BCWipe for Secure File Deletion
By Michael Ross
This article was published by ComputorEdge, issue #2743, 2009-10-23, as a feature article, in both their PDF edition (on pages 11-23) and their website.
Most if not all experienced computer users are familiar with how to delete a file — using their operating system's built-in file manager, or using a third-party file management program, or, far less commonly, executing a file deletion command at the command line. They may know how to perform such an operation, but they typically do not understand what actually happens. They generally assume that all of the data has been wiped away, to make room for new data. But it hasn't.
Here's what really happens: For operating systems that have built-in undelete capabilities, the chosen file is no longer listed in its current directory (or "folder" in Windows parlance), but instead becomes listed in the operating system's trash area. In the case of Windows, this is known as the Recycle Bin. The file appears to have been moved, but the data on the disk remains exactly where it was before. All that has changed is that the operating system's reference to the file has been reassigned from its original directory to the trash area.
If the user chooses to empty that trash area, or if she is using an operating system that does not natively support the undelete capability (such as Linux and Unix), then the space on the disk occupied by the deleted file, is simply marked as available for future use by the operating system. The data in the file is left on the disk, for two primary reasons: Cleaning the file's data from the hard drive would take time, and in most cases would be of no benefit to the user. Secondly, for environments that support undeletion, the data naturally needs to be available in order to "re-create" the deleted file, if and when the user tries to undelete it.
Data That Bites You
This approach to "deleting" files — freeing up the space but not overwriting the data — may offer the aforementioned benefits, but can also pose problems, depending upon one's situation and needs. For evil-doers attempting to hide illegal material or other incriminating information on a computer, the lack of true data deletion can be the critical mistake that leads to their criminal conviction, because law enforcement authorities and their forensics experts oftentimes have years of experience, and no difficulty, in recovering cyber clues from the hard drives of criminals. Of course, this data vulnerability may make the perpetrators quite unhappy, but it is obviously beneficial to society.
Yet the reverse situation — in which the sensitive data of innocent people is used against them — can occur just as easily, and probably occurs even more frequently than does successful data forensics by the police, FBI, and other authorities. There are countless instances in which people sell their hard drives separately or inside computers, and assume that because they deleted all of their personal files, the buyer won't be able to access that information. As we learned above, that assumption would only be true if the space on the disk previously occupied by that sensitive information, just happens to be overridden by a new file. But one cannot and should not count on such luck.
With the "deleted" data still present on the hard drive, anyone else further down the line, who gains access to the drive, can stumble upon that sensitive data — either intentionally for criminal purposes, or unintentionally when trying to recover their own data. At that point, depending upon his character, the discoverer could use your personal information for any number of purposes. (Even more inexcusable is the practice of selling hard drives or computers without even bothering to try to delete one's personal information. Similarly, some hard drive manufacturers are negligent about purging returned hard drives when refurbishing them.)
Wipe That Data!
For people who have chosen to run Linux or a Mac operating system on their computers, they may have a variety of options built into their OSes, for thoroughly cleaning deleted data off of drives. But PC owners running Microsoft's flagship operating system, do not have access to any built-in file wiping capabilities. Even their Windows Recycle Bin only has an option to empty it, but not to wipe the files from the disk. For that reason, Windows users clearly should obtain a quality file erasure program, such as the one that we will be examining in this article, BCWipe.
Figure 1. Jetico homepage
Jetico is a software development company located in Espoo, Finland, and founded in 1995. They make and sell firewall and file encryption products, but we will be focusing on their file erasure product. BCWipe is designed for deleting and wiping individual files, wiping the contents of one's Recycle Bin, or wiping all of the free space on a hard drive, flash drive, or any other data storage device. Its companion product, BCWipe Total Wipeout, is dedicated to thoroughly erasing everything from a hard drive, including any operating system, as well as the boot sector.
Data Security in the BC Era
The program we will be focusing on, BCWipe, runs on Windows (all versions from Vista back to even 9x) and seven different types of Unix. It supports seven different human languages. Even though BCWipe is a commercial offering, it is quite affordable, at 39.95 US dollars or euros. For corporations and other large organizations, volume discounts are available. Best of all, you can try it before you buy it. To do so, simply visit the BCWipe page and click the large blue "Download" button.
Figure 2. BCWipe page
Save the installation file to some location on your computer where you can find it when needed, or on the Windows desktop. Then double-click the file to start the installation process, after which you will be shown the setup program's welcome dialog box, which allows you to change the language from the default, English.
Figure 3. BCWipe install welcome
Then you will be presented with a user license agreement.
Figure 4. BCWipe install ULA
At the installation destination screen, you can use a different target folder in which to install the program, if you prefer not to use the default folder (C:\Program Files\Jetico\BCWipe\).
Figure 5. BCWipe install destination
The next dialog box allows you to specify the name of BCWipe's menu item in the Windows Program menu. Oddly, the dialog box title bar correctly identifies the current version (which is 3.11.7 as of this writing), but the default name is "BCWipe 3.0".
Figure 6. BCWipe install Program menu
In the next dialog box, you can enter a license number received from Jetico upon purchase of the program, or use the trial license that comes freely with the download.
Figure 7. BCWipe install license info
The final dialog box indicates that the setup wizard has finished the installation process.
Figure 8. BCWipe install wizard complete
Now you are ready to begin thoroughly erasing any files containing sensitive information, as well as wiping free disk space, slack space within files, the Windows swap file, names of recently used files, and temporary Internet files created by browsers, including cookies, saved history, saved passwords, and the browser cache.
You can use BCWipe inside Windows Explorer, or in the BCWipe Task Manager, or at a command-line prompt. In case you had any instances of Windows Explorer running during the installation process, shut them down, and start up a new instance. Otherwise, the BCWipe commands will not be found in the context menus as needed. (Jetico should modify the setup wizard to warn the user of this.)
To securely erase one or more files or folders in Windows Explorer, select them in the right-hand pane, and right-click with your mouse, which should pop up the context menu. Within that, you will find the menu item "Delete with wiping".
Figure 9. Windows Explorer context menu
You will then be presented with a dialog box that allows you to perform various operations, all of which should be self-explanatory.
Figure 10. File wiping operations
In the case of the Windows Recycle Bin, everything is the same as described above, but the context menu item is different.
Figure 11. Recycle Bin context menu
You can schedule wiping operations to start at any time, such as during the middle of the night. This is advisable for any wiping of a significant number of files or the free space of a hard drive, says the process can take a very long time — particularly if you choose "military grade" wiping, which involves seven passes over each relevant hard disk sector.
Figure 12. Task Manager
We will not get into the details of how to use BCWipe on the command line, because there are far too many available options. However, the ReadMe.txt file — located by default in C:\Program Files\Jetico\BCWipe — has further details, including the command-line options.
When it comes time to permanently send any type of on-disk information to the Big Bit Bucket in the Sky, consider using BCWipe, which is well regarded in the industry, for good reason.
Remember, secure file erasure is most critical when you are selling or donating a hard drive or computer. Your data is your own — keep it that way!
Copyright © 2009 Michael J. Ross. All rights reserved.