This tutorial will show you how to overwrite (secure erase) deleted data on a drive so it can't be recovered or accessed in Windows 10 and Windows 11.
When you delete files or folders, the data isn't initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is deallocated. After it's deallocated, the space is available to use when new data is written to the disk. Until the space is overwritten, you can recover the deleted data by using a low-level disk editor or data-recovery software.
When you encrypt plain text files, Encrypting File System (EFS) makes a backup copy of the file. So the data isn't lost if an error occurs during the encryption process. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data isn't removed until it has been overwritten.
The Cipher.exe command removes data from available unused disk space on the entire volume. Data that isn't allocated to files or folders is overwritten. The data is permanently removed. It can take a long time if you overwrite a large amount of space.
You can use the Cipher.exe command to manually overwrite (secure erase) deleted data on a drive on demand.
References:
Use Cipher.exe to overwrite deleted data - Windows Server
Describes how to use Cipher.exe to overwrite deleted data in Windows.
learn.microsoft.com
cipher
Reference article for the cipher command, which displays or alters the encryption of directories and files on NTFS volumes.
learn.microsoft.com
You must be signed in as an administrator to use the cipher command.
For SSDs, simply overwriting data blocks may not be sufficient due to the way data storage is managed internally by SSDs.
Here's How:
1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.
2 Type the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)
cipher /w:<drive letter>
Substitute <drive letter> in the command above with the actual drive letter (ex: "C") of the drive you want all deallocated space on it to be overwritten.
For example: cipher /w:C
That's it,
Shawn Brink
Last edited: