I am looking for a windows based wipe utility. I want it to automatically wipe the disk on which it resides simply by double clicking it or running a batch file. Any suggestions?
Thanks, MikeT
Eraser works well and it is open source. You can do unallocated space, select folders / files, as well as drives themselves. Very simple and to the point.
http//eraser.heidi.ie/
EDIT
I know you can do some command line operations in Windows without any extra software as well, but I cannot recall what it was.
I know you can do some command line operations in Windows without any extra software as well, but I cannot recall what it was.
Versions of Windows which support EFS include the cipher command which has an option to wipe free space.
You can also download from the Microsoft Sysinternals site the SDELETE function.
Note, however, that EFS is integrated with NTFS so I do not believe that cipher is completely effective for FAT/FAT32 file systems and I am not sure that SDELETE is, either.
If you want to wipe the entire disk there is DBAN.
Not sure I fully understand the question. Are you saying you want to run a program on a computer running windows and wipe the windows OS disk on which the program itself resides?
H
I want a utility that I can put on a USB external disk and that when run, will do this
1) Looks to see what physical disk it is on
2) Wipes that physical disk
or in the alternative
1) Looks for a known volume label
2) Wipes that volume
I plan on installing this on disks to be used for incident response. I need it idiot proof so that all the agents have to do is double click on the "wipe" executable or batch file.
I am familiar with DBAN and other utilities but want something that needs no user interaction except to run it.
Thanks for the replies…
I want a utility that I can put on a USB external disk and that when run, will do this
1) Looks to see what physical disk it is on
2) Wipes that physical diskor in the alternative
1) Looks for a known volume label
2) Wipes that volume
Like Harry, I'm still confused. Why would you want <untrained> IRs to;
- insert/attach an external usb device, only then to wipe it or
- wipe any other local device
???
Will IRs who know nothing other than which exe to double-click have any understanding of arbitrary volume labels in any event….?
As a minimum it strikes me as dangerous. At worst, nefarious.
It would be great to hear in what circumstances you would want to place such a tool in the hands of the type of IR that you are seemingly referring to.
The IR's are trained to connect the disk and run a pre-configured batch file. They have all the utilities that go along with the batch file secreted on a folder on the hard disk. They connect the hard disk, run the script and collect the necessary volatile data. They then archive the collected data off the USB disk, wipe it, partition/format it, then copy the batch file and utilities back to the disk for the next IR.
They are currently using various solutions to wipe the disk. I am just looking for a more simple solution to remove most risk of accidently wiping the wrong disk.
As far as a volume label, my thought was to partition the disk with the utilities on one small partition and use the other partition for evidence collection. I could then use a script that looks for that unique volume label and then wipes it.
OK, understand.
Similar to e-fense Live Response but without the price tag lol
They connect the hard disk, run the script and collect the necessary volatile data.
Out of interest, what utility would be used by your <relatively> unskilled IRs to acquire the volatile data? Is it a full memory image or are they collecting a subset of data?
Could the open-source Eraser achieve your wiping requirements, as originally suggested by JSkier, run from the 'utility partition'? You could set up a wiping profile, requiring the IR to press a single button to wipe the 'data collection' partition.
The current script allows the IR the option of acquiring memory using mdd.exe. It then runs certain ps and ps-like tools and writes their output to a text file on the IR hard disk. It checks for bitlocker, truecrypt, and pgp volumes and allows for the optional live/logical imaging of mounted bitlocker, etc. volumes.
The Eraser mentioned above doesn't seem to fit into what I'm looking for in this thread but it does seem to be a nice tool to have.
I am looking for a windows based wipe utility. I want it to automatically wipe the disk on which it resides simply by double clicking it or running a batch file.
As what user?
Immediate reaction is – how could that work? You can't use Windows/NTFS, as a number of files will be opened and locked to Windows, so you won't get access to them particularly easily – pagefile.sys, for instance, SAM and others. It's the kind of thing that makes that popup appear 'This program has prevented from accessing the hard drive' – happens if you run old Win95 software in WinXP for instance,
A remote possibility might be to install something that runs very, very early in the boot process – but I suspect there are restrictions even then. That would require a reboot, though.
Best chance would be to avoid Windows and Windows services altogether, and push a 'SECURE ERASE' command to the drive itself. But that would be pretty low-level stuff, so there may be other protection mechanisms in place … Or perhaps a two-stage affair – first install a new MBR, wich contains nothing but the SECURE ERASE , and then force a reboot. (This would obviously only work for boot disk)
Also … I suspect that any software that would be able to do something like that would be flagged as malware by any AV software present, and prevented to execute.