George Garth wrote:

Paul wrote:

George Garth wrote:

John C. wrote:

George Garth wrote:

Maybe I didn't run the programs properly or thoroughly enough, but in >>>>> Recuva on Win 10, I still see the sensitive file titles pop up during >>>>> its recovery routine.ÿ Now if I try and open them, they won't, but the >>>>> file names still remain.

Tried both Cipher and Sdelete.ÿÿ I ran sdelete64.exe -z E:.ÿ Cipher
was cipher /w:E:

Both programs seemed to run and I felt confident they were performing >>>>> their tasks, that is until I ran Recuva.

What am I doing wrong?ÿ Not enough passes?ÿ Suggestions for remedy
welcome and thanks in advance.

I think you probably need to clean your shellbags:

https://www.google.com/search?client=firefox-b-1-
d&q=what+is+a+shellbag+on+w10

Best program for doing that (that I'm aware of) is Privazer:

https://privazer.com/en/

I was skeptical after trying the other programs and file names would
still show in Recuva.ÿ I'm happy to say that they no longer do after
running the free version of this program! Thanks for suggesting it.

So I guess, should I have future files I want to truly delete, use
something like Sdelete and then follow up with this program?

Well, at this point, I'm pondering a new back up.ÿ Clonezilla is set
up to do a whole drive to whole drive clone. I'm assuming it will now
copy the now "cleaned" drive over the existing dirty copy, at least
keeping my fingers crossed that it will.

I think Paul had a good point about file names for future reference.
Problem is that if I use my own "code" with them too much, I'll
forget what they are in the future.ÿ Let's say I had my social
security number in a text file, for example.ÿ "SSN" would be too
obvious, but if I simply renamed it as "social" I won't know what
that is (or was)... a party, get together, etc etc, so file renaming
is a good idea as long as I don't make it too vague.

I have known a couple people with "steel trap minds", who can map any
number
of arbitrary names to their activities on a computer. That's not going
to work
for everyone. You can use multiple tags, but it's likely the tags will be
a little too obvious for other people. klaatu-aubergine-duck.txt
(maybe the first
letter of each tag is the key...)

As far as I know, Clonezilla does a smart copy and does not copy white
space.
Any file marked as "In-use", the clusters should get copied. It's
quite likely
the $MFT is copied verbatim, with no cleanup or expunging of Not-In-Use
$MFT slots. Not many tools will consolidate the $MFT. I haven't done
enough
testing to comment on a method I know works for sure.

Well, I tested this out today.ÿ After running both Sdelete and Privazer,
and first checking with Recuva, I did a Clonezilla backup and then
restored it.ÿ Recuva showed identical results in both cases, the
original and the clone.

Macrium does a smart copy, but also has a "dd like" forensic option as
a tick box
in the options.

Not many backup tools are limited to just the "dumb" method of copying
every sector.
If you copy every sector, the destination has exactly the same
forensic problems
as the source would have.

I would think a lot of tools, if they don't have a handler for the
file system,
they switch to using "dd". Something like GParted, if it wants, it can
have the source partition dismounted and copy the item with "dd"
approach.
One problem with GParted, it is refuses to touch the "Microsoft Reserved"
partition, which contains no filesystem header sector. A smart tool
(like Macrium), copies Microsoft Reserved with "dd", whereas Gparted
will tell you in effect "I ain't touching that" if you poke Microsoft
Reserved.

Clonezilla should do a job the way a user expects it to be done.
It does not disambiguate GUIDs (as seen in "blkid" command on Linux),
but it at least should make decent copies without "excess copying time".
If you have 20GB of files on a 1TB partition, it should take the time
of 20GB of writes to the destination disk drive. Whereas with "dd"
you pay for 1TB worth of writes (of which only 20GB really mattered).

Even after running these tools (or practically any others available to
the typical consumer), if someone wants to badly enough, they could
still recover data.ÿ With my recent experience finding the "leakage"
left behind after running Sdelete/ Cipher, I'm almost certain there will
be additional leakage present with the right software, even after
running this additional Privazer tool.ÿ If this experience teaches me
nothing else, it does remind me that nothing is secure once it exists in
the PC world.

Well, one could always:
1. purchase a new SSD or HD
2. do a fresh OS install and copy critical and personal files onto it
3. take the blunt end of a 12 pound "Monster Maul" (I actually own one
of these) to the old drive: https://www.ebay.com/itm/116704754153
4. run a powerful degausser over the remains.

Unless there's a secret chip on the motherboard that covertly stores old
file names, this would seem to be an effective tactic to ensure privacy.

--
John C. I filter crossposts, various trolls & dizum.com. Doing this
makes this newsgroup easier to read & more on-topic. Take back the tech companies from India & industry from China.


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Mr. Man-wai Chang wrote on 3/30/2026 10:52 PM:

On 3/31/2026 2:53 AM, George Garth wrote:

Well, I tested this out today.ÿ After running both Sdelete and Privazer,
and first checking with Recuva, I did a Clonezilla backup and then
restored it.ÿ Recuva showed identical results in both cases, the
original and the clone.

You will be unknowingly wondering into the world of computer forensic tools!!! ;)

Is there some tool to delete all entries of deleted files from the
directory table? (Wiping free space of USB flash drive FAT32) : r/antiforensics <https://www.reddit.com/r/antiforensics/comments/v13q1b/is_there_some_tool_to_delete_all_entries_of/>

Yes. Purchase an Oxyacetylene torch. Wear goggles or safety glasses.


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 4/1/2026 8:14 AM, Hank Rogers wrote:

Yes. Purchase an Oxyacetylene torch. Wear goggles or safety glasses.

That will destroy the hardware you wanna sell as 2nd-hand items! :)

--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 4/1/2026 4:59 AM, Daniel70 wrote:

On 31/03/2026 2:52 pm, Mr. Man-wai Chang wrote:

On 3/31/2026 2:53 AM, George Garth wrote:

Well, I tested this out today.ÿ After running both Sdelete and Privazer, >>> and first checking with Recuva, I did a Clonezilla backup and then
restored it.ÿ Recuva showed identical results in both cases, the
original and the clone.

You will be unknowingly wondering into the world of computer forensic tools!!! ;)

Is there some tool to delete all entries of deleted files from the directory table? (Wiping free space of USB flash drive FAT32) : r/antiforensics
<https://www.reddit.com/r/antiforensics/comments/v13q1b/is_there_some_tool_to_delete_all_entries_of/>

Hmm! Don't know specifically about a USB drive but, back in Win7 Days, if you Defraged your Hard Drive, that would move everything back towards the start of the Drive ... and, apparently, Zeroing out all the rest of the Drive.

Could apply to USB drives as well .... but don't quote me.

Defragmentation does not "zero out" anything.

The old fragments on the left still have their contents.

The Defragmentation API was written by a third party and bought by Microsoft, and one of the purposes of the software, is to not damage anything if
the OS has to shut down quickly or whatever. It has some safety features.
The USN journal might have a playback record indicating how those
four things were handled. While the USN claims it is 15GB in size, it
is 32MB worth of records and that is the distance from FIRST USED
to FIRST FREE of the queue. If the 15GB is there, it may not often
be consulted, just the queue portion is regularly used. (Naturally
the feature set of FAT32 is entirely different as FAT32 has way fewer
defensive features as a filesystem.)

| Hello | | World | | Hello | World |
UNUSED UNUSED INUSE INUSE

Material can come along at any time, and the file system can use
that space. Notice how a fragment with my banking details is still
sitting there, waiting for sdelete to zero it out.

| Going | Places | World | | Hello | World |
INUSE INUSE UNUSED INUSE INUSE
^ ^
Banking I know about
Details this one

After SDELETE, the cluster contents look like this. My "intended"
file is still there on the right. There is no reason for this
to move, until the next defrag. If "consolidation" is on the
Optimize dialog window, the HelloWorld can be moved anyplace,
even though it is currently contiguous. Consolidation moves
things to "reduce the gaps" between runs. Gaps are left on purpose
and it is not the Presidents Software (third party) that Microsoft
bought and installed for Windows XP, and that one had more of
a tendency to "incessantly shove things together". The staff at
Microsoft may have written the W10/W11 defrag, there is no indication
this time that a third party wrote it.

| Going | Places |000000000|000000000| Hello | World | <=== sdeleted

The Presidents Software one of WinXP, would be more like this after a run,
if we were to run it... right now. It is not doing this to erase anything.
The Presidents Software defragmenter (would not print its name on the
screen), it had the obsession with green blocks and pushing stuff
together.

It would also spend eight hours doing it, and you would awake in the
morning, to find it was still running and building that "green wall".
The W10/W11 algo runs in ten minutes and there are a number of things it does not care to squeeze. While W10/W11 consolidates and moves around
some things, it has no "obsession" while doing it. It's like the maid
you hired that doesn't clean under the bed.

| Going | Places | Hello | World | <=== Presidents Software Green Wall
of the WinXP era
Paul


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 3/31/26 8:14 PM, Hank Rogers wrote:

Mr. Man-wai Chang wrote on 3/30/2026 10:52 PM:

On 3/31/2026 2:53 AM, George Garth wrote:

Well, I tested this out today.ÿ After running both Sdelete and Privazer, >>> and first checking with Recuva, I did a Clonezilla backup and then
restored it.ÿ Recuva showed identical results in both cases, the
original and the clone.

You will be unknowingly wondering into the world of computer forensic
tools!!! ;)

Is there some tool to delete all entries of deleted files from the
directory table? (Wiping free space of USB flash drive FAT32) : r/
antiforensics
<https://www.reddit.com/r/antiforensics/comments/v13q1b/
is_there_some_tool_to_delete_all_entries_of/>

Yes. Purchase an Oxyacetylene torch.ÿ Wear goggles or safety glasses.

I actually did just that one time, except used one of the small torches
with little tanks, maybe a foot long. I had been given the tanks and
torch by someone not using them anymore and decided to try them out on a
5.25" drive. Mind you, this was before SSD with the somewhat heavy
platter HDD. Much to my surprise, it took a lot of torching! Even
after 10 min or so, about 40% of the drive was still mostly intact with
the remainder being a partially molten mess. I suspect that if I had
used the larger industrial tanks with similarly sized torch, the job
would have gone much more quickly with superior results. It was an interesting experiment though!


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

JB Wells wrote on 4/2/2026 11:22 AM:

On 3/31/26 8:14 PM, Hank Rogers wrote:

Mr. Man-wai Chang wrote on 3/30/2026 10:52 PM:

On 3/31/2026 2:53 AM, George Garth wrote:

Well, I tested this out today.ÿ After running both Sdelete and
Privazer,
and first checking with Recuva, I did a Clonezilla backup and then
restored it.ÿ Recuva showed identical results in both cases, the
original and the clone.

You will be unknowingly wondering into the world of computer forensic
tools!!! ;)

Is there some tool to delete all entries of deleted files from the
directory table? (Wiping free space of USB flash drive FAT32) : r/
antiforensics
<https://www.reddit.com/r/antiforensics/comments/v13q1b/
is_there_some_tool_to_delete_all_entries_of/>

Yes. Purchase an Oxyacetylene torch.ÿ Wear goggles or safety glasses.

I actually did just that one time, except used one of the small torches
with little tanks, maybe a foot long. I had been given the tanks and
torch by someone not using them anymore and decided to try them out on a 5.25" drive.ÿ Mind you, this was before SSD with the somewhat heavy
platter HDD.ÿ Much to my surprise, it took a lot of torching!ÿ Even
after 10 min or so, about 40% of the drive was still mostly intact with
the remainder being a partially molten mess.ÿ I suspect that if I had
used the larger industrial tanks with similarly sized torch, the job
would have gone much more quickly with superior results.ÿ It was an interesting experiment though!

Those little propane torches don't work well. But an oxyacetylene rig
with a rosebud or cutting tip on the torch will put out enough heat to
melt, and even burn steel pretty quickly. Electronic chips would
probably be gone in seconds.


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)