Sanitize Disk Space Copyright (C) Moose O'Malley, ------------------- September 2007. +===========================================================+ | T A B L E O F C O N T E N T S | +===========================================================+ | * Introduction | * Some Background Information | * Using this Program | * Why is this useful ? / Why do this ? | * Why I wrote this Program ? | * Sanitization Levels | * The Future | * Reviews / Awards / CDs | * Freeware Information | * Warranty | * Amendment History | * Contacting the Program's Author +===========================================================+ Introduction : -------------- Sanitize Disk Space for Windows 95, 98, ME, NT, 2000, XP, etc. This program is free software. Anyone - any person, any company, or any business - can use this program for free. No fees or payment is required. See "Freeware Information" below. Sanitize Disk Space enables you to select any drive on your PC, such as a floppy disk or any of your harddrives or harddrive partitions, and then sanitize the free / unused space on this drive. The following sanitization levels are supported by this program : - Basic / Quick (1 Pass) - Medium (3 Passes) - High (9 Passes) - Industrial Strength (20 Passes) - Department of Defense (35 Passes) - You've Got to be Joking (100 Passes) (See "Sanitization Levels" for further information). Once sanitized (at the highest sanitization level), the data in your deleted files can never again be recovered, and no hacker - no matter how clever - should ever be able to view any data contained in your deleted files. This processing is ideal for use by anyone selling or replacing their PC - especially if the PC contained any sensitive or personal data. Some Background Information : ----------------------------- When you delete a file, the data contained in this file still exists on the disk, and it can be recovered !! Even if you empty the Recycle Bin, the data can still be recovered. Even if you reformat your harddrive or floppy disk, the data can still be recovered. This is very easy to do for people with a bit of PC knowledge and some easily obtainable software. e.g. Norton Utilities "UnErase". If you delete your data, empty the Recycle Bin, format your drive, and then reinstall Windows and other software from scratch, your previous data can still be recovered. (But, sophisticated techniques will be required. e.g. Norton Utilities "UnErase" will NOT be able to do this, but it is possible with advanced techniques. e.g. Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. What is even more worrying is that even data that existed on the drive many years ago, and has been erased and overwritten many times with new data can still be partly recovered by very determined and skilled hackers using advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This means that if you sell your PC, or leave a floppy disk lying around, or leave your PC unattended, then people can look into your deleted files and see at least some of the data that they contained. If you have tax records, payroll data, medical records for pateints, legal records for clients, diary data for patients, credit card information, etc - then some or all of this data may be recoverable by very determined / skilled hackers. Even if you have reformatted, repartitioned, overwritten, and erased your harddrive many times, some data can still be recovered using very advanced techniques. Sanitize Disk Space is a program that can (at its highest sanitation level) completely and utterly erase the data in all deleted files on any harddrives or floppy drives you select. Once Sanitize Disk Space has been run (using its highest sanitation level), the data in your deleted files can never again be recovered, and no hacker - no matter how clever - should ever be able to view any data contained in your deleted files. See "Sanitization Levels" below for further information about this. Developed using 32-bit Delphi. Sanitize Disk Space for Windows 95 / 98 / ME / NT / 2000. This program will **NOT** run under Windows 3.x (even with Win32 installed) !! Using this Program : -------------------- To use this program, simply run it, select a drive, and press the "Sanitize" button. Full and detailed information messages are displayed, so you will be able to confirm your actions and see what has happened. Why is this useful ? / Why do this ? -------------------------------------- Doing this is particularly useful when you are selling your PC. Once Sanitize Disk Space has been run (using its highest sanitation level), the data in your deleted files can never again be recovered, and no hacker - no matter how clever - should ever be able to view any data contained in your deleted files. See "Sanitization Levels" below for further information about this. Why I wrote this Program ? -------------------------- I wrote this program to help out a friend who needed a program to do this. In recent TV shows, like 60 Minutes and Today Tonight, etc there have been lots of reports of spectacular fuck ups by the Australian Tax Office - where they have sold their old office PCs to the general public, and many people have been able to recover strictly confidential tax payer information that was stored in "deleted" files on these ex-government PCs. If the Tax Office had used my Sanitize Disk Space computer program, then they would have saved themselves a lot of embarassment. Indeed, for government agencies like the Autralian Tax Office to allow this to happen not only demonstrates their incredible incompetence, but also betrays the confidence of all tax payers in Australia. Sanitization Levels : --------------------- The following sanitization levels are supported by this program : - Basic / Quick (1 Pass) - Medium (3 Passes) - High (9 Passes) - Industrial Strength (20 Passes) - Department of Defense (35 Passes) - You've Got to be Joking (100 Passes) For some passes, random data is written to the drive. However, for other passes, I use advanced techniques to generate the bit patterns required to effectively and unequivocally overwrite all deleted data. According to Peter Gutman (See "References and Special Thanks" below) it should be totally impossible for anyone to recover any erased data from a drive overwritten using the "Department of Defense (35 Passes)" sanitization level. However, just to be sure, I have included a "You've Got to be Joking (100 Passes)" sanitization level, which surpasses Peter's highest suggested sanitization levels. At this level, it should be totally impossible for anyone to recover any data from your deleted files. As Peter Gutmann states in his paper : (See "References and Special Thanks" below) In conventional terms, when a one is written to disk the media records a one, and when a zero is written the media records a zero. However, the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one. Normal disk circuitry is set up so that both these values are read as ones, but using specialised circuitry it is possible to work out what previous "layers" contained. The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. Using MFM (Magnetic Force Microscopy), we can go even further than this. The levels of sanitization (supported by this program) are described further below. N.B. These descriptions are also provided when you select a Sanitization Level within the program. *********************** Basic / Quick (1 Pass) *********************** Data in deleted files will NOT be recoverable using UnErase and similar software techniques. However, large fragments of data previously written to the disk (including data that existed on the disk previously and has been overwritten many times by newer data) will be recoverable by determined and skilled hackers using advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This level of sanitization is the most basic and it can be applied to your drives quickly, however, it provides minimal protection for your previously erased data. *********************** Medium (3 Passes) *********************** Data in deleted files will NOT be recoverable using UnErase and similar software techniques. However, significant fragments of data previously written to the disk (including data that existed on the disk previously and has been overwritten many times by newer data) will be recoverable by determined and skilled hackers using advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This level of sanitization will provide more protection for your erased data than the "Basic / Quick (1 Pass)" sanitization level. *********************** High (9 Passes) *********************** Data in deleted files will NOT be recoverable using UnErase and similar software techniques. However, fragments of data previously written to the disk (including data that existed on the disk previously and has been overwritten many times by newer data) may be recoverable by very determined and skilled hackers using advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This level of sanitization will provide more protection for your erased data than the "Medium (3 Passes)" sanitization level. ******************************** Industrial Strength (20 Passes) ******************************** Data in deleted files will NOT be recoverable using UnErase and similar software techniques. However, small fragments of data previously written to the disk (including data that existed on the disk previously and has been overwritten many times by newer data) may be recoverable by very determined and skilled hackers using advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This level of sanitization will provide more protection for your erased data than the "High (9 Passes)" sanitization level. ********************************** Department of Defense (35 Passes) ********************************** Data in deleted files will NOT be recoverable using UnErase and similar software techniques. In addition, it is very unlikely that any data ever written to the disk will be recoverable even by the most determined hackers, even if they used advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This level of sanitization will provide very high protection for your erased data. ************************************ You've Got to be Joking (100 Passes) ************************************ Data in deleted files will NOT be recoverable using UnErase and similar software techniques. In addition, it is *extremely* unlikely that any data ever written to the disk will be recoverable even by the most determined hackers, even if they used advanced techniques : Magnetic Force Microscopy (MFM), Scanning Probe Microscopy (SPM), etc. This level of sanitization will provide maximum protection for your erased data. References and Special Thanks : ------------------------------- The following paper (by Peter Gutmann) was invaluable to me when enhancing, developing and verifying this program : - "Secure Deletion of Data from Magnetic and Solid-State Memory" by Peter Gutmann of the University of Auckland, New Zealand. http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ and I would sincerely like to thank Peter for his work in this area. His paper was highly readable and, even though much of it was revision for me, once I started reading it, I could not put it down. I have emailed Peter and thanked him for his work and I have offered him a free copy of this program. The Future : ------------ In the future, many improvements could be made to this program, such as : - Log all Sanitizing to a log file. e.g. record date, time, etc that each drive was sanitized. - Filter out non-writable drives, such as CD Drives, DVD Drives, etc. - Add in a "Sanitize all Local Drives" option. - Add in the playing of a WAV file or sound when finished - so you know when it is done. (At the moment, the program makes a squeak through the PC's internal speaker). - Anything else ? If you would like any of these improvements, or would like to suggest more, please email me and let me know. How much more work I do on this program depends entirely on what support I get, how many people use the program, etc. Reviews / Awards / CDs : ------------------------- None so far. Freeware Information : ----------------------- This is free software. Anyone - any person, any company, or any business - can use this program for free. No fees or payment is required. However, if you find the program useful, then please consider making a PayPal donation to support my efforts. (To make a donation, please run the program and select the "About" option under the Help menu, and then click the PayPal link on the "About" screen). Warranty : ---------- This software and the accompanying files are provided "as is" and without warranties as to performance or merchantability or any other warranties whether expressed or implied. The user assumes the entire risk of using this software. If you do find any faults with this program, email me and let me know. Amendment History : -------------------- Vers Date Description 1.0 05-Dec-2001 First Public Release. (9,360 lines of code / comments.) 1.0b 20-Nov-2002 Bring the program up to date with my latest code libraries. (34,087 lines of code / comments.) 2.0 21-June-2003 Bring the program up to date with my latest code libraries. Add in a range of levels of sanitization : - Basic / Quick (1 Pass) - Medium (3 Passes) - High (9 Passes) - Industrial Strength (20 Passes) - Department of Defense (35 Passes) - You've Got to be Joking (100 Passes) Special thanks to Peter Gutmann's paper titled "Secure Deletion of Data from Magnetic and Solid-State Memory" for helping me implement the above sanitization levels. (See "References and Special Thanks" above). I have emailed Peter and thanked him and offered him a free copy of this program. Display additional statistics while running / sanitizing. e.g. Display Elapsed Time and an Estimate of the Time Remaining. Display the overall disk write speed on completion of the processing. Bring the program up to date with my latest code libraries. (52,208 lines of code / comments.) 2.0f 3-Sep-2007 This program is now FREEWARE - see "Freeware Information" above. If this program was not downloaded from my Home Page, then it is possibly an old version. The latest version of this program is available from my WEB page - see below. Mike "Moose" O'Malley ____________________________________________________ Moose's Software Valley - Established July, 1996. WEB: http://move.to/moose ____________________________________________________