Wiping Deleted Data
From Your Old Hard Drive

The Problem

People who upgrade or retire their old computer equipment typically get rid of their old hard drives by selling them, donating them, or simply giving them away. Such people may be surprised to learn that if they have not taken the proper steps to insure that their old data files have been wiped from the disk, the data contained within those files can be recovered by the recipients of the old drive. Personal information such as social security numbers, driver's license numbers, birthdates, bank account numbers, credit card numbers, phone numbers and addresses, personal pictures and images, spreadsheets, emails, word processing documents, etc., can be recovered from old disk drives.

Stealing such information is called "identity theft". Every year the number of people who fall victim to identity theft increases.

Deleting old files is not enough to ensure that their contents are gone. Operating systems allocate files on the disk in "blocks", such that any given file is actually a collection of one or more disk blocks. Deleting a file simply deallocates those blocks, but does not actually erase the contents of those blocks. These deallocated blocks are then free to be used for new files created later, at which time they will be overwritten with new data. But there is no guarantee which blocks will be reused or how soon. The data contained by the original deleted file, which may have been deleted months or even years ago, may still be out there on the disk in one or more unallocated disk blocks.

The only sure way to erase a hard drive is to "squeeze" it, by writing over the old information with new data (all zero bits, for instance) at least once, but preferably several times. There are several commercial security products that do this, including PGP.

The easiest way to do this yourself is to simply create one or more large data files. By creating these files, they reuse unallocated file blocks on the disk, wiping out their old contents and writing new data it its place.

This is not a perfect strategy, of course. Creating new files overwrites the old data blocks only once. Recent advances in magnetic disk technology have made it possible to recover remnant data bits overwritten by new data bits. (This technique takes advantage of the fact that the magnetic head on a hard disk drive wobbles slightly as it flies over the disk surface, so that any given magnetic domain, or bit, is not 100% overwitten but leaves a tiny fraction of the previous magnetic domain in its previous state.) However, this technology is expensive and requires sophisticated equipment, so its use is primarily limited to the FBI and other law enforcement entities. Your typical hacker is not going to be able to recover overwritten data bits.

Source Code

With this strategy in mind, I've written a DOS batch file that fills your hard drive with large data files. This has the effect of wiping out all the unallocated file blocks and all the file blocks from previously deleted files (which may contain sensitive personal information) on the current drive. This is not a guaranteed way to completely wipe out all traces of your old data files, but it's pretty good.

You can cut and paste the text of the source listing below, or you can download the executable batch file from this link:

[ http://david.tribble.com/dos/filldisk.bat ]

Note: Do not execute this link, but simply save it as a file.

You can then open a DOS command window and execute the batch file from the command line. It takes a while to run, especially if you have lots of unused space on your drive.


@echo off
rem ============================================================================
rem filldisk.bat
rem Fills the current disk drive with many large data files.
rem This has the effect of wiping out all the unallocated file blocks and all
rem the file blocks from previously deleted files (which may contain sensitive
rem personal information) on the current drive.
rem This is not a guaranteed way to completely wipe out all traces of your old
rem data files, but it's pretty good.
rem usage: filldisk D
rem The 'D' parameter specifies the disk drive to fill, and is required.
rem Note that filling an active disk drive beyond 90% of its capacity will
rem probably cause MS/Windows to complain, especially if it is the Windows
rem system drive.
rem This works on MS/DOS 2.0 or later.
rem 1.0, 2003-01-17, David R. Tribble, <david@tribble.com>.
rem This code is not copyrighted and is in the public domain.
rem ============================================================================

rem ====================================
rem Run in a temporary directory on the specified (or current) drive

if not (%1) == () goto setdisk
echo Fill the current disk drive with many large data files.
echo usage: filldisk D
echo The 'D' parameter specifies the disk drive to fill, and is required.
goto end

set i=%1
echo Changing to drive: %i%:

if exist fstemp\. goto skipmd
echo Creating temporary subdirectory "fstemp"
mkdir fstemp

chdir fstemp

rem ====================================
rem Create a large file (128 MB) containing random data

echo Creating temporary data file: fs0.dat
echo Booger> fs0.tmp

echo Creating temporary data file: fs1.dat
set i=a
copy /b fs0.tmp+fs0.tmp+fs0.tmp+fs0.tmp fs1.tmp >nul
copy /b fs1.tmp+fs1.tmp+fs1.tmp+fs1.tmp fs0.tmp >nul
set i=%i%b
if not (%i%) == (abbbbbb) goto loop1

rem ====================================
rem Copy the random data file to multiple files until the disk fills up

echo Filling the disk with random data files...
echo (This should eventually fail when the disk is almost full)
echo (If it does not fill the disk, run it again in a different directory)

rem These nested loops will create 10x10x10x10 = 10,000 files
rem This gives a total of 128MB x 10,000 = 1,280,000 MB = 1,250 GB

set i=0

set j=0

set k=0

set m=0

echo writing: fs%i%%j%%k%%m%.tmp
copy /b fs0.tmp fs%i%%j%%k%%m%.tmp >nul

if (%m%) == (9) goto endloop2m
if (%m%) == (8) set m=9
if (%m%) == (7) set m=8
if (%m%) == (6) set m=7
if (%m%) == (5) set m=6
if (%m%) == (4) set m=5
if (%m%) == (3) set m=4
if (%m%) == (2) set m=3
if (%m%) == (1) set m=2
if (%m%) == (0) set m=1
goto loop2m

if (%k%) == (9) goto endloop2k
if (%k%) == (8) set k=9
if (%k%) == (7) set k=8
if (%k%) == (6) set k=7
if (%k%) == (5) set k=6
if (%k%) == (4) set k=5
if (%k%) == (3) set k=4
if (%k%) == (2) set k=3
if (%k%) == (1) set k=2
if (%k%) == (0) set k=1
goto loop2k

if (%j%) == (9) goto endloop2j
if (%j%) == (8) set j=9
if (%j%) == (7) set j=8
if (%j%) == (6) set j=7
if (%j%) == (5) set j=6
if (%j%) == (4) set j=5
if (%j%) == (3) set j=4
if (%j%) == (2) set j=3
if (%j%) == (1) set j=2
if (%j%) == (0) set j=1
goto loop2j

if (%i%) == (9) goto endloop2i
if (%i%) == (8) set i=9
if (%i%) == (7) set i=8
if (%i%) == (6) set i=7
if (%i%) == (5) set i=6
if (%i%) == (4) set i=5
if (%i%) == (3) set i=4
if (%i%) == (2) set i=3
if (%i%) == (1) set i=2
if (%i%) == (0) set i=1
goto loop2i


Other Links

If you have been a victim of identity theft, you can call:

FTC - Identity Theft Hotline
toll free.

Author email: david@tribble.com.
Author web home page: david.tribble.com.

Copyright ©2003 by David R. Tribble, all rights reserved.
@(#)www/text/filldisk.html $Revision: 1.3 $ $Date: 2003/01/25 22:30:41 $