Why does cipher /w fill up temporary files instead of writing to the raw disk?

by Hashim   Last Updated November 09, 2018 01:01 AM

The Windows command cipher /w can be used to securely wipe a hard drive's free space without the use of third-party tools or GUIs:

enter image description here

cipher works by creating a folder called EFSTMPWP on the root of the target drive; inside this folder, it successively fills three temporary files with zeroes, ones, and random numbers respectively, one after the other, to the size of the empty space left on the drive. By the time a file has taken up all of the drive's empty space, it's effectively forced the filesystem to overwrite all data held in its free space with the file's newly-written data, rendering any data previously held there permanently irrecoverable.

enter image description here

However, I'm perplexed as to why Windows would accomplish the task in such a roundabout way. I understand that it doesn't (easily) grant users access to the raw drive like Linux does, but why do Windows' own utilities choose to write data indirectly to files and be subjected to disk I/O bottlenecks in the process instead of simply writing to the raw disk itself? Was this likely just a design oversight, or are there actual advantages to wiping a disk's free space in this way?

Related Questions

Updated November 09, 2018 01:01 AM

Updated May 15, 2017 03:01 AM

Updated June 07, 2017 16:01 PM

Updated December 12, 2018 21:01 PM

Updated April 23, 2015 03:00 AM