How to reset an NTFS MFT for no tracks of deleted files names to be found there?

security hard-drive data-recovery wipe

When a file is deleted from the hard drive and the free space it used to occupy is securely overwritten (wiped), recovery tools can still usually find the file was there and show its name. As far as I understand this is because some data about old files is left in MFT area. How to eliminate this?


Solution 1:

I've used the MFT wipe free space with CClean. (It does take forever, up to several days.)

Before running wipe, I could easily get a full list of previously deleted files with Recuva, despite the files being several years old and overwritten multiple times beyond recovery. This is because Recuva takes the list of files from MFT. https://www.piriform.com/docs/recuva/technical-information/how-recuva-works (Unless you run the deepscan, which actually goes through the disk, seeing what's in there. This also takes forever, however.)

After running MFT wipe free space with CClean, Recuva finds nothing. Not without deepscan anyways. Therefore, I'm fairly certain CClean also takes MFT into account whilst wiping.

Solution 2:

First, check how many files Recuva reports that can be recovered. Say it is 1001.
Open a command window and create a temporary directory. Change to that directory.

MKDIR C:\TempReco
CD C:\TempReco

Create at least 1001 files in this directory using the command below with proper parameters.

FOR /L %i in (1,1,1001) do echo willdelete>file%i.tmp

When this completes, delete the files with either from command window or by locating with Windows Explorer. Then, empty the Recycle Bin.
When you check again with Recuva, it will only show filenames you have just deleted.

Solution 3:

Short answer, it is not possible.

The MFT is a complex dynamic table file at the heart of the NTFS. To change one small part of it, corrupts the whole drive.

MS isn't telling how it is structured, and no one is going to risk putting out a application on a trial and error basis, that 'cleans' the file names, if there is any chance it will destroy the system.

(Oh yes, insert negative comments about MS exposing peoples data here.)

So depending on the pros and cons, you may want to restart with a fresh install, and then use less sensitive file names and use secure deletion at the recycling bin. Use TrueCrypt containers to keep files separate from programs. Perhaps FDE (Full Disk Encryption) is a option if it is that important.

To make things clear to others, it is not what Ccleaner and the others do, drive wiping the MTF and defragging it and all the rest doesn't clean the MFT names. They overwrite the file spaces in the MTF, but the names remain. It is the deletion of the FILE NAMES ONLY that the OP is asking about. (File names that can only be seen with specialized file recovery applications)

Related

USB 3 write speed fluctuates in Windows 10
Confusion as to what the sentence means
Synonym for a material that is resistant to fire [closed]
Looking for a word to describe a misleading numerical indicator
how can I do a ping test on the terminal?
Multiple Find and replace in Notepad++ using regular expression
Is there a name for this type of heel?
No option to go back?
The use of definite article with phrases including "of" [duplicate]
Difference between "admit" and "accept"
Thunderbolt hotplugging in Ubuntu Linux
Is it offensive to call someone as "mister"? [closed]