Automatically Have Windows Wipe Free Hard Drive Space

Michael Burns

Starting with Windows 2000, Windows has had the ability to "shred" files so that they cannot be undeleted, even by someone using the most sophisticated forensic recover tools. The built in utility in Windows 2000, XP, Visa, 7,  8 & 10 to do this is a program named cipher.exe. Cipher is what is called a Command Line Tool, in that to run it normally, you have to open a "DOS Box" or Command Window, and run cipher.exe within that with a bunch of arguments. (e.g. Use the run command to run "CMD.exe" to creates a Command window or Command Console, then run cipher using the appropriate syntax within that window.) For example, if you open a Command Window and type "C:\Windows\System32\cipher.exe /w:C" and hit return, Windows will start wiping the free space on disk C:.

Cipher can be used to encrypt files and directories, decrypt files and directories, as well as wipe files. The latter function is what I want to talk about here, specifically, to show how you can have Windows automatically periodically wipe ("shred") the free space on your hard drive periodically. Why would you want to do this? As you probably already know, when files are deleted, they are not destroyed. All that happens is that the space they occupy on the hard drive is changed in the directory as being available for reuse. All of the data is still there, which is why most deleted files can be "undeleted" if not too much time has passed since they were deleted. "Too much" time, give the large size of hard drives, can be months or even years before the data is overwritten. There are many "file shredding" programs on the market, such as the file shredder in my own Browser Wipe, for explicitly destroying files you would normally put in the recycle bin. But since temporary files are created by many programs such as email programs, Word, Excel, Photoshop, etc. to temporarily store data, and then are deleted by those programs when those programs quit, many people don't even know that such files even exited and that their data was left exposed on their drive in the form of deleted temporary files. To deal with even temporary files that were created and deleted behind the scenes, there is another class of wiping programs for "disk bleaching", which means over writing all of the "free space" of the drive so that all that deleted data gets destroyed by being over written. My own Free Space Wipe is one such example of a disk bleaching program.

In any event, if you are concerned about the security of your data, one additional step you can do to help insure that deleted data, emptied caches from programs such as Internet Explorer, or temporary files from programs such as email programs, Word, Excel, Photoshop, etc are gone for good is to automatically periodically bleach the disks in your system.

Below is an example of how to set up the Windows Task Scheduler to use the Windows cipher program to automatically over write all of the free space on the C drive. While I won't do so in the example below, it is probably a good idea to have the scheduler run Disk Cleanup, with settings to delete the Internet Explorer cache, right before wiping the free space. The example below is for Windows 7, but other versions of Windows are nearly identical:

1. Open Task Scheduler. All Programs → Accessories → System Tools → Task Scheduler. You should see something like this:

2. Expand the top level folder, which on most systems is called "Task Scheduler Library".

3. Unless you've already scheduled tasks yourself, all of the folders which drop down were made by Windows or other applications for their own purposes. We'll not want to mess with them, so we'll want to make our own folder to keep our custom scheduled tasks separate from all of those other tasks. Making a separate folder for our own tasks has the additional advantage of allowing us to remove all of our tasks if need be by simply deleting our folder within the Task Scheduler.

4. In the example that follows, we'll put our wipe free space task in a folder we made that I've named "SimVid-PC". I like to use a name that reflects the name of the PC so I know later that it's a folder I made for tasks I've scheduled manually.

5. Select the folder you created, and right click on it. A menu should appear. Select "Create Basic Task..." The "Create Basic Task Wizard" should appear as shown below.

We will name this Task "Wipe C free space", so fill that name in the "Name" field, then hit Next.

6. The Wizard will move to the trigger screen as shown below, where we will set when the Task will start and how often it will run.

7. In this example, we will select "weekly", with a reoccurrence of every 2 weeks, on Friday at 5am, as shown below:

After setting the trigger as shown above, hit Next.

8. The Wizard will advance to the Action screen as shown below:

We want the Action to be to Start a Program, so select that and hit Next.

9. Set the program to be cipher.exe, which resides in the System32 subdirectory of the Windows directory. You can type it in as shown below or browser to it.

We also need to tell cipher.exe what we want to do. Since we want it to wipe the free space on Drive "C:", we need to fill in the "Add arguments" field to tell it that. You do so by adding the arguments "/w:C" (without the quotes) to the "Add arguments (optional):" box as shown above. Then hit Next.

10. The Wizard will then have advanced to the Finish screen and shows what the task in the Scheduler will do as shown below.

Check that everything looks OK. Then hit Finish.

On the machine above, on every other Friday at 5am, all of the free space on drive C will be over written. When that happens, cipher will create a directory on the C drive named EFSTMPWP, wherein a number of temporary files will be created. These files will first be filled with zeros until the disk is full, then they will be deleted. Then a new set of temporary files will be created and filled with ones until the disk is full, then they will be deleted. Then a new set of temporary files will be created and filled with random data until the disk is full, then they will be deleted. This should preclude anyone being able to recover any data that had been deleted, and hence had become part of the disks unallocated space, at the time cipher ran.