For the past two months, we’ve been tinkering with Cipher (cipher.exe), the Windows command- line tool for controlling Encrypting File System (EFS). The bulk of EFS’s job is to encrypt data files and manage the keys it uses for that encryption, as I demonstrated with the previous two column’s looks at the tool’s /e, /d, /r, and other options. But Cipher offers other cool functionality, not least of which is its ability— with its /w option—to simplify the decommissioning of old systems.

Disk Decommissioning
What do you do with old computers—sell them or donate them to a charity? The answer to that question is important because those old systems probably contain one or more hard disks that contain all sorts of confidential information. I always wince when I see someone selling an old laptop or desktop computer because I’m almost certain the seller hasn’t removed his or her personal data from the system’s hard disk. Perhaps the seller has formatted the disk, but there are so many tools on the market for restoring data from formatted disks that I wonder how many people have been embarrassed after selling a computer. A few times, I’ve purchased used computers and discovered personal-finance files, old email messages—you name it, all recovered without any genius.

So, before letting go of a computer, you need to ensure that its data won’t fall into the wrong hands. One solution is to get rid of the computer but keep the hard disk, but then we’re back to the question, “How do I get rid of the data on the disk?” Some people use old hard disks for target practice, which is fine if you live near a rifle range. I’ve seen an amazing US Army machine that shreds hard disks, but unfortunately I can’t afford a toy like that. The best solution is to overwrite every sector on the disk with random patterns, and—according to some—repeat that several times. One erasure might not entirely overwrite a magnetic area. (Having said that, I’m not aware of an off-the-shelf hardware or software solution that can reliably read a hard disk that’s been overwritten once.)

Cipher’s Solution
Cipher offers a method for erasing a hard disk so that you can feel fairly secure that none but the most technologically savvy bad guys can get to its erstwhile data. You perform the process in two steps. First, format the target disk. The easiest format procedure is probably to put the disk in a USB-compatible external hard-drive enclosure, then connect it to your new computer. Then, once you’ve emptied the disk, open a command prompt (I’m assuming your new computer is running at least Windows XP) and type

cipher /w:<d:>

where d: is the drive letter of the disk you’re decommissioning. Cipher /w will overwrite all unused sectors on the disk with zeroes, then ones, and finally a random number. The key to understanding the process is the phrase “unused sectors.” If you don’t first format the disk, Cipher won’t touch the sectors that contain your data!

You might be wondering why you need to go through the whole process of connecting the soon-to-be-decommissioned drive to a working system rather than, say, booting Windows Preinstallation Environment (PE) and running Cipher from Vista. I tried that latter solution with no success. Apparently, Windows PE lacks the suite of cryptographic support routines that Vista contains. Oh, and don’t expect to get Cipher’s overwrite process done quickly. In my experience, Cipher requires a minute or two per gigabyte. Start the encryption at night, and your disk will be clean as a whistle by the time you wake.

Don’t Worry
On a final note, let me save you some time and aggravation. When you make it known that you plan to use Cipher /w to decommission a drive, someone—inevitably a security guy—will no doubt claim that overwriting a drive a mere three times is insufficient to truly protect that drive from a determined hacker. Now, I freely admit to being a card-carrying security guy, but some of my compatriots seem more interested in worrying people than truly analyzing a security situation. Could the NSA or CIA retrieve data that has been overwritten only three times? Yes, those agencies probably could. But as long as you’re not a member of Al Qaeda, you can surely rest easy after accomplishing a “mere” three overwrites.