I would like to post to thank you but will also make your case quite definitely on this statement.
Just for the sake of our previous discussion above I undertook a little test for the past 17 hours.
If you would care to lend me your comments on the following...
---
1) I installed CCleaner (freeware application which supposedly does a disk wipe when instructed of all empty space as well as frees all cache and temp files.) A program which you can get from one of my previously listed links and sources of information above.
2) I also installed the demo version free of charge of GetDataBack for NTFS and already had a free version of WinHex on the system.
3) I ran CCleaner to clear any and all data per default settings once.
I then ran it to Wipe Empty Disk Space once...
this took approx. 2 hours for 11.5 GB on drives C and D.
4) I noticed during the runtime that I got a warning of low diskpace on D when coming close to the end of the wipe thus deducing that CCleaner does the overwrite by not writing directly to sectors/clusters but by creating stray files and filling the space with 0's.
5) Upon completion, I opened D using GetDataBack and confirmed this by finding an excess amount of files randomly named with ZZ..ZZZZ....Z patterns in directories wit the same naming structure.
6) I then found a file of interest, which I more or less assumed I would.
Namely, bootex.log from 2009-04-05 which still was recoverable in both GetDataBack and WinHex.
I have not turned off TimeStamp in XP Professional and yet the content of Bootex.log contained references to a file which had not been on my system for more than approx. one week. Mind you it is now 2010-06-21 and the file timestamps are all around hours during 2009-04-05.
7) When looking at the overwrite patterns in the files generated by CCleaner you find in GetDataBack that all is 0's, whereas in WinHex it is a mix of characters and in some cases including references to file headers and file names showing that CCLeaner writes these files in numerical order... ranges spotted being from file 0 to file 8 with misc. extentions.
----
My conclusion on this test is therefore that CCLeaner although given a good reference does not in fact wipe a whole previously deleted file space.
Of course, having been through hell week in surgery this week I forgot to run a check to compare the differences between $MFT, MFT and $MFTMirr, as $MFTMirr is a backup generated by NTFS/MS of the Main File Table and may still contain data indexing files previously deleted.
This should however not matter for the sake of overwriting files, though it does relate to the evidence factor proving a certain file was on your system.
----
Now, also, I have turned off System Restore for the disk but this data is still contained on the disk in spite of the facts a) I dont use it and b) I have never downloaded any episodes of NCIS to this disk so that must have been done by the previous owner of the hardware.
8) Now for the truly interesting part.
I proceeding in backing up my data I wanted to keep from disk D and then dumped it all except some 3-4 GB worth just for testing.
As you say, don't trust any application running under windows and I must agree completely.
I ran HDDGURU's Low Level Format tool (freely available from http://hddguru.com) for a period of some good 6 hours to clear out disk D of 80.2 GB
It is a Seagate SATA-1 disk which has served as nothing but file storage for the past 6 months.
9) I double checked with GetDataBack for NTFS that no data was recoverable... Checked and OK, the disk comes up as all zeros
10) I double checked with WinHex 12.7 that no data was recoverable... Checked and OK, the disk comes up as all zeros
and now for the whopper....
11) I double clicked My Computer and opened the drive D: and low and behold....
After running LLF with one overpass, windows still accesses the data without any major issues. Some files fail, nut most of the data is still there.
I in fact just sent my self an email attaching some of the supposedly low level formatted data to let my boss at work take a look at this as well.
Today I will go and pick up one of a the newest 1 TB SATA 3 HDD's to test and see if this happens on the newer disks too, since the SATA-1 I have is a first gen disk.
---
Does someone care to comment on this scenario what I just did on my own system? It sure would be interesting to hear the input on this one.
The png attachments you are looking at display the above mentioned D-drive AFTER using LLF Low Level Format Tools from HDDGuru.com
andalaugh: