Due to the nature of how filesystems like NTFS work, files that are deleted "permanently" from within Windows aren't immediately deleted - they're simply marked as deleted from the Master File Table (the hard drive's index) and therefore inaccessible from within the operating system using normal means.
This means that although a little harder to get to, they still exist on the drive until the space they occupy is overwritten by a newer piece of data, which can be never at all depending on how much free space the hard drive has. This makes deleted data easily recoverable to anyone capable of using dedicated data recovery tools like Recuva and GetDataBack.
On Windows, the wiping of free space is usually done via a (usually bloated) third-party GUI, despite the fact that it can be done relatively simple via the command-line in Linux. Does such a command-line tool exist for Windows?
Such a tool exists in the form of a little-known Windows utility called
However, all that's needed to securely wipe the free space on a hard drive is Cipher's
cipher's syntax is slightly odd in that it requires at least one colon after the
/w switch, followed by the drive letter of the drive that you want to securely wipe. If your system contains both a boot (i.e. Windows/system) drive and a data drive, you'll want to wipe both separately with
cipher /w for maximum security, or wipe just the data drive to cover yourself for most purposes.
cipher works by creating a folder called
EFSTMPWP on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.