What is a file shredder? What can it do? Why do I need one? Which one is best?
What is a file shredder?
As we stated on the previous page, a file shredder does for files what a paper shredder does for paper, that is, destroying the file so that nobody can recover its contents. If you are thinking “Isn’t that what happens when I empty the recycle bin?”, then let us do a little explaining as to how files are actually deleted on your computer. Because we all like our computers to work as quickly as possible, when files are deleted from your hard drive all that actually happens is the space the file was taking up is marked as being available for reuse. This means that the computer only has to update something known on modern Windows machines as the master file table (you can think of this as a big index to everything on your disk). For most files this makes sense, but for sensitive files and folders you may wish to take extra steps to ensure your data stays private, this is where file shredders come in.
Who needs a file shredder?
One of the most common uses of file shredders is to prepare computer hard drives or memory cards for resale or disposal. If you have any sort of confidential information on your computer, or you don’t want the person who buys your used memory card to recover your old holiday snaps, you should always use some sort of file shredding utility to clear off all the data before you consider selling or disposing of it. Programs which securely wipe an entire computer or hard drive are sometimes known as “Disk Sanitisers” or “Disk Purgers”. If you cannot use one of these utilities on your old hard drive (perhaps because it no longer works) punching a couple of large nails through the hard disk unit will usually suffice.
Of course, that isn’t the only reason to use file shredding utilities. Many users like to use the facilities offered in some of these programs to clear web surfing history, particularly on shared computers. They can also be used in conjunction with encryption programs to make sure that no remnants of important data remain unencrypted on your computer. Most modern file shredders can also securely erase free space on your hard drive, meaning that even files you (insecurely) deleted in the past should now be securely erased. Shredding cannot, however, protect you if you download illegal or copyrighted material from the internet, since, although you can erase the tracks left on your PC, access logs will still exist with your ISP (internet service provider). It is up to you to decide if you need a file shredder based on the kinds of information you store on your PC.
Are all file shredders the same?
There are many file shredders on the market today, many with advanced features and options that can cover almost every eventuality. However, securely deleting files on modern computers is not as straight forward as you might imagine. Many of the market leading file shredding utilities leave behind remnants of information, struggle to remove smaller files or can corrupt larger files. While we haven’t tested the effectiveness of our recommended products at a forensic level, we conducted extensive research using the web and IT journals to determine the thoroughness of the shredding engines in our two chosen packages.
Is it true that you need to overwrite data several times to make sure it cannot be recovered?
No, generally not. This urban myth goes back to the famous Gutmann file shredding routine, which basically stated that to ensure destruction of any file on any type of media you should overwrite the data with different patterns 35 times. Theoretically it may be possible to recover data that has been overwritten by using an electron microscope and theoretically at least, for each extra time you overwrite the data this becomes more difficult. Even if you want the very best security available when shredding your files, keep in mind that the Guttman paper is not applicable to modern hard drives. More importantly there has never been a single proven case of a computer scientist, forensic laboratory or law enforcement agency being able to recover data that has been overwritten even once.
Realistically, it is more important to ensure that you choose a file shredder that doesn’t miss remnants of files entirely, rather than one that will overwrite the same data several times to protect against recovery techniques that are theoretical at best.
Does using a file shredder guarantee my privacy?
Unfortunately, due to the complex nature of modern operating systems like Windows, there are no 100% guarantees. Data that has been securely wiped by a good shredding utility will be impossible to recover using regular software. If your adversaries are willing to pay large amounts of money, it might be theoretically possible (but very difficult, as discussed above) to recover data by inspecting a hard drive in a forensic data laboratory. Finally, even the top rated file shredders have been shown to leave some remnants of files behind in some circumstances (some brands of USB hard drive seem particularly difficult to clean, even with Evidence Eliminator). If your data is particularly sensitive or prone to theft (such as data on a laptop), consider using encryption software to keep your data secure. We cover encryption software in our guide to encryption tools.
What file shredders are available?
At Top-Windows-Tutorials.com we tried several different packages before deciding on three to recommend to you. The three products we chose were BleachBit, Eraser and Evidence Eliminator.
BleachBit is the best replacement we could find for the venerable Evidence Eliminator, which you can read about at the bottom of the article. BleachBit is open source, meaning security experts all around the world can inspect the programs source code and check that it is performing correctly. The program includes several plugins to clean temporary files and registry keys left behind by many popular programs and more plugins are added all the time. The programs interface is simple and uncluttered and easily mastered.
BleachBit is a no-nonsense file shredder that is well respected in the security software community. To find out more about the program, visit the BleachBit homepage here. You can also view our BleachBit tutorials here.
Eraser is a free file shredder and privacy protection tool that has won several awards including “best file shredder award” in Chip online magazine. Eraser has a plain looking interface but actually includes quite a few neat tricks and of course, being free, it is excellent value for money. Files or folders can be securely erased (or securely moved) by right clicking on them. A complete clean of your computer including free space on your hard drive can be scheduled using the programs built in scheduler. Security wise, Eraser can use anything from a simple one-pass wipe to the highest security Gutmann file shredder routine. Eraser also comes equipped with a “Create Nuke Boot Disk” option which can create a bootable CD-ROM disk that can securely wipe the entire contents of your computer before you sell or dispose of it, very handy indeed.
Although it lacks some of the more advanced features that Evidence Eliminator boasts, Eraser is a solid package that will suit the needs of many users and being free, its price won’t hurt anyone’s wallet. You can download Eraser by visiting the Eraser homepage. You can also view our Eraser tutorials here.
Evidence Eliminator has had a chequered history to say the least. Despite scoring highly in virtually every review and test, the software was often vilified by the media for its questionable advertising practises and high price tag. The product disappeared from sale early in 2013, the companies website briefly reappearing later in the year only to disappear again. Evidence Eliminator is now unavailable for download, purchase or activation. Customers who have activated their product will be able to continue using it, but wont be able to activate it again. We do not know if the product will be available on the market again and given the length of time that has now passed it seems unlikely. We recommend that users switch to either Eraser or BleachBit. If you have particularly sensitive data on your PC, consider using a full disk encryption package such as Truecrypt too.
Discuss this page in our forum.