Odd deleted files. (?)

[MvGulik]

Just wondering about these files. (like to get rid of them, but there not a problem as such.)

 

Recuva is showing me two, clearly really old, deleted files. (they could be pre-window-install created+deleted files. Maybe even pre-FAT32-to-NTFS conversion, posible but I'm not sure.)

Both files are shown as having a unknown size and unknown date.

Both also seem to contain the original data in the first(and only) cluster. (there both zip files and still showing "PK.." data header) ... and thats after a CCleaner "Wipe Free space" and a Defraggler defrag.

 

Also looked at the drive(c:) root-folder data sectors, Recuva say's it found them in C:\, but I could not find any related entry's for them in there. (nor where they found as deleted files by some other disk-related tool.)

 

- Recuva 1.37.488

- Normal Recuva scan. so no deep scanning was used.

- Win.32.Xp.Pro.Sp3

 

TIA for any info.

[eniwetok]

You say it's the first cluster... but could it be the remains of improperly deleted files in the cluster-tips?

 

Secure deletion programs like Eraser have a separate option for overwriting cluster tips...

 

from: http://www2.slac.stanford.edu/comp/winnt/software/Eraser/Securely_Removing_Data_with_Eraser.htm

 

"The next step is the overwriting of cluster tips. A cluster tip (also known as slack space) is the unused area at the end of the last cluster allocated to storing a file on the drive."

 

You seem to be saying this drive has been around... so who knows what's been left behind.

[MvGulik]

You say it's the first cluster... but could it be the remains of improperly deleted files in the cluster-tips?

I have no direct data profing its the first file cluster, but its the only thing that makes sens. It beeing a cluster-tip make no sens to me due to the fact that in both cases the data Recuva is showing starts with the "PK.." zip data header. (that and some of the zip stored filenames that are readeble in that data are clearly related to the original contend of those zip files. So these clusters are not re-used by the system ... or not accessible for some reason. (32G partion, primary)

 

Secure deletion programs like Eraser have a separate option for overwriting cluster tips...

You seem to be saying this drive has been around... so who knows what's been left behind.

Yes, its been running a long time. Don't really care about the left behind data aspect. The fact that those clusters are not re-used or cleared seems to point to some problem or error, which I like to resolve. Thats all. Might give Eraser a try ... but I'm planning a partition backup and restore first, which could get rid of the issue to. (if not, I can at least experiment without worrying about screwing up the system.)

[Augeas]

Without running deep scan, you're looking at entries in the MFT. The only file type I know shown by Recuva with unknown date and size is, or are, deleted email files. These would have a filename with a zip extension. These are created dynamically and can't be securely deleted or defragged or anything.

 

Why do you think they are really old?

 

If they're not email files then:

 

If you want to get rid of the entry in the MFT (so you won't see this file name again) then you could create enough new files to overwrite the entries. If you don't run CC for a while, and you don't have hundreds of thousands of file entries in the MFT, and you do something like a Windows patch/upgrade, then these entries will eventually be overwritten. Justr keep your eye on them until they are.

 

Alternatively you could use the Wipe MFT option in CC. You will need to have Wipe Free Space enabled also I believe. Some users (one, at least) select this option and when the Wipe MFT has finished, cancel the Wipe Free Space. I don't do any of this so be it upon your own head, as they say.

 

The file left on disk will eventually be overwritten, or not, but it isn't really important. Or you can let Wipe Free Space run to its more or less useless conclusion.

 

It isn't cluster tips by the way, or my name isn't what it is, and it is.