How to use Cipher.exe to overwrite deleted data in Windows Server 2003
IN THIS TASK
When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, you can recover the deleted data by using a low-level disk editor or data-recovery software.
When you encrypt plain text files, Encrypting File System (EFS) makes a backup copy of the file so that the data is not lost if an error occurs during the encryption process. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The Windows Server 2003 version of the Cipher utility is designed to prevent unauthorized recovery of such data.
back to the top
How to Use the Cipher Security Tool to Overwrite Deleted DataNote The cipher /w command does not work for files that are smaller than 1 KB. Therefore, make sure that you check the file size to confirm whether is smaller than 1 KB. This issue is scheduled to be fixed in longhorn.
To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command:
- Quit all programs.
- Click Start, click Run, type cmd, and then press ENTER.
- Type cipher /w:folder, and then press ENTER, where folder is any folder in the volume that you want to clean. For example, the cipher /w:c:\test command causes all deallocated space on drive C to be overwritten. If C:\folder is a Mount Point or points to a folder on another volume, all deallocated space on that volume will be cleaned.
back to the top
Id. de artículo: 814599 - Última revisión: 09/11/2011 06:28:00 - Revisión: 8.0
- kbsecurityservices kbhowtomaster KB814599