Ability to clean all traces of opening certain files?


I'm currently using some encryption solution to keep some of my sensitive business documents (in the form of images, videos, and DOCX files) always encrypted, but due to some worries that FDE (full disk encryption) may somehow potentially have the risk of corruption and/or data loss, I choose not to apply FDE. It is of course best for privacy and security to work with FDE put in place, but as I'm not using it, and as I only encrypt those sensitive files and not the system itself, there would be traces, footprints, by-products of opening those sensitive files all over the place as a result of how Windows work.

My question is this: are the options in BleachBit 2.0 enough to clean ALL traces created by Windows after working with images, videos, and some Word documents? If no, to what extent could BleachBit help me in terms of this?

I've tried BleachBit out, and I'm quite impressed with what it could dig out and clean. I came across the "BleachBit" name in some forum and decided to try it out after learning it's open-source and is reputable. But I'm not technical at all so my understanding of its capabilities is very limited.

Any helpful response is appreciated.
Thank you very much.

BleachBit version: 
Your operating system: 
Windows 7

The general principle is there a tension between convenience and security/privacy.

While BleachBit will generally help with privacy issues like this in a highly-convenient way, no cleaning application can guarantee that 100% of traces of documents and activities like these will be wiped. There is a high degree of complexity in all the possible places things like this are stored on the disk or copied around, and the locations can change depending on versions of software (the operating system, Microsoft Office), change based on settings, etc.

Full-disk encryption (FDE) can be a huge help here. Another option is to use a bootable operating system, such as Ubuntu Live: it runs off a DVD and RAM, and it generally makes no changes to the disk.

There is a much longer answer in the documentation: Shred files and wipe disks

Andrew, lead developer

Thank you very much for your reply. I appreciate it.

Yes, I've read the page "Shred files and wipe disks" before I opened this thread. From there I learned that even with fragments and pieces of a shredded file scattered throughout the disk, a single overwrite is sufficient to make recovery of the file pretty difficult. So I'm fine with overwriting just once.

But only after I opened this thread did I learned that due to certain other factors such as a journaling file system (like NTFS) and the wear-leveling mechanism of SSDs, completely wiping out a file is quite impossible. Then again, I suppose the recovery of shredded files is still unlikely even with those conditions present. Am I right?

Anyway, I absolutely understand security and convenience don't go together. That's why I'm trying to go for maximum security until a point where the level of convenience is unacceptable. BleachBit is a very convenient solution for general security and privacy (and I thank you and everyone involved for developing it), that's why I'm trying to incorporate it into my endeavour for security and privacy. I was (and am) using CCleaner before this, but now I'm gonna use BleachBit alongside CCleaner (run BleachBit first then CCleaner, but usually there'd be pretty much nothing left for CCleaner to clean).

So in short, I've come to the realization that it's impossible to 100%-ly wipe a file off a disk without destroying the disk and setting it on fire. So I give up in this respect. But I'd wish for as much traces as possible of working with a file to be as difficult as possible for someone else to discover and recover. I guess I'd have no choice but to turn to FDE at the end of the day.