File Shredder – well, fails.

Amber MacArthurI had big hopes for File Shredder.  It installed cleanly, and when erasing, it looked nice.

File ShredderBut the test of any file erasing product is, does it erase files as it claims?

Yes and no.


Yes
, it seemed to have wiped the contents of the files, and deleted the files from the directory.
No, the file names were easily recoverable.  Which can be useful information in itself.
Recuva
For example, do I want people to know I had a picture of Amber MacArthur, and that I listen to the No Agenda podcast?

Maybe not…

To my mind, if you are shredding files on a device, you want ALL traces of the file gone.
File Shredder fails to do this.

The solution?
Well one answer would to be to "Quick Format" the device after the "File Shredding".
A Quick Format will recreate the directory table, thus wiping the directory.
After I Quick Formatted, I was not able to recover anything from the drive.

Note: Quick Formatting assumes you have no other files on the device you want to keep.

Disk Wiping Test: What I’d recommend

erazer A single pass wipe, with verify.  The product I’d recommend?

Personal use
Active@KillDisk Free.  The free version only does one pass, so there’s not much to configure.  It was a close tie between this product, and my second choice, Darik’s Boot & Nuke.

The feature which won me over?  The utility to create a bootable USB memory stick “kill disk”.

Second choice: Darik’s Boot & Nuke.
DBAN is the choice most computer technicians I know make.  I tripped across the “let’s hang if the laptop has a card reader” bug.  That put me off DBAN.  I’m sure it will be fixed soon.

Business use
BCWipe.
  The only commercially targeted product which offers a fully-functional evaluation copy.  That counts for a lot in my opinion.  BCWipe is also being actively developed (another plus).  Go read my test of BCWipe for the rest of the details.

Summary of disk wipe products

Software Free Review link Price from
Highly recommended
Active@ KillDisk Free Yes. 68 minutes
Darik’s Boot and Nuke Yes 197 minutes
BCWipe Total WipeOut v.2.3 No 39 minutes
Recommended
CBL Data Shredder Yes 68 minutes
CopyWipe Yes 89 minutes
Not tested
Acronis® Drive Cleanser® 6.0 No $61
Active@ KillDisk No $40
Blancco No (soon)
CyberScrub CyberCide No $30
Destroy & Destroy Lite No $48
Disk Wipe No $49
Secure Erase Yes
EBAN 2.1 No ??
Iolo DriveScrubber No $20
OnTrack – Eraser No $60
WhiteCanyon WipeDrive No $20
Not recommended
East-Tec DisposeSecure No did not bother $20
O&O SafeErase 4 Failed. $30
PC INSPECTOR e-maxx Yes Failed.

 

Disk Wiping Test: Testing and other FAQs

Shredded test CDs How did you test?

  1. Restored a Ghost image of Windows XP to laptop with a 120GB hard drive.
  2. Copied 24919 files onto the laptop C: drive.
    (1955MB in total)
  3. Shutdown laptop
  4. Booted with the ““KillDisk”” and run the utility.

And the restore test?
Booted the laptop with TestDisk & PhotoRec, and ran those to try and restore the data.

How many products did you test?
I tried testing 8 products.  Some were so bad, I didn’t do a full test/write-up.

Why only one pass wipe (with some products)?
Because that is all you need.
They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely.”

What is ATA Secure Erase?
A command which tells your hard drive to wipe itself.  Most ATA/SATA drives have supported this command since 2001.  Not all Disk Wiping programs support it.
It would seem to be the most secure way to wipe a hard disk.
Further information here.

What are the other wipe (software) techniques?
Peter Gutmann’s
3-pass US DoD 5220-22M
One-pass random
Zero
Test
US DoE
RCMP DSX Method
German VSITR standard
Bruce Schneier’s:
”I recommend overwriting a deleted file seven times: the first time with all ones, the second time with all zeros, and five times with a cryptographically secure pseudo-random sequence.”
“Applied Cryptography” (1996)

What about hardware devices?
Didn’t test any hardware wiping devices, but I’ve got some experience with them, so here are some general comments.

Degaussers – destructive wiping.
sv91m degausser These kinds of devices work so well that they bend parts of the hard drive.
Yes, your drive is wiped, but it will never work again.
http://www.eyecote.com/degauss/security.htm

Hardware based wiping devices
http://www.wiebetech.com/products/Drive_eRazer.php

Hardware drive destroyers
Exactly what the title said, via crushing, shredding or disintegrating.
http://www.semshred.com/content1532

Bookmark and Share

Disk Wiping Test: BCWipe Total WipeOut v2.3

BCWipe Total WipeOut BCWipe was the very first disk wipe program I ever used.  So I have some fondness for it.  Having said that, the create “Bootable USB disk” wizard had some strange “No Disk” errors.  I got it to create a bootable USB, but I was disappointed with the error.

Regardless, if you needed to buy a commercial product, this would be the one I’d buy.  For the logging function it has, and the fact that Jetico have been in the market for a long time.

Version tested: BCWipe Total WipeOut 2.30

Plus points:

  • I like the amount of detail that BCWipe captures to it’s log file
    BCWipe Total WipeOut Details screen
  • Built-in disk hex viewer.
  • it still is being actively developed.

Things I didn’t like:

  • Biggest beef was the create Bootable USB Disk Wizard, with it’s “No disk” error.
    BCWipe Total WipeOut Configuration Wizard 

Test notes:

  • Accepted the defaults, which was US DoD 5220-22M
    This meant 7 wipe passes, which took 283 mins.
    A one pass Zero wipe took 39 mins
  • Other wipe options are:
    Peter Gutmann’s
    Bruce Schneier’s
    3-pass US DoD 5220-22M
    One-pass random
    Zero
    Test
    US DoE 

 Bookmark and Share

Disk Wiping Test: CBL Data Shredder v1.0 (DOS)

CBL Data Shredder CBL specialises in data recovery.  I liked the layout of the wipe screen.  Using the default options, CBL Data Shredder took 68 minutes to wipe our 120GB drive.

Version tested: CBL Data Shredder v1.0

Plus points:

  • it’s free.
  • it gives you the option, at the end of the process, to save a report.

Things I didn’t like:

  • nothing.  Program worked as advertised. 

Test notes:

  • Accepted the defaults, which was 1 pass.
  • Other wipe options are:
    Peter Gutmann’s
    Bruce Schneier’s
    3-pass US DoD 5220-22M 
    RCMP DSX Method
    German VSITR standard

 Bookmark and Share

Disk Wiping Test: PC Inspector e-Maxx v0.95

PC-Inspector e-Maxx This is a very basic program, which has not been modified since August 2003.

That, in itself, isn’t a killer.

Now, I’ve been taking my screenshots for this Disk Wiping series, by using VMware Workstation.  e-Maxx wasn’t able to detect the hard drive under in the VMware machine, so I’m going to mark this as a fail.

Time estimate to wipe 120GB hard disk?  1254 hours.

 Bookmark and Share

Disk Wiping Test: East-Tec DisposeSecure v4.1

East-Tec DisposeSecure It was an effort to create the “Killdisk” for this program.  I had to find copies of MS-DOS system files in order to create the CD-Rom.  Some disk wipe programs supply a version of DOS or Linux, but not DisposeSecure.

After hunting around for the required MS-DOS files, I had the bootable CD.

After navigating though a number of options screens, the disk wipe started wiping.

But my heart wasn’t in it.  I don’t like the program.  Perhaps it was the effort needed to find the MS-DOS files, or the fact that the evaluation copy only does 25% of the disk.

Honestly, I couldn’t recommend this product.  There are FREE products which work as well.  And commercial vendors (Jetico with BCWipe), who offer you a fully functional evaluation copy.

 Bookmark and Share

Disk Wiping Test: CopyWipe v1.14

CopyWipe v1.14 It worked.  It took 1hr 29min.  Comprehensive set of wipe options, which you can pre-customised with a configuration file.  The name CopyWipe comes from the fact that the utility lets you Copy or Wipe a hard disk.

Version tested: CopyWipe DOS v1.14

Plus points:

  • it’s free!
  • the makedisk utility made creating a “kill” cd-rom very easy.

Things I didn’t like:

  • there was nothing I didn’t like.
    It worked as advertised.

Test notes:

  • Accepted the defaults, which was a single pass mode
    (same as Active@ Killdisk Free Edition)
  • Other wipe options are:
    Quick 1 Pass
    Random 1, 4 or 8 pass
    Pattern  PG MFM 28 Pass
    Pattern PG RLL(1,7) 26 Pass
    Pattern PG RLL(2,7) 23 Pass
    Pattern PG 35 Pass
    Pattern Hardware* PG stands for Peter Gutmann

Bookmark and Share

Disk Wiping Test: Darik’s Boot and Nuke 2.2.6

Dariks Boot and Nuke 2.2.6 Beta I had problems with it.  It would hang at the PCI (sysfs) detection.  To get DBAN to successfully boot, I had to disable the SD media card reader.

Version tested: Darik’s Boot and Nuke 2.2.6 (Beta)

Plus points:

  • it’s free!

Things I didn’t like:

  • having to disable the SD media card reader in BIOS.
  • the estimated time is wildly inaccurate.
    Initial estimate 2hrs, actual time taken: 3hrs 17min

Test notes:

  • Ran in “autonuke” mode.
    (DoD Short method, 3 pass and then verify on last wipe)
  • Apparently there is a USB installer, like the one the Active@ Killdisk product has.
    Couldn’t find it.

 Bookmark and Share