How to delete files securely and completely in Windows 11 using SDelete


Meeting DoD standards for securely deleting files in Windows 11 requires the use of a special application. Fortunately, Microsoft provides one for free in Sysinternals.

Image: Mark Kaelin/TechRepublic.

Previously, we discussed how to delete files and overwrite them with random numbers using the Format command in Windows 11. While that method is effective in a pinch, it does not meet the strictest requirements for securing storage devices containing sensitive data. To meet those requirements, we must download and employ a special application designed for the task.

SEE: 100+ IT policies at your fingertips, ready for download (TechRepublic Premium)

The SDelete command line application is part of the free set of tools and utilities, supported and sanctioned by Microsoft, known as Sysinternals. SDelete can be used to securely overwrite deleted files as well as to securely erase any file data that exists in the unallocated portions of a hard drive. The utility app is specifically designed to meet Department of Defense guidelines for clearing and sanitizing storage media.

Note: SDelete also works with Windows 10, Windows 8, Windows 7, Windows Vista, and Windows Server 2008 and higher.

Delete files securely and completely in Windows 11 using SDelete

Download SDelete for free from the Microsoft Sysinternals webpage. Extract the executable files found in the ZIP file to the C:WindowsSystem32 folder (Figure A) on your system hard drive.

Figure A

Image: Mark Kaelin/TechRepublic.

SDelete does not delete files, it overwrites files that have been deleted. This is an important, yet subtle, distinction that is important to understand. SDelete will not delete files on its own.

As you may have guessed, SDelete requires administrative access and credentials. Be sure to open the command prompt you will use for SDelete commands in administrative mode. Type “command prompt” into the Windows 11 desktop search tool and select Run As Administrator from the list of options, as shown in Figure B.

Figure B

Image: Mark Kaelin/TechRepublic.

As a command line application, SDelete requires the input of parameters and switches to work properly. The basic syntax for SDelete is:

sdelete -p -s -s [File or folder to operate on]

The available command parameters include:

  • -c: Clean free space. Specify an optional amount of space to leave free for use by a running system.
  • -p: Specifies number of overwrite passes (default is one).
  • -r: Remove Read-Only attribute.
  • -s: Recurse subdirectories.
  • -z: Zero free space (good for virtual disk optimization).

The Department of Defense 5220.22-M standard, as specified in the National Industrial Security Program Operating Manual (NISPOM), requires three overwrite passes with an additional 100% verification pass. The updated DoD 5220.22-M ECE method requires seven passes. To meet those two standards respectively, we would issue these SDelete commands:

sdelete -p 3 -r -s C:SensitiveData

sdelete -p 7 -r -s C:SensitiveData

To overwrite and cleanse all previously deleted files on a drive without deleting current files, we would use the clean free space parameter (-c). For example, to overwrite all previously deleted files on drive D: we could use this command:

sdelete -p 3 -c D:

While there are third-party applications available on the market that can securely delete files, they essentially apply the same methodology as this free utility from Microsoft. Why pay for a useful tool when you can download one for free?



Source link