Wipe your Deleted Data Away: Using cipher.exe
"For a complete guide to security, check out 'Security+ Study Guide and DVD Training System' from Amazon.com"
Cipher is a cool tool; you can use it in quite a few ways. In this article we will focus on its newest functionality, the 'wipe all' feature. There are times where things just happen, an executive in a company I have worked for had his laptop stolen out of the back of his car because someone smashed the window in, and they saw a laptop case. Since this procedure was commonplace due to the sensitivity of the data we store, nothing was gained because the thief got a laptop clean from any critical data.
Let's look at how to use the tool.
Open a Command Prompt by going to:
Start => Run => CMD => hit Enter => type cipher /? to view the syntax.
Let's break this up into sections. First, you can see that you have the basic syntax for the command. You can use the command in the following way with switches.
The switches used are listed next. These are all important, but beyond the scope of this article. A future article will contain more information on the detailed usage of cipher.exe
The command we are going to be using is the last one in the list - the /w switch
So, if you wanted to cipher /w a folder on your C: drive called 'ENCRYPT'D' you would do the following command:
cipher /w C:\ENCRYPT'D
In case you don't remember how to encrypt a folder, right click one and view its Properties ...on the bottom of the Properties dialog box there is an Advanced button, clicking on it produces the Advanced Attributes dialog box. On the bottom of that dialog box is an option to encrypt the folder:
The cipher will begin its run:
Once completed, the wipe is done and any deleted data on the drive that has been deleted will be 'history'. Good work, you have just made your system more secure. If it's taken or stolen, all deleted encrypted data has been safely removed from your system for good.
In this article we covered the basics of using cipher to remove encrypted data marked for overwrite (deleted data is called 'deallocated' until it becomes 'reallocated') so in case your system is stolen or falls into the wrong hands, any data you bothered to encrypt for security suddenly becomes accessible to someone who knows how to get it. System administrators and engineers can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. If your laptop for instance was stolen, data recovery software could turn up your deleted encrypted files. Like I mentioned earlier in this article, if you went through the trouble of encrypting the folder in the first place, the last thing you want to do is have someone grab it because you deleted it! Stay tuned for more articles!