In windows the file name is actually seperate from the actual data of the file.  The file takes up a space on the hard drive and the name of that file is really just a record in the master fat table (MFT).

For instance, if you make a text file in notepad and name it A.txt and save one characture inside it like 1, if you view the properties of the text file you will see that it's size is 1byte.  (1 characture is one byte)

Now if you reame that file to abcdefghijklmnopqrstuvwxyz.txt you will see that the file size is still only 1byte.

That shows you that the filename is seperate from the file, otherwise the size of the file would have increased by 25bytes.

So that shows you for any file, it is really 2 parts.  The actual file is the data and the name is a record in the MFT.

When you overwrite a file, it overwrites the data part on the hard drive and makes the contents of the file unrecoverable.

But the record is still in the MFT so the name of the file may be visible but the data of the file is unrecoverable.

Usually this isn't a concern unless the name of the file gives away what you may or may not have had on the system at one time. 

In order to remove the file name, the record in the MFT has to be "scrambled".  Because of windows limitations and the fact that this table holds all the records for every file name on the system, it can't be overwritten or erased, all that can be done is "scramble" the record.   When that is done you may or may not still see "gibberish" names in the recovery wizzard.

You may notice random names in the recovery wizzard but the actual files are unrecoverable.

If you see file names that are still "Green" and recoverable, it's usually due to the location of the files.

Windows is unable to lock certain folders in use.  The only way I have gotten around that is by trying to wipe the free space right after a reboot (before opening any programs), or by thoroughly defragmenting the drive to move the physical location of those folders and then wiping the free space of the former location.

It's actually very difficult to wipe data off a system, thats why it is so easy for people to recover sensitive data from one.

The only true and reliable way to do it is from "outside" of windows when nothing is in use and when you can use something that does not have to "respect" windows folder and user permissions.

It's not an easy task but it's nice to have the recovery wizzard to give you an idea on what is still there.

Dave

Ok - some of that info I got during some of my computer forensics courses.  I try the defrag and than free space wipe after a MFT bleach'

CCleaner has an interesting way to get rid of the entries in the MFT. They keep producing dummy files that will eventually overwrite the unused names.

I been using CCleaner for years but I never tried wiping free space with it.

I installed norton utilities 15 on my test system a couple hours ago and got the results I expected, in XP a lot of files were untouched in the "documents and settings" folder and the program folder.

I been using a free program called "eraser" for may years.  For some reason I can't recall I didn't like the new version 6 but I just installed that on my test system to give it another try.

All my systems dual boot and I have always had much better results wiping free space from the other OS so nothing is locked or in use.   I also used to run some tools from a PE disk.

One of the problems with the MFT is that there isn't really a way to "compress" it.  It just grows and grows and windows never provided a way to remove all the old entries and rebuild it to make it smaller.  Like what happens when you optimize the registry or compress email folders.  There is a program that claims to be able to do it but I never got around to testing it.

I'll try ccleaner as soon as eraser is done. It might take a while.

Dave

What is eraser you mentioned?  Is that like a wipe of free space?  Can you run the norton disk defrag from a windows 7 professional boot disk?  Any documention on this?

Thanks

Here is Eraser

http://eraser.heidi.ie/

I doubt you can run speed disk from a windows 7 disk.  Chances are there are too many system files and registry entries needed.  I'm not really sure what can be run from the windows 7 recovery disk in the first place.  I never tried much.

I do however have a couple windows PE disks that I can run certain "portable" apps from.  One I use a lot is "defraggler portable" and that is a disk defragmenter.

I can't recall if I ever tried ccleaner portable or not, but both of those are freeware too.

Making a XP based PE disk is fairly straight forward using something like UBC4win (an improved Bart PE).

There are some plugins availible for eraser if it's not already included.

Making a Vista or Windows 7 PE disk is not so easy.  I done it a couple times but I really don't understand it very well.

Red is by far the expert here in that.

Dave