate with lots of secret details left out). This stuff is closer to rocket science than one might think, so it's unlikely you're ever going to fully understand it. Having worked for 4 different hard drive manufacturers, designing disk drives and disk drive controllers, as well as teaching Computer Forensics Recovery to various law enforcement agencies, I am probably the most qualified person on this forum to answer your questions. However, that doesn't mean you are going to believe me. Additionally, I've held security clearances up to and including Top-Secret level clearances which means I can't explain all the details of how we perform Forensics Recovery on hard drives that have been "wiped", "erased", or intentionally physically damaged (such as the drilling of holes and sawing in half techniques mentioned). Without disclosing any National Secrets, I can tell you that Forensics Recovery still allows data to be recovered even from these drives that have been intentionally destroyed. In fact, that is how we found out who bombed the US Embassies in various bombings back in the 80s, long before 9-11 in 2001. We also use secure erasure methods in various missile systems that employ storage devices as well. I also worked on those.

With that information, it really doesn't matter about the details that you get, because we can't tell you those details (National Security issues again) even if we wanted to. Jack was simply attempting to make it more easily understandable for you. My comments were attempting to do the same. However, my warnings were based on the fact that as far as law-enforcement and Government agencies and our Military go, they DO have the capability of accessing most if not all the information you mention you are trying to protect from a buyer of your used computer from getting. Since you cannot be sure of whether or terrorist is going to be buying that computer from you or not, you have to err on the side of caution which it sounds like you are trying to do. That software you are using, is "iffy" at best, and since I am an expert and have never heard of it or used it, it's highly unlikely to be very good at all in this regard. Since you are simply trying to safeguard private personal information on your Clients (dob, SS#, DL#, contact info such as phone number, address, E-mail, etc.), you don't have that much to worry about. As long as your computer isn't used to commit a crime or a cybercrime (such as Hacking the Power or Water infrastructure facilities somewhere in the US), it's unlikely you have that kind of information residing on the hard drive of your home computer. Or plans for building a suitcase nuke, or widespread deployment of a Biological Pathogen such as Anthrax), right? So, if you are in the Banking, Real-Estate, or Stock-Trading markets for example, and are simply afraid that your Client information could be pilfered by a competitor in your field, again, the tools we mention here (along with the physical destruction methods such as hole-drilling and sawing-drive-in-half), software wiping should be Ok for your needs.

As Neemo points out, reinstallation of Windows itself or deletion of Restore Points and so forth are certainly NOT adequate protection with the recovery tools available on the Internet to anyone even without any expertise in Recovery to get data back from your computer's Hard Drive. As Jack mentions in his Post here:
"go to your old computer … yank out the current hard-drive … bore (all the way) a dozen holes in that drive with an electric drill. better yet, take it to a metal shredder (probably $15-20) … watching them shred that paperweight into junk."
This is one adequate measure to use, that is the Metal Shredder recommendation. Another way to go, is to simply REMOVE that hard drive from your Computer and put it in a SAFE place such as a Safety-Deposit Box at a Bank or a floor-safe or wall-safe in your home. I like the Metal Shredder recommendation, because, if your Bank is robbed or your home is robbed either scenario could play out with that Hard Drive being stolen and going to who knows where for who-knows-what purpose along with cash, jewelry, bonds, etc.? If you were on Vacation out of town, state, or the Country, and came back to find that this happened to you, you'd never be able to get a good night's sleep again after reading my Post.

For most of my Clients who have these same concerns, especially seniors who have read about stuff like this their entire adult lives, say 50 years or more, I give them a choice: let me wipe their drives with proper software tools and take to a hazardous waste disposal center that melts the drives down in a smelter and recovers their metals and plastic component materials, or I can wipe them and they can keep them under their mattresses, in-home safe, Safety-Deposit box in a bank *which many of them have*. For the vast majority of them; 99% of them, they go with the 1st suggestion, relying on my expertise and explanation and reputation to make that decision. The 1% or so, who are really paranoid and maybe served in a law-enforcement capacity, Government agency, Defense Contractor, or were in Military Intelligence went with the 2nd suggestion. In other words, they took responsibility for keeping that drive for the rest of their lives, or they had access to places that could properly dispose of it while they watched it being done. Those individuals never told me what they ultimately did with their drives even after me asking them years later. Clearly they had sensitive information on them! My job was done, as I gave them a clear explanation of the threat level, and consequences. They then took the appropriate actions to protect that information as they saw fit. Whenever a Client gives me their Hard Drive for wiping/erasure or destruction, I take that very SERIOUSLY as you can now see. In fact, I am sure I take it more seriously than you do, as I'm responsible if information that is secure gets leaked out somehow.

This is probably way more information than you ever wanted to know about this subject, and there are many books that you can obtain about this at your local University library (I would not trust the Internet to read about such things) if you still question what I'm telling you. I would opine to say that you are attempting to perform due diligence on your part by questioning what we tell you and that's very good on your part.

Hopefully, you'll find this information helpful in deciding your next steps about what to do with your computer and it's hard drive.

Very best of luck to you,
<<BBJ>>

 

[NevadaGirl90]

Big bear. I genuinely appreciate your assistance in explaining this. At this point, I'm beginning to turn this into a hobby self-education regarding the topic. I'm still confused. What I'm clear on is that "complete physical destruction is the ultimate form of data destruction." What is less clear is how effective, exactly software-based overwriting techniques can be, if done right.

The last explanation by Neemo is quite accurate

Neemo seems to imply software-based secure deletion is effective (if not perfect).

Since you cannot be sure of whether or terrorist is going to be buying that computer from you or not, you have to err on the side of caution which it sounds like you are trying to do.

Not worried about terrorist. Worried really only about either a bored techie 14 year old with freeware data recovery software, or at worst, a future owner who may have some professional-level experience in data recovery AND has access to such software and equipment and is snooping to try and steal an identity. I assuming that the Cyber Unit of your average terrorist/hacker organization does not have an electron microscope or similar training, and just as I am limited to software-based data deletion, they would be limited to commercial-grade (at best) software based data recovery. I'm assuming that no government is not going to have a need to use an electron microscope and $10,000 in manpower and lab equipment.

That software you are using, is "iffy" at best, and since I am an expert and have never heard of it or used it, it's highly unlikely to be very good at all in this regard

I somewhat am inclined to disagree with you here. I'm also surprised you have not heard of this software. It may be freeware, but it is touted by an individual named Peter Gutman (an academic on the matter) who seems to be a pioneer in the field......even while acknowledging the inherent limitations of software-based data-deletion. The difference with Mr. Gutman, is that he seems to imply that up to very expensive lab equipment, that the over-writing technique is to some degree of confidence, effective. You seem to pretty much disagree, or that is what I took away from your post. His published paper seems to also imply that many of the deficiencies of data overwriting were more an issue with older hard-drives. At the very end of the article, he personally endorse the Heidi Computer Eraser software.

I performed a 35-pass wipe on specific backup files (see a previous thread I just posted in this forum) that were sitting on a 200+GB hard drive. I was not trying write over 5GB of data. I would think that this would have some effect in making the data hard to recover to someone at some point.

Again, this doesn't mean I'm questioning the validity of your statements, but you can understand why I would say I am unclear to the degree of effectiveness of techniques described here.

Sorry to be so nit-picky. Now the whole issue is less about my computer, and more about learning about data storage/etc.