Problem solve Get help with specific problems with your technologies, process and projects.

What are swap files?

After deleting various files via a file shredder and emptying the recent history files, can I still find out what information has been accessed via swop files? I ask after believing that all traces of a certain file had been destroyed after shredding it with Destroy It, defragging the hard drive and clearing my docs/recent history. However, I have been led to believe that swop(?) files will still have a history of the activity. Is this correct? How do you ensure that after reading a file that no one can access that information?

You're talking about swap files. Most operating systems these days can use more memory than they actually have in the computer. They do this by writing parts of memory that you aren't presently using to the disk. This process is called "swapping" and the files that memory gets written to are called "swap files" or "swapfiles." It is also sometimes called "paging" and, the files are called "page files."

If you want to get really technical, swapping and paging are slightly different. Swapping is writing out an entire program that you're not using, whereas paging is writing out pieces of programs that you're not using. For the purposes of your question, this is quibble. The point is that parts of your computer's memory may be written out to disk.

There are a number of ways to remove this sort of information. I don't know what version of Windows you're running (or even that you're running Windows -- I am inferring this from your mention of "Destroy It," which is a Windows program).

There are a number of Web resources on how to take care of this. A well-written one can be found at http://www.stack.nl/~galactus/remailers/wipeswap.html. To summarize, WinNT, 2000 and XP can be set to clear this page file when you shut down. This article will tell you how to set the registry entry to do this. It also has discussions of swap file security for Win95, Win3.1 and OS/2.

Another option is to get a utility that will wipe the swap file space.

The program M-Sweep Pro claims to scrub file extents and swap file space, as well as meet U.S. DOD requirements.

The program BCWipe claims to do similar things.

Similarly, East-Tec Eraser claims to wipe swap files, and so on.

This was last published in February 2002

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.