How can I securely delete pagefile.sys and hiberfil.sys?

[problemo]

I run Windows 7-64 bit Home Premium and work on encrypted containers with TrueCrypt. I'm afraid that such sensitive information (including passwords) may be unencrypted on pagefile.sys or hiberfile.sys. How can I securely delete both of these files? I know there's a method in Windows 7 to delete pagefile.sys at shutdown but I heard from different sources on the net, this is unreliable and does not in fact SECURELY delete the content inside pagefile.sys. Any suggestions?

 

[OldMX]

Just disable them and wipe the free space with 0's after that?

 

[Hopalong X]

This will disable hyberfil. It works I have it set disabled on my SSD.> http://www.sevenforums.com/tutorials/819-hibernate-enable-disable.html

I'll post back on page file when I find it.

 

[Golden]

Hi Problemo,

You might want to try Mark Russinovich's SDELETE, from here

SDelete

It runs from the CMD command line. SDELETE is DoD 5220.22-M compliant. A single pass should be sufficient for your needs.

Regards,
Golden

 

[Britton30]

http://www.sevenforums.com/tutorials/143662-page-file-encryption-enable-disable.html#post1232905
This will help with the pagefile.

 

[Hopalong X]

The only two things I found in sevenforums tutorials is to move the page file to a different hard drive or this> http://www.sevenforums.com/tutorials/143662-page-file-encryption-enable-disable.html

Encryption.
All I could find.
Good luck.
Mike

 

[BoxingLife]

sdelete and truecrypt

From a forensic standpoint your data is always on your hard drive the only way to securely get rid of it is to write zeros over that data numerous times. However you DO NOT want to delete or overwrite the pagefile.sys as its a critical system file and Windows caches much of its data on to it. For non system critical files you may want to use sdelete by sysinternals the command is sdelete -p <Times to write over> <File or Directory Path>. E.g. sdelete -p 15 "c:\textfile".

Someone mentioned Truecrypt, it is very stable and very secure. You should use AES 256-bit encryption which has not been cracked.

 

[Corazon]

pagefile.sys is not a cache for anything stored on the disk, it just stores data paged out of system RAM. It's virtual memory. Of course that doesn't mean it's any less likely to contain unencrypted data that was worked with at any point in time.

The only 100% reliable solution against leaving any unencrypted remnants behind is to encrypt the Windows system partition itself, including the pagefile.sys stored within it as well as any and all cache and temporary files created or modified during a Windows session.

(However, it depends on what's on those Truecrypt-encrypted volumes and how the OP is working with their contents in the first place.)

Another effective, though uncommon, method is to use software to automatically create and format a fixed-size RAM disk at boot time and allocate it with a pagefile.sys, enabling you to keep the pagefile out of any disk-based volumes without having to disable it altogether. Of course using a RAM disk to store a file that's used as virtual memory is a bit...backward.

(I do this on my laptop though, since it has a full 1GB of RAM that my 32-bit Windows can't see but my RAM disk software is able to use separately.)

Clearing the pagefile.sys file at every Windows shutdown is an obvious and simple method requiring a single registry key change which is pretty trivial, but it'll delay the shutdown a lot, and this doesn't address the remaining issue of various cache and temp files left behind on the system volume.

For the record: Clear the page file at shutdown