Ways to reduce the risk of disclosure of residual fragments of files containing encrypted text

In the EFS system has a pattern of recovery after the accident, preventing data loss in case of unavoidable mistakes, such as a system error, overflow disk or a hardware failure. This scheme provides for the establishment of unencrypted archived copy of the original file encryption or decryption that is. After successfully encrypt or decrypt the original file is deleted, the archival copy. Creating archival copy is a side-effect - nezashifrovannaya version of the file can exist on the disk until the appropriate disk blocks will be used NTFS file system for some other file.

In the process of encryption available file system EFS always creates an archived copy of encrypted file. When encrypting critical data using EFS system should first create a folder, subject to attribute encryption, and only after that create files in it. In this approach, the files will be encrypted from the start. EFS system will not create an archive with the encrypted text, and this is a guarantee that will not appear on the disk residual fragments of files containing the encrypted text.