Wipe your Deleted Data Away: Using cipher.exe

In this article we will look at how to use a tool called ‘cipher’ which is a command line tool included with Windows 2000 and XP. We will learn how to use its newest functionality – allowing administrators the ability to wipe all deleted (marked for deletion) data on the hard disk. This would overwrite all of the deleted data and provide for better security. If someone steals your system, like a laptop, then the thief would not be able to recover that data. In this article we learn how to perform this procedure.


"For a complete guide to security, check out 'Security+ Study Guide and DVD Training System' from Amazon.com"

Cipher.exe Usage

Cipher is a cool tool; you can use it in quite a few ways. In this article we will focus on its newest functionality, the ‘wipe all’ feature. There are times where things just happen, an executive in a company I have worked for had his laptop stolen out of the back of his car because someone smashed the window in, and they saw a laptop case. Since this procedure was commonplace due to the sensitivity of the data we store, nothing was gained because the thief got a laptop clean from any critical data.

Let’s look at how to use the tool.

Open a Command Prompt by going to:

Start => Run => CMD => hit Enter => type cipher /? to view the syntax.

Let’s break this up into sections. First, you can see that you have the basic syntax for the command. You can use the command in the following way with switches.

The switches used are listed next. These are all important, but beyond the scope of this article. A future article will contain more information on the detailed usage of cipher.exe

The command we are going to be using is the last one in the list – the /w switch

cipher /w

So, if you wanted to cipher /w a folder on your C: drive called ‘ENCRYPT’D’ you would do the following command:

cipher /w C:\ENCRYPT'D

In case you don’t remember how to encrypt a folder, right click one and view its Properties …on the bottom of the Properties dialog box there is an Advanced button, clicking on it produces the Advanced Attributes dialog box. On the bottom of that dialog box is an option to encrypt the folder:

The cipher will begin its run:

Once completed, the wipe is done and any deleted data on the drive that has been deleted will be ‘history’. Good work, you have just made your system more secure. If it's taken or stolen, all deleted encrypted data has been safely removed from your system for good.

Summary

In this article we covered the basics of using cipher to remove encrypted data marked for overwrite (deleted data is called ‘deallocated’ until it becomes ‘reallocated’) so in case your system is stolen or falls into the wrong hands, any data you bothered to encrypt for security suddenly becomes accessible to someone who knows how to get it. System administrators and engineers can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. If your laptop for instance was stolen, data recovery software could turn up your deleted encrypted files. Like I mentioned earlier in this article, if you went through the trouble of encrypting the folder in the first place, the last thing you want to do is have someone grab it because you deleted it! Stay tuned for more articles!

About Robert J. Shimonski

Robert J. Shimonski (MCSE, etc) is an entrepreneur, technology consultant and published author. Robert's specialties include network infrastructure design, management and the troubleshooting of Microsoft and Cisco products. Robert has in depth experience with globally deployed Microsoft and Cisco systems. Robert works with new companies constantly to help them forge their designs, as well as to optimize their networks and keep them highly available, secure and disaster free. Robert is author of many security related articles and published books to include the best selling: "Sniffer Network Optimization and Troubleshooting Handbook" from Syngress Media Inc (ISBN: 1931836574). Robert is also the author of the best selling: Security+ Study Guide and DVD Training System (ISBN: 1931836728) and Building DMZs for Enterprise Networks (ISBN: 1931836884) also from Syngress. Robert can be found online at www.rsnetworks.net

Click here for Robert J. Shimonski's section.

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred network auditing solution?