Any files can be deleted securely, as long as you use the correct tool. For example Sysinternals’
SDelete is capable of handling this
On NTFS drives SDelete’s job isn’t necessarily through after it allocates and overwrites the two files. SDelete must also fill any existing free portions of the NTFS MFT (Master File Table) with files that fit within an MFT record. An MFT record is typically 1KB in size, and every file or directory on a disk requires at least one MFT record. Small files are stored entirely within their MFT record, while files that don’t fit within a record are allocated clusters outside the MFT. All SDelete has to do to take care of the free MFT space is allocate the largest file it can – when the file occupies all the available space in an MFT Record NTFS will prevent the file from getting larger, since there are no free clusters left on the disk (they are being held by the two files SDelete previously allocated). SDelete then repeats the process. When SDelete can no longer even create a new file, it knows that all the previously free records in the MFT have been completely filled with securely overwritten files.
Surely you’ve chosen the wrong tool because if you’ve read the documentation you’d see that
- Securely delete certain very small files that are held in the Master File Table (MFT) and files of zero-byte length.
Why 640 bytes? Thought it was 512 bytes maximum for MFT entries for wiped files?
Size of files that can be stored in MFT (called resident files) varies depending on each file, each system and which information is stored in MFT. The more data is used for metadata in MFT, the less is left for the file, thus there’s no defined limit, but according typically Files smaller than approximately 900 bytes are stored within the directory entry at the MFT
The figure MFT Entry with Resident Record shows the contents of an MFT record for a small file or folder. Small files and folders (typically, 900 bytes or smaller) are entirely contained within the file’s MFT record.
As an example I created an example 1000-byte file with very minimal metadata that can be stored completely in the MFT. But as soon as I added more metadata to the file (hard links, longer names, streams, permissions…) the maximum space that can accommodate the resident file quickly reduces
The MFT entry is 1024 bytes long (see the MFT section at http://www.cse.scu.edu/~tschwarz/coen252_07Fall/Lectures/NTFS.html) and stores more than just the filename – it also can include the file size, read/write permission, creation/modification date, and other meta-info. These items all have allocated sizes and this is why, in earlier versions of Windows, you could encounter an error if the filename was too long. This is also why you are unable to store files larger than 640 bytes entirely inside the table – the remaining 384 bytes (1024-640=384) were for the dedicated allocations.
It is useful to know that you computer has two identical MFT’s, not one. The main is on the outer edge of the HDD, and the second one is located halfway in. The second one exists as a backup in case the main one is damaged, which can happen if the computer is shut off while an entry was being written or changed. Every MFT-cleaning program should delete from both tables (and the process is handled by the BIOS or the drive’s firmware), but this is one thing to keep in mind if you want to take your data security to an extreme.
Also, the MFT row size CAN be varied, based on the drive (or partition) size and its intended purpose. Datacenters and servers are more likely to use a non-standard size, as the MFT allocation can be more than 10% of the HDD so the extra space becomes valuable. However, 1024 bytes is the standard.