Cipher.exe is a built-in command-line tool in the Windows operating system that can be used to encrypt or decrypt data on NTFS drives. This tool also lets you securely delete data by overwriting it.
How to use Cipher command in Windows
Whenever you create text files and encrypt them till such a time that the encryption process is completed, Windows will create a backup of the file, so that in case anything was to go wrong during the encryption process, the data would still be recoverable using this file. Once the encryption process is completed, the backup is deleted. But then again, this delete backup file can be recovered using data recovery software, until it is overwritten by other data.
When you use this built-in tool, it creates a temporary folder named EFSTMPWP on the system partition. It then more temporary files in that folder, and writes random data comprising of 0’s, 1’s, and other random numbers to those files.
Cipher.exe thus allows you not only to encrypt and decrypt data but also to securely delete data. Thus, many use it to delete files permanently too.
Overwrite deleted data using cipher /w
To overwrite deleted data, one can use the /w switch.
Open the WinX menu on your Windows and select Command Prompt. Type the following and hit Enter:
cipher /w:driveletter:\foldername
Here you will have to specify the Drive letter and the Folder name or path.
Cipher can also be used to display or alter the encryption of folders and files. If it is used without parameters, it will display the encryption state of the current folder and any files it contains.
Cipher.exe switches
/? : Displays help at the command prompt.
/e : Encrypts the specified folders. Folders are marked so that files that are added to the folder later are encrypted too.
/d : Decrypts the specified folders. Folders are marked so that files that are added to the folder later are encrypted too.
/w : PathName – Removes data on unused portions of a volume. PathName can indicate any directory on the desired volume.
/s: dir : Performs the selected operation in the specified folder and all subfolders.
/a : Performs the operation for files and directories.
/i : Continues performing the specified operation even after errors occur. By default, cipher stops when it encounters an error.
/f : Forces the encryption or decryption of all specified objects. By default, cipher skips files that have been encrypted or decrypted already.
/q : Reports only the most essential information.
/h : Displays files with hidden or system attributes. By default, these files are not encrypted or decrypted.
/k : Creates a new file encryption key for the user running cipher. If you use this option, cipher ignores all of the other options.
/u : Updates the user’s file encryption key or recovery agent’s key to the current ones in all of the encrypted files on local drives (that is, if the keys have been changed). This option only works with /n.
/n : Prevents keys from being updated. Use this option to find all of the encrypted files on the local drives. This option only works with /u.
For a full list of Cipher command line switches and parameters, visit TechNet.
Due to the very nature of the tool, you are safe using it to securely delete data, as it will never overwrite your active files; it will only overwrite data that has been deleted by you.
Microsoft SysInternals also has a powerful tool that lets you delete files permanently. With the SDelete tool, which you can download for free, you can overwrite the contents of free space on your disk to prevent deleted or encrypted files from being recovered.
Related: What is the EFSTMPWP folder?