Jump to content


Photo

How to VIOLENTLY delete files from NTFS partitions?


  • Please log in to reply
27 replies to this topic

#1 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 13 July 2004 - 03:55 PM

From time to time, a person decides that his operating system is too screwed (constant errors, crashes, slowdowns) and decides that he wants to reinstall it FROM SCRATCH, i.e. make sure that no traces of the system remain.

One simple way to do it would be to format the partition, but what if there are a few gigs of valuable stuff on that partition and no way to move them / back them up (no additional partitions, no recordable media with enough storage capacity)?

If it was something running of FAT32, I'd simply boot into DOS mode with my Win98 boot disk and delete all the system files manually:

C:\WINDOWS or C:\WINNT - GONE!
C:\Program Files - GONE!
C:\*.* - GONE!
C:\Documents and Settings - GONE! (after moving all the vital stuff to another folder)

Simple, no?

But how do I do it when my OS is installed on a NTFS partition with all its file permissions and protections?

Any simple way?

#2 Curley_Boy

Curley_Boy

    enthusiast

  • Members
  • 302 posts

Posted 13 July 2004 - 04:30 PM

If your data is really that valuable you should find some way to back it up properly. If you want a complete Windows reinstall from scratch then you need to reformat your installation partition to get rid of any left-overs from your old Windows install (bye-bye precious data).

Hard drives are cheap these days, as are CD-RWs and DVD writers are coming down in price. I know forking out for stuff is never a joyful experience but it is better to have your data safe before you start messing around (I'm speaking from many instances of painful experience: plan for the worst).

However, If you are intent on pursuing your current plan then you might find this useful:

http://www.nu2.nu/pebuilder/

BartPe is a customised boot CD which will give you access to any 2000/XP/2003 installation with a GUI, network and full file system support.

#3 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 13 July 2004 - 06:31 PM

Originally posted by Curley_Boy:
Quote:
If your data is really that valuable you should find some way to back it up properly. If you want a complete Windows reinstall from scratch then you need to reformat your installation partition to get rid of any left-overs from your old Windows install (bye-bye precious data).


Where would those left-overs be if not in the directories I mentioned? Why would I need to format?

Originally posted by Curley_Boy:
Quote:
However, If you are intent on pursuing your current plan then you might find this useful:

http://www.nu2.nu/pebuilder/

BartPe is a customised boot CD which will give you access to any 2000/XP/2003 installation with a GUI, network and full file system support.


I'll try that, thanks.

You see, the reason I'm investigating this issue, is not just for my own PC. I _do_ have a DVD-Writer. But in the past I've been fixing and reinstalling systems for neighbors many times, and when you're doing it for someone else who doesn't want to lose his data, you can't say: "go and buy a DVD-writer or a hard disk first".

Of course, you can say: "you have no choice but to format", but it's always better if you have a choice.

#4 thatsteveguy

thatsteveguy

    enthusiast

  • Members
  • 310 posts

Posted 13 July 2004 - 08:05 PM

for future refrence this is what I do and what I recommend.
When installing windows I create a 6 - 10 GB partition that is my C: drive and I install NOTHING but windows there. all My data, games etc I put on other partitions.
that way whenever I re-install windows (which I do at least twice a year)I wipe the C: drive and re-install and that way I still have all my valueble data stored on other partitions.
this is my current partition table

C: drive 6gb (windows only)
D: drive 30gb (games partition)
e: drive 30gb (games partition)
f: drive 30gb (video editing)
g: drive 20gb (application partition)

S

#5 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 22 July 2004 - 03:43 PM

OK, I got it. Winternals NTFSDOS Professional is the key.

#6 adamvjackson

adamvjackson

    Pooh-Bah

  • Members
  • 2174 posts

Posted 23 July 2004 - 11:21 PM

APK, AFAIK, all the feds, et al actually do is replace the read/write head with a more sensitive/powerful magnet.

Also, check out http://dban.sourceforge.net

Free (as in speech and beer) and good.


From the "News" section on the DBAN page:
March 2004: DBAN appears briefly in the TechTV Screen Savers episode How the Department of Energy Stays Secure. DBAN is part of the National Nuclear Security Administration suite of security tools.

#7 CyberGenX

CyberGenX

    addict

  • Members
  • 645 posts

Posted 24 July 2004 - 03:31 AM

This may sound TOO simple of a solution for some to grasp, but it is what i do when that case comes up.


PULL THE HARD DISK. PUT IT INTO YOUR COMPUTER. AND EITHER...

A. Backup all the data to your own drive somewhere, format the disk, and put the crucial data back.


OR

B. Simply delete all the windows, program files, doc and sets, etc. Make sure view all hidden files is enabled as well as system files viewable.


Something like this takes me a whole 10 minutes and i don't have to deal with DOS commands etc.

#8 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 24 July 2004 - 12:09 PM

Quote:
Strictly following the post topic itself?

"How to VIOLENTLY delete files from NTFS partitions?"

LOW-LEVEL FORMATTING, surest method I know of for 'total disruption' of disk-content (& then personally? I would sweep the disk repeatedly using a magnet believe it or not).


Ah, but in the topic I asked about "deleting files", not "deleting ALL files". Your method will not work if you only want to delete files selectively. A low-level format will erase everything, and the magnet method is one you absolutely don't know what it will do. wink

Quote:
B. Simply delete all the windows, program files, doc and sets, etc. Make sure view all hidden files is enabled as well as system files viewable.


That's my method exactly. Unfortunately, you can't do it from within Windows, because the Windows run-time environment protects these files. So you need to boot into pure DOS and do it from there. But if the partition is NTFS, the standard pure DOS available on Win9x won't recognize it, so you need a tool like the NTFSDOS Professional.

#9 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 24 July 2004 - 11:27 PM

Originally posted by Alec§taar:
Quote:
WRONG: You did not read lower into the thread where I posted, where I typed this


I did read it, I just chose to reply to the low-level/magnet part of your post only. I assumed you meant in jokingly, so I joked back.

Originally posted by Alec§taar:
Quote:
Look before you leap, & try to correct me my man, I did list a way to burn individual files securely, & with a program I WROTE MYSELF as well!


Ah, excuse me. Did anyone ask you "how do I delete files so that even the best recovery tools can't resurrect them?" Did you even read the original question? Really, it seemed like all you wanted to do was to brag about the "mega-kewl" program you wrote. Well, let me compliment you on your programming skills, which are without a doubt better than my own, and let me also compliment your ego, which is once again, without a doubt, bigger than my own.

Originally posted by Alec§taar:
Quote:
And, if you read the intial topic as I did? The phrase "how to VIOLENTLY delete files from a partition" is the same as "delete ALL files from a partition" to me @ least because of the use of the word partition (meaning doing a logical disk section entirety)...
.

Oh, I get it. So now you're going to tell me what I meant in my original topic. Now, I suppose you could claim that my choice of title "how to VIOLENTLY delete files from a partition" was misleading (evidently, it confused you), but if you at least bothered to read the original post, not the title, you'd quickly understand what problem I was trying to address, and that talking about magnets and federal data eradication policies is at the very least irrelevant.

Originally posted by Alec§taar:
Quote:
Still, I covered what you tried to cut me down for, as well... ONCE MORE, you had best read ALL of what I write in its entirety next time around! apk


Funny, I should say the same to you, since you clearly didn't bother to read what I wrote in my first post. Or maybe you did read it, but chose to ignore. In which case you shouldn't assume that I didn't read what you wrote just because I didn't reply to it.

#10 adamvjackson

adamvjackson

    Pooh-Bah

  • Members
  • 2174 posts

Posted 27 July 2004 - 10:09 PM

Good read, thanks Alec.

I subscribe to the SecurityFocus Forensics mailing list, and there's always interesting discussions going on there, as well as legal issues.

#11 adamvjackson

adamvjackson

    Pooh-Bah

  • Members
  • 2174 posts

Posted 27 July 2004 - 11:55 PM

Actually it is similar to SANS, although more categorized. SecurityFocus is the home of BugTraq, which you've no doubt heard of.

I subscribe to the 'digest' mailings, which have several threads in one email for easier reading (and less clutter).

Of course all of the lists can be read online too, here: http://securityfocus.com/archive

smile

#12 adamvjackson

adamvjackson

    Pooh-Bah

  • Members
  • 2174 posts

Posted 28 July 2004 - 06:21 PM

Originally posted by Alec§taar:
Quote:
Wow... lol! You MUST be way way into the security stuff... you a network admin? You've gotta be... & from the appearances of it, one that stays ontop of his game regarding security!


Yep, I am. Thanks, too, for the nice words. It's really an interesting and fulfilling job for me smile


#13 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 31 July 2004 - 10:11 AM

LOL, Alec. Come on, man, you're just blabbing.

If you read and understood my original post (not just topic title - which you seem to be sticking too much to), you'd see that all I wanted was something to let me run DELTREE over a system directory on an NTFS drive, which is something I obviously can't do while Windows is running and something the Windows recovery console doesn't allow me and something I can't do from a FAT32 OS Bootdisk, because it cannot see NTFS partitions.

But even after I found a solution myself and posted here that I found it, you came and started talking about your program. With your experience and understanding of computers, couldn't you see that it was completely irrelevant? Did I, or anyone else in this topic exhibit interest in secure destruction of data, which makes it unrecoverable? And please, don't mention again that this is how you understood the topic title. Titles do not matter, many people just post something like "HELP". It's the contents that matters.

I don't mind that you and Adam had a nice chat in this topic on things that interest you and have no relevance to the topic itself, as I found my solution. But I do mind being treated as stupid and talked to in a condescending manner.

#14 n99nyrwg

n99nyrwg

    stranger

  • Members
  • 10 posts

Posted 05 August 2004 - 12:54 AM

Actually dr_st, I thought when going into this thread it was going to be about permanent deletion of files as well. Then after reading your first sentence of your post I thought that was surely what it was about. But then by the end of your post I really wasn't sure exactly what you wanted. Did you want a way to permanently delete files, or did you want a way to delete just the os files? Now I know it was the latter, but in that case using the word violently and the phrase 'without a trace' was misleading. But let's forget about that. More importantly if you are going to post on a help forum and ask for help, that is what you did, do not attack the people that are trying to help you. Let's say he was trying to promote his program, it was still relevant to your request, thus it was still help, or an attempt at it.
Quote:
But I do mind being treated as stupid and talked to in a condescending manner.

It's the internet, relax.

Lastly, Alec, he's not worth your replies.

I've been on this forum for an hour or so and I've already noticed that Alec answers almost everyone's questions. That is why I felt like posting this. dr_st needs to be more grateful imo.

dr_st I am sure you will attack my post, but I'm not going to reply. This is a computer help forum, flaming has no place here. If you got what you needed then stop posting rants.

#15 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 07 August 2004 - 12:45 AM

Quote:
Actually dr_st, I thought when going into this thread it was going to be about permanent deletion of files as well. Then after reading your first sentence of your post I thought that was surely what it was about. But then by the end of your post I really wasn't sure exactly what you wanted. Did you want a way to permanently delete files, or did you want a way to delete just the os files? Now I know it was the latter, but in that case using the word violently and the phrase 'without a trace' was misleading. But let's forget about that.


Fine. Let's conclude that I really screwed up there and couldn't formulate my request properly. Happens to the best of us.

Quote:
More importantly if you are going to post on a help forum and ask for help, that is what you did, do not attack the people that are trying to help you.


I never attack anyone unless provoked. When someone talks to me like I'm an idiot and says things like Alec said in his post from 2004-07-24 07:22:37, I consider that provoking.

Quote:
It's the internet, relax.


I'm pretty relaxed. I can be deeply cynical and vicious when relaxed, just like I can be Mr. Kindness even when nervous.

Quote:
dr_st needs to be more grateful imo.


Luckily, your "imo" means nothing on this matter. I'm always grateful when people help. I try to be grateful if a person just tries to help, even if in the end he doesn't. Here I stopped being grateful at the instant I picked up the condescending vibes, because like I said, this is something I don't like.

Quote:
dr_st I am sure you will attack my post, but I'm not going to reply.


Right on the money, chief. wink



#16 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 07 August 2004 - 11:01 AM

Quote:
Originally posted by Alec§taar:
Ah, it's cool... he's just a proud guy that is convinced he's right!


So are you.


#17 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 07 August 2004 - 03:06 PM

This isn't about being right or wrong here, it's about understanding the question and providing a relevant answer, which you didn't do (Don't argue with me here, please, I know what's relevant to me). In part it was because I probably didn't formulate my request clearly enough and for that I apologize.

Bygones.

#18 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 09 August 2004 - 05:06 PM

Quote:
All your insults aside (like saying I was 'blabbing' above, when you did not come back, Adam & I had a subdiscussion about a topic he brought up instead)... I can take it, my skin's thicker than that.


"Blabbing" did not refer to your convo with Adam, but to you constantly trying to prove to me that you answered my question, when I was saying you didn't. My apologies again for being misunderstood.

Quote:
I mean, given the data & facts you give us, which you modified as YOU went along & did not state to us fully/cleanly it was confusing to myself & others what you wanted.

Others in the topic apparently agreed with me & you apologized yourself for making a mistake in this regard in fact!


Normally I don't get misunderstood in issues like this. At least not by people who have a clue. You definitely have a clue, which is why I am still surprised you couldn't understand my problem, even considering the fact that I didn't formulate it clear enough (again, seemed to me pretty standard a problem for everyone to understand, even without me giving graphic descriptions of typing DELTREE C:\WINDOWS)

Quote:
This is the part I am not understanding from your end... why can't you alter those &/or why should you have to? Administrative group users should have enough filesystem ownership by default to not make NTFS filesystems rights a problem... & you can increase other users rights too!


Here's a challenge:
(1) Log in as the administrator with all the administrative rights and privileges.
(2) Shut down all processes except the system processes you can't shut down (and Explorer, which needs to be running)
(3) Try to delete C:\WINDOWS (or whatever your Win dir is).
(4) Tell me what happened.


The administrative rights are not the problem. The problem is during run time you cannot delete files which are protected by running processes. A lot of files in the Windows directory are just like that. To simplify, I always delete the Windows directory from DOS. To do that I needed a utility which will allow me to see and manipulate NTFS folders from DOS.

In case you are now thinking to write "Well, if this is all you wanted, why didn't you just say it?!" I apologize in advance once more for being too unclear.

Quote:
Also: I see you mentioned Sysinternals tools above, did this help? I would like to know... thanks!


Yes, like I said, NTFSDOS Professional helped. It allows just that: manipulating files on NTFS drives freely from DOS environment. BTW, it's scary how it completely seems to ignore administrative rights. Or maybe I haven't looked into it enough yet.

Quote:
Ok, now that you've stated a 'deltree' was what you wanted? Try this:
*BATCH FILE*


I know how to use DEL, RD, DELTREE and ATTRIB, thank you.

Quote:
Play with those NTFS userrights on the filesystem to make it work (this is where I am not understanding you fully, apparently... why not just increase those, & why are the default Administrative level NTFS rights not enough?)


Irrelevant. Not the problem. Hope this time my above explanation was clear enough. If it wasn't, this time I'm not going to apologize.

Quote:
If you don't have enough saavy of this stuff (although stating the deltree command says to me you do) to state your question properly? WELL, What do you want from any of us?? We could only work with what you gave us, which you changed more as you went, initially to start with.

Guy: You never mentioned recursive function being desired on your first 5 postings in this thread... you admit this yourself!


When someone tells you he wants C:\WINDOWS gone, what pops to your mind?

Quote:
NOW, You've got a DELTREE solution up there that should work, or one you can adapt further to your needs if need be & alter to your own unique purposes & if you have to?


Here's a shorter one:

ATTRIB -R -H -S DIR_I_WANT_TO_DELETE
CD DIR_I_WANT_TO_DELETE
ATTRIB -R -H -S *.* /S /D
CD ..
RD DIR_I_WANT_TO_DELETE /S


Quote:
What was your solution you said you found, I am curious on that & might pickup a new trick here too... thanks! apk


I hope that you know the answer to this already having read down to here.

Quote:
* HEY, This could be some fun to co-create something cool like that with you I think as others here could use it as well! Better than arguing stupid points on both our ends I say, just because we didn't understand exactly what you wanted early on & now we do!


Jesus fuck, man. Why reinventing the wheel? Create an NTFSDOS Professional floppy, boot from a DOS/Win9x floppy, launch NTFSPRO.EXE and type a few commands from the command prompt. Why build a batchfile even?

The more I talk, the more I think that it's not an issue of you misunderstanding my initial question, it's an issue of me and you having COMPLETELY DIFFERENT AND INCOMPATIBLE PATTERNS OF THOUGHTS. LOL. Or maybe we are both just too stubborn for our own good.

Have fun and thanks for wasting so much of your time on me. And I mean, wasting, yes, because the solution was ready before your first post in this topic took place.

EDIT: Having re-read my first post again... Yeah, you are completely right. It wasn't clear. I put in some irrelevant stuff and left out some relevant stuff. The problem is that I take some things for granted, while they aren't. Once again, my most sincere apologies.

#19 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 10 August 2004 - 09:53 PM

I think I can now sum it up.

When you want to reinstall Windows FROM SCRATCH, you have two options basically. First one is indeed format the partition, but as I explained, sometimes it's a thing you don't want to do, because you may have lots of valuable stuff on that partition with no means or no will to back it up.

To have a clean install without formatting, you need to erase the exact directories that I mentioned in my first post.

You cannot delete them properly while Windows is running. Like I said, it's not an issue of administrative rights, but of files being protected by the run-time module. Your batchfiles won't do the trick here, because all they do is call the systems delete commands, which will not work, because of the above mentioned protection. You will simply run into many files which will give you the famous "Access is denied" message.

BTW, your comment on my suggested batchfile not having DEL or ERASE, look closer: RD /S in Win2K/XP = DELTREE in DOS/Win9x. That's why I said that your batchfiles are reinventing the wheel - there is a built-in deltree in 2K/XP. Not sure about NT, though, I don't think I ever used it.

Your next suggestion, the recovery console, was the first thing I tried. As you guess, it didn't work. It's funny that the RC allows you to run format on a partition, but doesn't allow you to run RD over a selected directory (Access is denied). So, unless there are some more complicated ways to get the RC to allow you to RD a direcory, it is not an option here too.

Hence, I was looking for a way to get a pure DOS environment with full access to any NTFS volumes. Since the NT OSes don't run over true DOS, they don't provide you with such tools. I couldn't find any 2K/XP bootdisk to allow me to do that either. That's when I ran into NTFSDOS Pro.

The great thing about NTFSDOS Pro is that it makes any NTFS partitions look like regular FAT/FAT32 partitions to the OS, allowing you to use any OS commands on these files in Win9x environment. BTW, apparently it won't work with DOS 6, as I originally thought (I tried it with Win98SE bootdisk).

You can find yourself in need to access the hard drive from pure DOS from various reasons. For example, just a few days ago I had a totally fatal WinXP crash (REGISTRY_ERROR 0x51). It wouldn't boot normally, it wouldn't boot in safe mode, it wouldn't boot to the recovery console, it wouldn't even boot ERD Commander 2003 (a full-featured Win-style recovery environment by Winternals, the same guys that made NTFSDOS).

This situation is pretty rare, but if it happens - you absolutely cannot access anything on the hard disk except from pure DOS. What do you do if you have some crucial files there and you need them?

If the partition is FAT32, you can use a regular Win9x bootdisk. If the partition is NTFS, you get the same result with Win9x bootdisk + NTFSDOS Pro.

#20 dr_st

dr_st

    stranger

  • Members
  • 18 posts

Posted 11 August 2004 - 04:54 AM

Quote:
One should ALWAYS do backups... current ones!


Yeah, but if you want to always do current backups of everything, you'll end up doing nothing but running backups. So in the end, most people do selective backups of their important data every once in a while.

Quote:
You can install another instance of Windows into other folders you know... say, WindowsXP install to C:\WINNT or Windows2000 to C:\WINDOWS.


Yeah, you can. But there are also "Program Files" and "Documents and Settings" and the files in the root folder, and I don't want to trust Windows to be able to throw the old junk out itself, so I prefer to delete this junk myself prior to installing.

Quote:
Your batch most certainly won't... I don't see this RD /S there @ at all its contents from above that you typed out.


Are you blind?

Quote:
However, if you used a TOOL like inuse.exe on these files locked by themselves OR another process? Like how I did a REM statement for cacls.exe OR xcacls.exe above but subbing in INUSE.EXE from the reskit??


Dunno, never tried. Don't care enough.

Quote:
Again: They're BOTH superior to RD /S (which your batch did not have @ all in its content I can see going line by line thru it)


I'll ask again: are you blind?

Quote:
in the case of Hidden OR ReadOnly directory folder contents... RD /S won't work on that, my batchfile, will!


What makes you say RD /S won't work on hidden/system/read-only files/directories, when it clearly does work? So, unless you count the verbose messages as an improvement, it's really nothing but reinventing the wheel.

Quote:
It would be if you went @ it file-by-file, directory-by-directory, which is TIME CONSUMING as HELL!

(Some of the tools in RC? I hate... copy will not use wildcards, etc. is a GOOD example of why I think @ least it needs a commandset update/upgrade!)

(I.E.-> RD in recovery console is NOT recursive... it seems like command.com circa DOS 3.3 @ best on many of its commands, with some NT specific commands for drivers/services/formatting etc. @ best in RC commandset!)


Conclusion: RC is crap?

Quote:
BACKUPS: So crucial... to serious users @ least, or those that hate wasting time.


Unless you reach to the point where you start wasting more time on backing stuff up than on working.

Quote:
Again, 2nd OS install (or RC tools for recovering bootsector or bootrecord in FixMBR or FixBoot) can get you past this without needing NTFSDos, wouldn't you say?


First of all, not always. In the example I brought, nothing related to Windows would boot - not Windows, not Safe Mode, not RC, not installer, not third-party tool. That was truly a hideous crash.

Besides, what's simpler / more efficient: installing a second OS or launching NTFSDOS from a floppy?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

IPB Skin By Virteq