How to Overwrite Deleted Data using the "Cipher" Command in Windows
The Windows cipher command line tool is predominantly used to manage the encryption status of NTFS volumes. A lesser known function of this command is the ability to securely overwrite free disk space.
Files deleted on a volume are only marked for deletion and can still be recovered. By using the cipher command, the free space occupied by the deleted files are securely overwritten resulting in a more secure system in which the previously deleted files cannot be recovered.
The advantage of using the cipher command is that it ONLY overwrites free disk space - the remainder of the volume is untouched. The cipher command can be run from a booted system without the need to dismount volumes/partitions/disks, or to resort to more complex tools.
This tutorial will show you how to securely wipe or overwrite free disk space on any partition or disk using the inbuilt cipher command in Windows.
Open an elevated command prompt
Type the command below, and press Enter.
The syntax required is:
where [drive] = drive letter, [folder] = folder name
In the example below, I wish to wipe all free disk space on my F drive (a logical partition on a physical disk). Thus, I use the following syntax:
The output from the cipher command is shown below. The free space is overwritten 3 times:
- once with a series of 0's (zero)
- once with a series of 255's
- once with a series of random numbers
Disks with large amounts of free space will take some time to be overwritten - on my system, wiping 25 GB of free space takes approximately 10 minutes.