Purge Windows of private data when disk formatting is not an option

When I was hired by my previous employer, I was allowed to use office computer partially for private purposes, i.e. I was allowed to install Dropbox and use Google Chrome with my private account to sync all bookmarks and use password manager.

When I left this employer, to my surprise, I was refused to format system disk. And so, I have come with this short checklist or memo-like article of which steps should be undertaken or considered in similar situation.

Here are these steps:

  1. Start with purging history and all other private data in all browsers, that you have installed. Restart each of these browsers after completion, to check if everything was wiped out.
  2. If any of these browsers were used by you with your private credentials (like Google Chrome and Opera in my case), then uninstall this browser, search entire disk for files and folders (and Windows Registry -- regedit.exe -- for registry entries) matching its name, delete them all and only then perform fresh install of that browser (after step 8th).
  3. For every other software, that you used with your credentials, but is not used in your company and you only used it privately (like Dropbox, Total Commander, TeamViewer etc.) perform the same steps (uninstall, seek & destroy) without reinstalling it back in final step.
  4. Uninstall all other software, that were used by you for private purposes and is not commonly used in your office or you can leave your computer without it.
  5. Clear all recent folders and files in all Microsoft Office programs or any other program, that may have recent list. Clear recent documents and items in Start Menu.
  6. Delete for purge contents of Trash, TEMP and all other folders, that might contain temporary files. Review all other folders and files on your disk(s) to verify, if they shouldn't be purged or deleted as well. This may include:
    • contents of c:\Program Data folder (it is hidden!),
    • folders in c:\Program Files and c:\Program Files (x86) (on 64-bit systems),
    • contents of c:\Users\[username]\AppData (using %APPDATA% shortcut is not enough!),
    • Start Menu entries (looking through them may give you some tips, what else you have left).
  7. Empty entire Recycle Bin and restart Windows.
  8. Create new administrator account and use it to delete your current account. Check option to delete user files as well, but even so, verify that your previous account's folder in c:\Users is gone.
  9. Make sure, that you delete any volume shadow copies -- run vssadmin delete shadows /for=c: for all drives.
  10. Wipe all free space, i.e. all deleted files, and make them unrecoverable, by running cipher /w:c:\ for all drives.
  11. Restart Windows and verify once more if you haven't omitted anything.

Running cipher process (step 10) might be really time consuming and will take from hour to even entire day on slow machines. Thus you must reserve enough time for this. You may, of course, break this process at any time, but the longer it will work, the better your private data will be wiped.

After applying all these steps, you can leave your office and sleep less stressful. You must of course acknowledge the fact, that all these steps won't secure you 100%, but for sure will make some nasty guys (trying to get your private data) a bit more painful.

To make better assurance you would have to DBAN your drive and then format it, but this is not an option in this scenario. If you have a spare USB drive of size equal or bigger than your office computer disk and a lot of time, then you can use Clonezilla to double clone your office disk purging private data in the same time.

And to make yourself 100% sure, that your private data is safe, you'd have to simply destroy office disk, by using nail and hammer few times, riding your car over it or putting it into acid. But that is even less possible solution in this scenario.

Even acid-boiling your hard disk will secure only private copies of your personal data and won't help you much in case of data being backed up in your office network or domain and intercepted from data stream sent or received by your office computer!

If you're starting a new job, where you would like to have access to your personal data, then consider following scenarios (or any combination of following):

  1. Use another (private) computer with mobile Internet to secure both data on disk and transmitted through network.
  2. Use your Windows on non-admin account only.
  3. Use your browser in incognito mode only.

The best one is of course first one, but it is also the hardest (and the most costly) to apply.

Leave a Reply