Securely shred files that has no special attributes is relatively straight-forward process: the secure deleter simply rewrites data with one of the secure delete patterns. Windows NT/2K/XP/7 compressed, sparse and encrypted files—these are trickier. Such types of files are managed by NTFS in 16-cluster blocks.
Тo handle them Secure Deleter relies on the defragmentation API. Using the defragmentation API, Secure Delete can determine precisely which clusters on a disk are occupied by data belonging to compressed, sparse and encrypted files. Once Secure Delete knows which clusters contain the file’s data, it can open the disk for raw access and overwrite those clusters.
Cleaning free space poses another challenge. Since FAT and NTFS provide no means for an application to directly address free space, Secure Deleter has to indirectly rewrite free space. First, Secure Deleter allocates the largest file it can. For this files Secure Deleter performs a secure rewrite, ensuring that all the disk space that was previously free becomes securely cleansed. On NTFS drives Secure Deleter’s job isn’t necessarily through NTFS allocates and overwrites the file. Secure Delete must also fill any existing free portions of the NTFS Master File Table with files that fit within an MFT record. All Secure Deleter has to do to take care of the free MFT space is allocate the largest file it is able to – when the file occupies all the available space in an MFT Record NTFS will prevent the file from getting larger, since there are no free clusters left on the disk. Secure Deleter then repeats the process. When Secure Deleter can no longer even create a new file, it knows that all the previously free records in the MFT have been completely filled with securely overwritten files.
To rewrite file names, Secure Delete renames the file 26 times, each time replacing each character of the file name with a successive alphabetic character. For instance, the first rename of “foo.txt” would be to “AAA.AAA”.