killdisk7

7/30/2019 KillDisk7

1/45

Active@KillDiskforWindows

UserGuide

7/30/2019 KillDisk7

2/45

2 Active@ KillDisk User Guide

Copyright 1999-2012, LSOFTTECHNOLOGIESINC.All rights reserved. No part of thisdocumentation may be reproducedinanyform or byany means or used to make any

derivative work (such as translation, transformation, or adaptation) without written permissionfrom LSOFT TECHNOLOGIESINC.

LSOFT TECHNOLOGIES INC.reserves the right to revise this documentation and to makechanges in content from time to time without obligationon the partofLSOFTTECHNOLOGIES

INC. to providenotificationofsuch revision or change.LSOFT TECHNOLOGIES INC.provides this documentation without warrantyofany kind, eitherimplied or expressed,including,butnotlimitedto, the implied warranties ofmerchantability

and fitness for aparticularpurpose.LSOFTmay make improvements or changes in theproduct(s) and/ortheprogram(s) described in this documentationatany time.

All technical data andcomputersoftwareiscommercialin nature and developedsolelyat

private expense. As the User, or Installer/Administratorofthis software, you agree not toremove or defaceany portion ofanylegend provided onanylicensed program or

documentation contained in, or delivered to youinconjunction with, this User Guide.

Active@ KillDisk, the Active@ KillDisk logo, KillDiskand Erasers Software are trademarks ofLSOFT TECHNOLOGIES INC.

The LSOFT.NET logo isa trademark ofLSOFTTECHNOLOGIESINC.

Other brand andproduct names may be registeredtrademarks or trademarks oftheirrespective holders.

7/30/2019 KillDisk7

3/45

3

Contents

1 Product Overview................................................................................................ ................41.1 Erasing Confidential Data................................................................ ..............................41.2WipingConfidential Data from UnoccupiedDiskSpace ...................................................6

2 System Requirements ................................................................................................ ....... 122.1Active@ KillDisk for Windows Version ................................................................ .......... 12

3Running Active@ KillDisk................................................................................................ ... 153.1Active@BootDiskCreator ................................................................ ..........................153.2Interactive, Command Line and Batch Modes............................................................... 173.3 Completed Erase or Wipe Operation Information..........................................................34

4Common Questions................................................................................................ ........... 365 Erase/Wipe Parameters and Application Settings................................................................ . 386GlossaryofTerms ................................................................................................ ............. 44

7/30/2019 KillDisk7

4/45

1.ProductOverview

Active@ KillDiskforWindows is a powerfulutilitythatwill:

Wipeconfidentialdata from unusedspaceonyourharddrive.

Erase datafrompartitionsor from anentireharddisk.

Destroydatapermanently.

Wipingthe logicaldrive'sdeleteddatadoesnotdeleteexistingfilesandfolders. It processesal lunoccupieddrivespacesothatdatarecoveryofpreviouslydeletedfilesbecomesimpossible.Installedapplicationsandexistingdataarenottouchedbythisprocess.Active@KillDiskwipesunuseddataresidue fromfileslackspace,unusedsectors,andunusedspaceinsystemrecordsordirectoryrecords.

WhenyouerasedatawithActive@KillDiskforWindows, youdestroydatapermanently byconformingtoanyone offifteeninternationalstandardsor

usingyour own custom settings.

Wipingdrive space orerasingdatacantake a longtime,soperformtheseoperationswhenthe system is not being otherwise utilized. Forexample,these operations may berunovernight.Ifyouhaveseveralphysicalharddrives attachedtothemachine,KillDiskcan erase or wipe themsimultaneously(inmulti-threadedmode),thussavingyoutimeandworkcosts.

Aftererase or wipeactions arecompleted, KillDiskoffersyouthe options ofinitializingeraseddisks,shuttingdownyourcomputer,saving a logfileandthecertificate(PDFtobeprinted), andevensending logfilesvia e-mailtoyourmailbox.Customerase or wipecertificatescanbecreatedusingyourcompany logoandattributes.

1.1ErasingConfidentialData

Modernmethods ofdataencryptionaredeterringnetworkattackersfromextractingsensitivedatafromstoreddatabasefiles.Attackerswhowanttoretrieveconfidentialdataarebecomingmoreresourceful by looking intoplaceswheredatamightbestoredtemporarily.For example, aharddriveon

a localnetworknodecanbeaprimetargetforsuch a search.Oneavenueofattackistherecoveryofdatafromresidualdataon a discardedharddrive.Whendeletingconfidentialdata from harddrives, removabledisks, orUSBdevices, itisimportanttoextractall traces ofthedatasothatrecoveryisnotpossible.

Mostofficialguidelinesregarding the disposal ofconfidentialmagneticdatadonottakeintoaccountthedepthoftodaysrecordingdensities, northemethodsusedbytheoperatingsystemwhenremovingdata. Forexample,

7/30/2019 KillDisk7

5/45

1. Product Overview

Active@ KillDisk for Windows User Guide 5

theWindowsDELETEcommandmerelychangesthefile name sothattheoperatingsystemwillnotlookforthefile.Thesituationwith NTFS issimilar.

Removal ofconfidentialpersonal informationorcompanytradesecretsin thepast might have been performed usingtheFORMATcommandorthe FDISKcommand.Ordinarily,using these proceduresgivesusersasenseof

confidencethatthedatahasbeencompletelyremoved.

WhenusingtheFORMATcommand,Windows displays a messagelikethis:

Important:Formatting a diskremoves all informationfromthedisk.TheFORMATutilityactually creates new FAT andROOTtables,leavingallpreviousdataonthediskuntouched.Moreover,animageofthereplacedFAT andROOTtablesis stored so thattheUNFORMATcommandcanbeusedtorestorethem.

FDISKmerelycleansthePartitionTable(locatedinthedrive'sfirstsector)anddoesnottouchanythingelse.

1.1.1AdvancedDataRecoverySystems

Advancesindatarecoveryhavebeenmadesuchthatin many cases datacanbereclaimedfromharddrivesthathavebeenwipedanddisassembled.Securityagencies use advancedapplicationstofindcybercrime-relatedevidence.There alsoareestablished industrial spy agenciesadoptingsophisticatedchannelcodingtechniquessuchasPRML (PartialResponseMaximumLikelihood), a techniqueusedtoreconstructthedataonmagneticdisks.Othermethodsincludethe use ofmagneticforcemicroscopyand

recoveryofdatabasedonpatternsinerasebands.Althoughthereareverysophisticateddatarecoverysystemsavailable at ahighprice,datacaneasilyberestoredwiththehelp ofanoff-the-shelfdatarecoveryutilitylike Active@FileRecovery, makingyourerasedconfidentialdataquiteaccessible.

Usingour powerful and compactActive@KillDiskforWindowsutility, alldataonyourharddriveorremovabledevicecanbedestroyedwithoutthepossibility offuturerecovery.AfterusingActive@ KillDiskforWindows,disposal,recycling,selling, ordonatingyourstoragedevicecanbedonewithpeace ofmind.

1.1.2InternationalStandards in DataRemoval

Active@KillDiskforWindowsconformstofifteeninternationalstandardsforclearingand sanitizingdata(USDoD5220.22-M,Gutmannandothers).Youcanbesurethatsensitive information is destroyed forever onceyoueraseadiskwith Active@ KillDiskforWindows.Active@KillDiskforWindows is aqualitysecurityapplicationthatdestroysdatapermanentlyonanycomputer
http://www.file-recovery.com/http://www.file-recovery.com/http://www.file-recovery.com/http://www.file-recovery.com/http://www.file-recovery.com/

7/30/2019 KillDisk7

6/45


thatcanbestartedusing a bootableCD/DVD-ROMorUSBFlashDisk.Accesstothedrive'sdataismadeonthephysical level via theBIOS (BasicInput-OutputSubsystem),bypassingtheoperatingsystemslogicaldrivestructureorganization.Regardlessoftheoperatingsystem,filesystems, ortypeofmachine,thisutilitycandestroyal ldataonal lstoragedevices. It doesnotmatterwhichoperatingsystemsorfilesystemsarelocatedonthemachine.

1.2WipingConfidentialDatafromUnoccupiedDisksSpace

Youmayhaveconfidentialdataonyourharddrivein spaces wheredatamay havebeenstoredtemporarily.YoumayalsohavedeletedfilesbyusingtheWindowsRecycle Bin andthenemptying it. Whileyouarestillusingyourlocalharddrive,there may beconfidential informationavailable intheseunoccupiedspaces.

Wipingthe logicaldrive'sdeleteddatadoesnotdeleteexistingfilesand

folders. It processesal lunoccupieddrivespacesothatrecoveryofpreviouslydeleted filesbecomesimpossible.Installedapplicationsandexistingdataarenottouchedbythisprocess.

Whenyouwipeunoccupieddrivespace,theprocessisrunfromthebootableCD/DVDoperatingsystem.Asaresult,thewipeor erase processusesanoperating system thatisoutsidethelocalharddriveandisnotimpededbyWindowssystemcaching. ThismeansthatdeletedWindows system recordscanbewipedclean.

KillDiskwipesunuseddataresidue from fileslackspace,unusedsectors,andunusedspacein MTFrecordsordirectoryrecords.

Wiping drive space can take a long time, so do thiswhen the system is notbeing otherwise utilized. For example, this can be doneovernight.

1.2.1WipeAlgorithms

Theprocessofdeletingfilesdoesnoteliminate them fromtheharddrive.Unwantedinformation may stillbeleftavailable for recovery onthecomputer.Amajorityofsoftwarethatadvertisesitselfas performingreliabledeletionssimplywipesoutfreeclusters.Deletedinformation may bekeptin

additional areas of a drive.KillDisktherefore offersextrastepstoensuresecuredeletion.

7/30/2019 KillDisk7

7/45


1.2.2Specifics ofWipingforDifferentFileSystems

1.2.2.1NTFSFileSystem

NTFSCompressedFiles

Wipingfreespaceinside a file:

ThealgorithmNTFShastocompressafileit separates intocompressedblocks(usually

64KBlong).Afteritisprocessed,eachoftheseblocks has beenallocated a certain

amountofspaceonthevolume. Ifthecompressedinformationtakesuplessspacethan

thesourcefile,thentherestofthespaceislabeled as sparsespaceandnospaceon

thevolumeisallocatedtoit.Becausethecompresseddataoften doesn'thaveasize

exactly that ofthecluster,theend ofeachoftheseblocks stays as unusablespace of

significant size. Ouralgorithmgoesthrougheach oftheseblocksin a compressedfile

andwipestheunusablespace,erasingpreviouslydeletedinformationthatwaskeptin

thoseareas.

TheMFT (MasterFileTable)Area

Wipingthesysteminformation:

The$MFTfilecontainsrecords describingeveryfileonthevolume.Duringthedeletion

ofthesefiles,therecordsoftheirdeletionareleftuntouched -- they aresimplyrecorded

as "deleted".Therefore,filerecoverysoftwarecanusethisinformationtorecover

anythingfromthenameofthefileandthestructureofthedeleteddirectoriesdown to

filessmallerthan 1KB thatareabletobesavedintheMFTdirectly.Thealgorithmused

7/30/2019 KillDisk7

8/45


by KillDiskwipesal l oftheunusedinformationout oftheMFTrecordsandwipesthe

unusablespace,making a recoveryprocessimpossible.

1.2.2.2FAT/FAT32/exFAT FileSystem

WipingDirectoryAreas

Eachdirectoryon a FAT/FAT32oran exFATvolumecanbeconsideredas a specificfile

describingthecontents ofthedirectory.Insidethisdescriptortherearemany32-byte

records describingeveryfileandotherinnerfolders.Whenyoudeletefiles thisdatais

notbeingfullyerased. Itisjustmarkedasdeleted(hexsymbol0xE5). Thats whydatarecoverysoftwarecandetectandusetheserecordstorestorefilenamesandfull

directorystructures. In somecases,dependent onwhether a spacewherean itemis

located has beenoverwritten yet ornot,filesandfolderscanbefully or partially

recovered.Active@KillDiskmakes datarecoveryimpossible by usingan algorithmthat

wipesoutal lunused informationfromdirectorydescriptors.Active@KillDisknotonly

removesunusedinformation butalsodefragmentsDirectoryAreas,thusspeedingup

directoryaccess.

7/30/2019 KillDisk7

9/45


This is how Directory Area looks before Wiping, red rectangles display deleted

records:

This ishowDirectoryArealooksafterWiping:alldeletedrecordsremoved,root

defragmented:

7/30/2019 KillDisk7

10/45


1.2.2.3WipeHFS+

HFS+B-tree

AB-treefile isdividedup intofixed-size nodes,eachofwhichcontainsrecords

consisting of a keyandsomedata.

Intheeventofthedeletion of a fileorfolder,thereis a possibility ofrecoveringthe

metadataofthefile (suchasitsnameandattributes),aswell as theactualdatathatthe

fileconsistsof.KillDisk'sWipemethodclearsoutal l ofthisfreespaceinthesystemfiles.

1.2.2.4WipingExt2fs/Ext3fs/Ext4fs

ALinuxExtFs(Ext2/Ext3/Ext4) volumehasaglobaldescriptorstable.Descriptorstablerecordsarecalledgroupdescriptorsanddescribeeachblocksgroup.Eachblocksgroup

has anequalnumber ofdatablocks.A datablock isthesmallestallocationunit;sizes

varyfrom1024bytesto4096bytes.Eachgroupdescriptor has a blocks allocation

bitmap. Eachbit ofthebitmap showswhethertheblock isallocated (1) oravailable (0).

KillDisksoftwareenumeratesal lgroupsandforeachandeveryblockwithinthegroup

onthe volumecheckstherelatedbitmaptodefine itsavailability.Iftheblock is

available,KillDiskwipes itusingthe methodsupplied by the user.

7/30/2019 KillDisk7

11/45


1.2.3WipingFileSlackSpace

Thisrelatestoanyregularfileslocatedonanyfilesystem.Free space to be wiped isfound inthe tail end of a file because disk space is usually allocated in 4 KB clusters. Most fileshave sizes of more or less than 4KB and thus have slack space at their end.

7/30/2019 KillDisk7

12/45

2SystemRequirements

ThischapteroutlinestheminimumrequirementsforPCsusingActive@KillDiskforWindows.

PersonalComputer

IBMPCcompatiblemachine

IntelPentiumorhigher

350 MbofRAM

Video: VGAresolution(800 x 600)or better

OperatingSystem:Windows XP orhigher

DriveStorageSystem

CD/DVD-ROMor Blu-Ray drive

USB2.0orUSB3.0 storagedevice (USB flashdiskor externalUSBdisk)

Removable media (memory stick,SD card, compact flash, floppydisk)

HardDiskDrivetypes: IDE,ATA,SSD,SATA, eSATAorSCSIwithcontrollers.AdditionaldriverscanbeloadedforRAIDsornon-standardcontrollersafterthesystemisbootedup.

OtherRequirementsAblankCD/DVD/BDdiscforburninganISOimage, or a USB flash cardtoprepare a bootable USBdisk.

2.1Active@KillDiskforWindowsVersion

Theperformance ofActive@KillDiskforWindowsdependsontheversion oftheapplication as displayedinthetablebelow.

Table 2-1 DifferencesbetweenFreeware andProfessional Versions

Feature FreewareVersion

ProfessionalVersion

Securelyoverwrites and destroys all data onphysical drive or logical partition

yes yes

Erases partitions, logical drives and unused disk yes yes

7/30/2019 KillDisk7

13/45

2 System Requirements



ProfessionalVersion

space

Supports IDE / ATA / SATA / SSD / SCSI hard

diskdrives

yes yes

Supports parallelerasing/wiping:two or moreHDDs can be cleaned up simultaneously

yes yes

Supports fixed disks, floppies, zip drives, USBFlash Cards and USB/USB3 external devices

yes yes

Supports large-sized drives (more than 2 TB) yes yes

Supports CommandLine parameters yes yes

Supports BatchMode(canbe run without of

any user interaction)

yes

Operates from bootable CD/DVD/BD Disc or

USBdisk

yes yes

Erases withone-pass zeros yes yes

Erases withone-pass random characters yes

Eraseswith user-definednumberofpasses yes

US Department ofDefense 5220.22 M compliant yes

US Army AR380-19 compliant yes

US Air Force 5020 compliant yes

German VISTR compliant yes

Russian GOST p50739-95 compliant yes

Canadian OPS-II compliant yes

HMGIS5 Baseline/Enhanced compliant yes

Navso P-5329-26 (RL/MFM) compliant yes

NCSC-TG-025 & NSA130-2 compliant yes

Peter Gutmanns method compliant yes

Bruce Schneiers method compliant yes

Customizable security levels yes

7/30/2019 KillDisk7

14/45

2 System Requirements



ProfessionalVersion

Supports erasing of all detected HDDs and USBs yes yes

Erasing report is created and can be saved infile

yes yes

Erasing report can be sent out by e-mail viaSMTP after erasing/wiping completed

yes

Displays detected drive and partitioninformation

yes yes

Scans NTFS/EFS, FAT/FAT32/exFAT, HFS+,

Ext2/Ext3/Ext4fs volumes and displays existingand deleted files and folders

yes yes

Data verification may be performed aftererasing is completed yes

DiskViewer allows you to preview any sectorsor file clusters on a drive

yes yes

Displays Erase/Wipe certificate for printing yes yes

Saves Erase/Wipe certificate to PDF file yes yes

PDF Certificate can be customized, technicianinfo and company logo canbe inserted

yes

Wipes out NTFS, FAT/exFAT, HFS+ volumesfrom areas containing deleted and unused data

yes yes

Wipes out free clusters (unused by file datasectors)

yes yes

Wipes out file slack space (unused bytes inthelast clusteroccupied by file)

yes yes

Wipes out deleted MFT records on NTFS andDirectory system records on FAT/exFAT

yes yes

Wipes out unused space in any MFT records

andcompressed clusters on NTFS

yes yes

7/30/2019 KillDisk7

15/45

3RunningActive@KillDisk

AfteryoudownloadActive@KillDisk,youwillreceiveaninstallationfilenamedKILLDISK-SETUP.EXE.Thisfilecontains everythingyouneedtoget

started.To installtheapplication,double-clickKILLDISK-SETUP.EXEandfollowtheinstructionsinthe installationwizard.

Theinstalledapplicationcontainstwomainapplications:

Active@KillDiskforWindows Runthisapplication from yourWindowsoperatingsystemtoscanlocaldrives.

Active@BootDiskCreator Create a bootableWindows PE CD/DVD/[email protected] Active@KillDiskthiswayallowsyoutowipeconfidentialdata from thesystemcachewhilegainingexclusiveuseofa partitionbecausetheoperating

systemrunsoutsidethepartitionthatyouaresecuring.

3.1Active@BootDiskCreator

Active@BootDiskCreatorhelpsyouprepareabootableCD,DVD,Blu-ray orUSB mass storagedevicethatyoumayusetostartamachineandrepairsecurityaccessissuesordestroyal ldataontheharddrives.

To prepare a bootabledeviceforWindows:

1. FromtheWindowsStartmenu,clickAllPrograms>Active@

KillDisk>BootableDiskCreator.TheActive@BootDiskCreatormainpageappears.

2. In theActive@BootDiskCreatormainpage,selectthedesiredbootablemedia: a CD/DVD/Blu-ray, a USBFlashDriveoran ISOImagefiletobeburnedlater.Ifseveralmediadrivesare inserted,clickthe e llipsisbutton () andchooseaparticulardevice.ClickNext.

3. ClickBootintoWindows.Atthis step youcanspecifyadditionaloptions:

a. To addyourcustomfilestothe bootablemedia,clickthe UsersFilestab.Addfilesorfoldersusingthe relatedbuttonsattheright

side.Addeditemswillbeplacedin theUser_Filesrootfolder.b. To addspecificdriverstobeloadedautomatically,clickthe Add

Driverstab.Addallfilesfortheparticulardriver(*.INF,*.SYS,).Addeditemswillbeplaced in theBootDisk_Driversrootfolder.Atboottimeal l*.INFfileslocatedinthisfolderwillbeinstalled.

c. To addspecificscriptstobelaunchedafterActive@BootDiskisloaded,clickthe AddScriptstab.Addyourscripts(*.CMDfiles).

7/30/2019 KillDisk7

16/45

3 Running Active@ KillDisk


Addedfileswillbeplacedin theBootDisk_Scriptsrootfolder.At

boottimeal l *.CMD fileslocatedin thisfolderwillbeexecuted.

To specifyadditionalbootoptions,clickthe BootSettingstab. You canchangethe defaultsettingstobeused:TimeZone, AdditionalLanguageSupport,NetworkSupportandAuto-startDelay. You

can also change these options in theActive@ Boot Disk initializationscreen while booting.ClickNext.Verifythe selected media, sizesandbootup environment.

ClickCreate.Aprogressbarappearswhilethemediaisbeingprepared.

Note:AUSBDriveorblankCD/DVD/BDmustbeinsertedandexplicitlychosenonthefirststepbeforeyoucanproceedfurther.

Note: Whenyouprepare a USBFlashDrivebootablemedia,itwillbereformatted andal ldataonthe mediawillbeerased.Youwill have the

choice ofcreating aNTFSora FAT32filesystemonthe media. WerecommendyoutouseFA32forsmaller volumes. UseNTFSforlargermediasizes sinceitsupportslargevolumes(>32GB)andfilesizes(>2GB).

Note: Ifyouvecreatedan ISOImagefile,youcanburnitto a disklateronusingeither ourfreeActive@ISOBurnerutility ( www.ntfs.com/iso-burning.htm) or a utilityof your choice.
http://www.ntfs.com/iso-burning.htmhttp://www.ntfs.com/iso-burning.htmhttp://www.ntfs.com/iso-burning.htm

7/30/2019 KillDisk7

17/45



3.2Interactive,CommandLineandBatchModes

Active@ KillDiskforWindowscanbeusedtwoways:

Interactive Mode

CommandLineandBatchMode

3.2.1InteractiveMode

Thestepsforerasingdataandwipingdataaresimilar. Follow steps 1through10andthenclickthelinkto completeeithertheerasingprocessorthewipingprocess.

Ifyouarebooting from aCD/DVD-ROMdrive,checkthatthedrivehasbootpriority intheBIOSsettings ofyourcomputer.

Herearethestepsforinteractiveoperation:

1. StartActive@ KillDiskeither from a bootableCD/DVD, a USBdevice, ortheProgramsmenu.

TheLocalSystemDevicesscreenappears.

Figure 3-1 DetectedPhysical Devices

All system physicaldevicesandlogicalpartitionsaredisplayedin a list.

HarddrivedevicesarenumberedbythesystemBIOS.Asystemwith asingleharddriveshows as number0.Subsequentharddrivedevicesare

7/30/2019 KillDisk7

18/45



numberedconsecutively.Forexampletheseconddevicewillbeshownas FixedDisk1.

2. Select a deviceandreadthedetailedinformationaboutthedevicein therightpane.Belowthedevice,select a logicalpartition. The informationintherightpanechanges.

3. Be certainthatthedriveyouareselectingistheonethatyouwanttoerase or wipe. Ifyouchoosetoerase,al ldatawillbepermanentlyerasedwithnochanceforrecovery.

To previewthesectorson a physicaldiskoron a volume(logicaldisk),selectitandpressALT+P,orclickHexPreviewonthetoolbar. TheHex Previewpanelappears.

Figure 3-2 Data Viewer

4. To scrollupanddown, use thekeyboardnavigation arrow keys PAGEUP, PAGEDOWN,HOMEandEND, orusetherelatedbuttonsonthetoolbar.

5. Tojumptoaspecificsector,typethesectornumberin the SectorboxandpressENTERorclickGoonthetoolbar.

6. Whenyouaresatisfiedwiththeidentification ofthedevice,closetheHex Previewpanel (ALT+P).

7. To previewthefilesin a logicaldisk, selectthevolumeandpressENTERordouble-click it. KillDiskscans thedirectoriesforthepartition. TheFoldersandFilesscreenappears.

7/30/2019 KillDisk7

19/45



Figure 3-3 FilesPreview

8. PressTABtomovebetweenpanels orchoose a panelwiththemouse.

9. To selectaniteminthelist, use PAGEDOWN,PAGEUPortheupordownarrow keys orusethemouse.

10.To open a folder,double-clickthefolderorselectitandpressENTER.KillDiskscans thesystemrecordsforthisfolder. The filesinthefolderappearintherightpanel.Existingfilesandfoldersare markedbyyellow

iconsanddeletedfilesandfoldersare markedbygrayicons.Ifyouarewipingdatafromunoccupiedareas,thegray-coloredfile names areremovedafterthewipingprocesscompletes.You may usethe HexPreviewmodetoinspecttheworkdonebythewipingprocess.Afterwiping,thedatain these areasandtheplaces thesefileshold in therootrecordsorothersystemrecordsaregone.

3.2.1.1EraseDatafromaDevice

Whenyouselect a physicaldevice(forexample,FixedDisk0), theerasecommandprocessespartitionsnomatterwhatcondition they arein.

Everything isdestroyed.Ifyouwanttoerasedataonselectedlogical drives, followthestepsin 3.2.3Erase orWipe LogicalDrives(Partitions).

To erasethedata:

1. Be certainthatthedriveyouarepointingtoistheonethatyouwanttoerase.Alldatawillbepermanentlyerasedwithnochanceforrecovery.

7/30/2019 KillDisk7

20/45



2. Whenyouhaveselectedthedevicetoerase, selectthecheckboxforthisharddrive.You may selectmorethanonephysicaldiskfortheeraseaction. In thiscasethesediskswillbeerasedsimultaneously. Topermanentlyerasealldataontheselecteddisk(s), pressF10orclickKillonthetoolbar. TheKilldialog box appears.

Figure 3-4 Kill dialog box

3. Selectan erase methodfromthelist.Erasemethodsaredescribed in

Chapter5Erase/WipeParameters inthis guide.4. Setotherparametersforerasing. To specifylogandcertificatefile

location, e-mailnotifications, andothersettings, clickthe moreoptions linkat the bottom.The settings box will then appear.

Forinformationon these settings, seeChapter5inthisguide.

5. ClickStart.

IftheSkipDiskEraseConfirmationcheckboxisclear,theConfirmActiondialog box appears.
http://www.killdisk.com/http://www.killdisk.com/http://www.killdisk.com/

7/30/2019 KillDisk7

21/45



Figure 3-5 Confirm Action

6. Thisisthefinal step beforeremovingdata from theselecteddriveforever.TypeERASE-ALL-DATAinthetextboxandpressENTERorclickYES.TheProgressbarappears.

7. To stoptheprocessatanytime,clickthe Stopbuttonfortheparticulardisk. C lickthe StopAllbuttonattopleftcornertocancelerasingforal ldisks. Notethatdatathathasalreadybeenerasedwillnotberecoverable.

Figure 3-6 DiskErasingis in Progress

7/30/2019 KillDisk7

22/45



8. Thereisnothingmoretodountiltheend ofthediskerasing process.Theapplicationwilloperateonitsown.

Ifthereareanyerrors,forexampleduetobadclusters,theywillbereportedontheInteractivescreenandin thelog. Ifsuchamessageappears,youmaycanceltheoperation(clickAbort), oryoumaycontinueerasingdata(clickIgnoreorIgnoreAll).

NOTE: Because oftheBIOSrestrictions ofsomemanufacturers, a harddiskdevicethatislargerthan300MB must haveanMBR(MasterBootRecord)in sectorzero.Ifyouerasesectorzeroandfill itwith zeros orrandomcharacters,youmightfindthatyoucannotusetheharddriveaftererasingthedata.ItisforthisreasonKillDiskcreatesanemptypartitiontableandwrites a typical MBRin sectorzero(incase theInitializedisk(s)afterEraseoptionisselected).

3.2.1.2WipeDatafromaDevice

Whenyouselect a physicaldevicesuch asFixedDisk0, thewipecommandprocessesall logicaldrivesconsecutively,deletingdatain unoccupiedareas.Unallocatedspace(wherenopartitionexists)hasbeenerasedaswell. IfKillDiskdetects thatapartition has beendamagedorthatit isnotsafetoproceed,KillDiskdoesnotwipedatain thatarea.Thereason itdoesnotproceedisthatadamagedpartitionmightcontain importantdata.

Therearesomecaseswherepartitionson a devicecannotbewiped. Someexamples areanunknownorunsupportedfile system, a systemvolume, oranapplicationstartupdrive. Inthesecases theWipebuttonisdisabled. If

youselect a deviceandtheWipebuttonis disabled,selectindividualpartitions(drives)andwipe them separately.

Ifyouwanttoerasedatafromtheharddrivedevicepermanently,see3.2.1.1Erase Data.

Ifyouwanttowipedatainunoccupied areas onselectedlogical drives,followthe steps in 3.2.3EraseorWipe LogicalDrives(Partitions).

To wipedeleteddatafromadevice:

1. To chooseadevicetowipe,selectthecheckboxnexttothedevicename.You may selectmultipledevices.Inthiscasethesediskswillbe

wipedoutsimultaneously

2. To wipeoutal ldatainunoccupied sectors ontheselectedpartitions,pressF9orclickthe Wipetoolbarbutton. The WipeFreeDiskSpacedialog box appears.

7/30/2019 KillDisk7

23/45



Figure 3-7 Wipe FreeDiskSpace

3. To select a wipe type, choose a methodfromtheWipeMethodlist.WipemethodsaredescribedinChapter5Erase/WipeParametersinthisguide.

4. Youmaychangeparametersinthisdialog box, orclickthe moreoptionsl inkat bottomtoreviewandchangeotheroptions. For

informationon these parameters,seeChapter5Erase/WipeParametersinthisguide.

5. To advancetothefinal step beforeerasing data, clickStart. IftheSkipConfirmationcheckboxisclear,theConfirmActiondialog boxappears.

7/30/2019 KillDisk7

24/45



Figure 3-8 Confirm Action

6. Thisisthefinal step beforewipingdataresidue from unoccupiedspaceontheselecteddrive.

To confirmthewipeaction,clickYes. The progressofthewipingprocedurewillbemonitoredintheDiskWipingscreen.

7. To stoptheprocessforanyreason,clickthe Stopbuttonforaparticulardisk. C lickthe StopAllbuttonatthe topleftcornertocancelwipingforal lselecteddisks. Notethatal lexistingapplicationsanddatawillnotbetouched.Datathathasbeenwiped from unoccupiedsectorsisnotrecoverable.

8. Thereisnothingmoretodountiltheend ofthediskwiping process. Theapplicationoperatesonitsown.

Ifthereareanyerrors,forexampleduetobadclusters,theywillbereportedontheInteractivescreenandin theLog. Ifsuchamessageappears,youmaycanceltheoperationorcontinuewiping data.

9. AfterthewipingprocessiscompletedselectthewipedpartitionandpressENTERordouble-click itto inspect the work that has been done.

KillDiskscans thesystemrecordsortherootrecordsofthepartition.TheFoldersandFilestabappears.

Existingfilenamesandfoldernamesappearwith a multi-colored iconanddeletedfile names andfoldernamesappearwith a gray-coloredicon. Ifthewipingprocesscompletedcorrectly,thedataresiduein thesedeletedfileclustersandtheplacethesefileshold inthedirectoryrecordsorsystemrecordshasbeenremoved. Youshouldnot see anygray-coloredfilenamesorfoldernamesinthewipedpartition.

7/30/2019 KillDisk7

25/45



3.2.2CommandLineandBatchMode

KillDiskcanbeexecutedwith some settingspre-definedwhenstartedfromacommandpromptwith specific commandlineparameters.

KillDiskcanbealsolaunchedinfullyautomatedmode(batch mode)whichrequiresnouserinteraction.

KillDiskexecutionbehaviordependsoneither commandlineparameters(highestpriority),settingsconfigured in interactivemodeandstoredin theKILLDISK.INIfile(lowerpriority), or defaultvalues(lowestpriority).

3.2.2.1Command Line Mode

To runActive@KillDisk in commandlinemode, open a commandpromptscreen.

Atthecommandprompt,startActive@KillDiskforWindows by typing:

> KILLDISK.EXE -?

Alist ofparametersappears. You canfind explanations ofthem inthetablebelow.

Table 3-2 Command Line Parameters

Parameter Short Default Options

no parameter Withnoparameter,theInteractivescreens will appear.

-erasemethod=[0 - 17] -em= 2 0 - One pass zeros (quick, low security)

1 - One pass random (quick, lowsecurity)

2 - US DoD 5220.22-M (slow, highsecurity)

3 - US DoD 5220.22-M (ECE) (slow,highsecurity)

4 - Canadian OPS-II (slow, highsecurity)

5 - HMG IS5Baseline (slow, high

security)

6 - HMG IS5 Enhanced (slow, highsecurity)

7 - Russian GOST p50739-95 (slow,high security)

8 - US Army AR380-19 (slow, highsecurity)

7/30/2019 KillDisk7

26/45




9 - US Air Force 5020 (slow, highsecurity)

10 - Navso P-5329-26 (RL) (slow, highsecurity)

11 - Navso P-5329-26 (MFM) (slow,highsecurity)

12 - NCSC-TG-025 (slow, high security)

13 - NSA130-2 (slow, high security)

14 - German VSITR (slow, highsecurity)

15 - Bruce Schneier (slow, highsecurity)

16 - Gutmann (very slow, highest

security)

17 - User Defined Method. Number ofPasses and Overwrite Pattern suppliedseparately.

-passes=[1 - 99] -p= 3 Numberoftimesthewriteheadswillpass over a disk area to overwrite data

with User Defined Pattern. Valid forUser Defined Method only.

-verification=[1 - 100] -v= 10 Set the amount of area the utility reads

toverify that the actionsperformed by

thewriteheadcomplywiththechosenerase method (reading 10% of the areaby default).

Verification is a longprocess.Setthe

verification tothe level that works foryou better.

-retryattempts=[1 - 99] -ra= 2 Set the number oftimes that the utility

will tryto rewrite in the sector when thedrive write head encounters an error.

-erasehdd=[80h - 8Fh] -eh= Number in BIOS ofthe hard drive tobeerased.

-eraseallhdds -ea Erase all hard disk drives.

-ignoreerrors -ie Do not stop erasing each time a disk

error is encountered. When you use this

parameter, all errors are ignored andjust placed to the application log.

7/30/2019 KillDisk7

27/45




-clearlog -cl Use this parameter to clear the log filebefore recording new activity. When a

drive is erased, a log file is kept. Bydefault, new data is appended to this

log for each erasing process. By default

the log file is stored inthe same folderwhere the software is located.

-logpath=[fullpath] -lp= Pathto save application log file. Can be

eitherdirectoryname or fullfilename.

Use quotes iffull path contains spaces.

-certpath=[fullpath] -cp= Pathto save erase/wipe certificate. Canbe either directory name or full file

name. Use quotes if full path containsspaces.

-inipath=[fullpath] -ip= Pathtothe configuration file(KILLDISK.INI) for loading theadvanced settings. See table below.

-noconfirmation -nc Skip confirmation steps before erasing

starts. By default, confirmation stepswill appear in command line mode for

each hard drive as follows:

Are you sure?

-beep -bp Beep after erasing is complete.

-wipeallhdds -wa Wipe all hard drives.

-wipehdd = [80h-8Fh] -wh= Number in BIOS ofthe hard drive tobewiped out. First disk has number 80h.

-test Ifyou are having difficulty with Active@

KillDisk for Windows, use thisparameter to create a hardware

information file to be sent to ourtechnical support specialists.

-batchmode -bm Execute in batch mode basedon

command line parameters and INI filesettings (no user interaction).

-userpattern=[fullpath]

-u File to get user-defined pattern from.Applied to User Defined erase method.

-shutdown -sd Save log file and shutdown PC aftercompletion.

7/30/2019 KillDisk7

28/45




-help or -? Displaythis list of parameters.

Note: Parameters-testand-help mustbeusedalone. They cannotbeusedwithotherparameters.

Note: Commandserasehdd,-eraseallhdds,-wipehddand -wipeallhddscannotbecombined.

Typethecommandandparametersintothe commandprompt consolescreenattheprompt.Hereisanexample:

> killdisk.exe -eh=80h -bm

In theexampleabove,dataondevice80hwillbeerasedusingthedefault

method (USDoD5220.22-M) withoutconfirmationandreturningtothecommandpromptscreen whencomplete.

Hereisanotherexample:

> killdisk.exe -eh=80h -nc -em=2

In thisexample,alldataonthe device80hwill be erased usingUSDoD5220.22-M methodwithout confirmationandshowing a report at theend oftheprocess.

Afteryouhave typedKILLDISK.EXEandadded commandlineparameters,

press ENTERtocomplete thecommandandstarttheprocess.Informationonhowdriveshavebeenerasedisdisplayedonthescreenwhen the operation has completed successfully. KillDiskexecutionbehaviordependsoneither commandlineparameters(highestpriority),settingsconfiguredin interactivemodeandstoredinthe KILLDISK.INIfile(lowerpriority), or defaultvalues(lowestpriority).

3.2.2.2 BatchMode

Thisfeatureisintendedforadvancedusers.

Batchmodeallows KillDiskto be executedin fullyautomatedmodewithoutany userinteraction.All events anderrors(ifany)willbeplacedinthe logfile.Thisallows systemadministratorsandtechnicianstoautomateerase/wipe tasks bycreatingscripts(*.CMD,*.BATfiles)for differentscenarios thatcanbeexecutedlateronin differentenvironments.

7/30/2019 KillDisk7

29/45



To startKillDisk inbatch mode,addthebm(or-batchmode) commandlineparametertothe otherparametersandexecuteKillDiskeither from thecommandpromptorbyrunning a script.

Hereisanexample ofbatch modeexecutionwiththewipecommand:

> killdisk.exe -wa -bm -em=16

Thiswill, usingGutman'smethodandreturningtothe commandpromptwhencomplete, wipe all deleted data and unused clusters on all attachedphysical disks without any confirmations

3.2.2.3ApplicationsettingsstoredinKILLDISK.INIfile

WhenyoustartKillDisk,changeitssettings(erasemethod,certificateoptions, etc) andclosetheapplication,al lcurrentsettingsare savedtotheKILLDISK.INI file in thelocation ofthe KillDiskexecutable. Thesesettingswillbeusedasdefaultvalues the next time KillDisk is run.

KILLDISK.INIisastandardtextfile possessingsections,parameternamesandvalues.AllKillDisksettingsarestoredinthe [General]section.

Forparameterstoragethesyntaxbeingusedis:

Parameter=value

Hereisanexample ofan INIfile:[General]

logging=0

showCert=true

saveCert=false

initDevice=true

clearLog=false

ignoreErrors=false

skipConfirmation=true

retryAtt=2

certPath=C:\\ProgramFiles\\LSoftTechnologies\\ActiveKillDisk\\

logPath=C:\\ProgramFiles\\LSoftTechnologies\\ActiveKillDisk\\

logName=killdisk.log

WhenKillDisk isrunning in interactivemode, all these parameters can beconfigured from a settingsdialogaccessed by clickingthe Settingstoolbarbutton. They also can be changedmanually by editingthe KILLDISK.INIfilein any texteditor such asNotepad.

Hereisan explanation ofal lsettings:

7/30/2019 KillDisk7

30/45



Table 3-3 KillDisksettings inINI file

Parameter Default Options

showCert= true true/falseoptionofdisplaying theErase/Wipe Certificate for printing aftercompletion

saveCert= false true/false option ofsaving theErase/Wipe Certificate after completion

certPath= Full path to the location where

Erase/Wipe Certificate will be saved.This is a directory name

logPath= Full path to the location where log filewill be saved. This is a directory name

logName= Nameofthe log file whereeventlogwill be saved to

skipConfirmation= false true/false whether to display or skipErase/Wipe confirmation dialog, or not

ignoreErrors= false true/false whether to display diskwriting errors (bad sectors), or ignorethem (just place them tothe log file)

clearLog= false true/false whether to truncate log file

content before writing new sessions, ornot (append to existing content)

initDevice= true true/falsewhether to initializedisksafter erasing complete, or not

shutDown= false true/false whether to shutdown PCafter Erase/Wipe execution complete, ornot

sendSMTP= false true/false to send e-mail report by e-mail via SMTP

useDefaultAccount= true true/false use pre-defined Free SMTPaccount for sending e-mail reports

fromSMTP= E-mail address youll get a report from,forexample:[email protected]

toSMTP= E-mail address the report will be sent to

nameSMTP= SMTP server (relay service) being used

for sending e-mail reports, for example:www.smtp-server.com

7/30/2019 KillDisk7

31/45




portSMTP= 25 TCP/IP port SMTP service will be

connectedon. The standard SMTP port

is 25, however some internet providersblockiton a firewall

authorizeSMTP= false true/false use SMTP authorization forsending e-mail reports (Username andPassword must be defined as well)

usernameSMTP= IncaseifSMTPservicerequiresauthorization, this is SMTP Username

passwordSMTP= In case ifSMTP service requiresauthorization, this is SMTP Password

showLogo= false true/false whether to display custom

Logo(image)on a Certificate,ornot

logoFile= Full path to the file location where Logoimage is stored

clientName= ClientName - custom text to bedisplayed on a Certificate

technicianName= Technician Name - custom texttobedisplayed on a Certificate

companyName= Company Name - custom text to bedisplayed on a Certificate

companyAddress= Company Address - custom textto bedisplayed on a Certificate

companyPhone= Company Phone - custom textto bedisplayed on a Certificate

logComments= AnyComments - customtexttobedisplayed on a Certificate

killMethod= 2 [0-17] Erase method to use fordisk/volume erasing. See tableofErase

Methods available. DoD 5220.22-M by

default

killVerification= true true/false whether to use dataverification after erase, or not

killVerificationPercent= 10 [1-100] verification percent, in case ifdataverification is used

killUserPattern= ASCII texttobe used for User Defined

7/30/2019 KillDisk7

32/45




erase method as a custom pattern

killUserPasses= [1-99] number of overwrites to beused for User Defined erase method

wipeMethod= 2 [0-17] Wipe method to use forvolume wiping.SeetableofErase

Methods available. DoD 5220.22-M bydefault

wipeVerification= true true/false whether to use dataverification after wipe, or not

wipeVerificationPercent= 10 [1-100]verificationpercent,incaseifdata verification is used

wipeUserPattern= ASCII texttobe used for User Defined

wipe method as a custom pattern

wipeUserPasses= [1-99] number ofoverwrites to beused for User Defined wipe method

wipeUnusedCluster= True true/false whether to wipe out allunused clusters on a volume, or not

wipeUnusedBlocks= False true/false whether to wipe out allunusedblocks in systemrecords, or not

wipeFileSlackSpace= False true/false whether to wipe out all fileslackspace (in last file cluster), or not

Youcanfinda more detailed explanation of each parameter inChapter5-Erase/Wipeparameters.

WhenyoustartKillDiskwithor without commandlineparameters,itsexecutionbehaviordependsoneither commandlinesettings (highestpriority),settingsconfiguredin interactivemodeandstoredintheKILLDISK.INIfile(lowerpriority), or defaultvalues(lowestpriority).

Defaultvaluemeansthatif theKILLDISK.INIfile isabsent,orexistsbutcontainsnorequiredparameter,thepre-defined(default)valuewillbe used.

3.2.3Erase or WipeLogicalDrives(Partitions)

In al lpreviousexamplesinthischapter,theprocesshaserasedorwipeddatafromaphysicaldrive.Using a similarmethod,youcaneraseorwipelogicaldisksandpartitions.This includesdamagedUnallocatedareaswherepartitionsusedtoexistandareasnotvisibletothecurrentoperatingsystem.

7/30/2019 KillDisk7

33/45



The Wipe button is disabled when partitions cannot be wiped because of

issues such as an unknown or unsupported file system.KillDiskmust lockthepartitionbefore performing a Wipe or Erase action. A partition cannot belocked if it is in use by another user or application. In thiscase a dialog boxappearswith informationthatthediskisbeingusedandyouneedto eitherskip it,orforcevolumedismount. Ifyouskip it,thewipeoreraseoperation iscanceledforthisdrive.Ifyouselectforcedismount,somedatainthedrivescachemaybelost.This could affect other applicationsworking with the same volume. If, for example, you made changes to aWord document located on D: and haven't saved the file, a subsequent"forced dismount" for D: would likely result in the loss of the changes. Thefile's original version should be unaffected.

3.2.3.1EraseDatafromaLogicalDrive

To erasedata from a logicaldrive:1. StartActive@KillDiskfrom a bootabledeviceor from thePrograms

menu.

2. TheLocalSystemDevicesscreenappears.

All system harddrivesandremovabledrivesaredisplayedin theleftpane. Systeminformation isdisplayedintherightpane.

Figure 3-9 Local System Devices andVolumes

3. Selectthecheckboxofalogicaldisk/volumeortheUnallocatedarea.

7/30/2019 KillDisk7

34/45



4. PressF10orclickKill.TheKilldialog box appears.

5. Setthe erasemethodandotherparametersforerasing.Forinformationontheseparameters,seeChapter5Erase/WipeParametersinthisguide.

6. Complete the process as you would for other devices.

3.2.3.2WipeDatafromaLogicalDrive

To wipedata from a logicaldrive:

1. StartActive@ KillDiskfrom a bootabledeviceor from theProgramsmenu.

2. TheLocalSystemDevicesscreenappears.

All system harddrivesandremovabledriveswillbedisplayedin theleftpanealongwiththeirsysteminformation in therightpane.

3. Selectthecheckboxofalogicaldisk/volumeortheUnallocatedspace.

4. PressF9orclickWipetowipedatafromunoccupiedareas.TheWipeFreeDiskSpacedialogboxappears.

5. Select a wipemethodandsetotherparametersforwiping.Forinformationon these parameters,seeChapter5Erase/WipeParametersinthisguide.

6. Completetheprocess as you wouldforother devices.

3.3Completed EraseorWipeOperationInformationAfteran operation iscompletedsuccessfully,informationonhowdriveshavebeenerasedorwiped isdisplayedin theEventLog at bottom ofthescreen.The textcanbesavedin a logfileand as a certificatethatcanbeprintedorsavedasa PDFfilefor future printing.

Anexample ofanerasesessionsavedin a Logfileisdisplayedbelow.

2012-10-1011:12:[email protected],Kernel2.10.10---------------------------------------EraseSessionBegin------------------------------

2012-10-1011:13:[email protected]

Erasemethod:USDoD5220.22-M(3passes,verify)Passes:3[Verification10%]EraseWDCWD1600YD-01NVB1FixedDisk(81h)(SerialNumber:WD-WMANM1702217)-153GBStarted:2012-10-1011:13:59

Pass1 - OK(0x0000000000000000)

Pass2 - OK(0xFFFFFFFFFFFFFFFF)Pass3 - OK(Random)

VerificationpassedOKFinished2012-10-1013:54:19

2012-10-1013:54:28Timetaken:02:40:212012-10-1013:54:28Erasingcompletedfor1device

---------------------------------------EraseSessionEnd-------------------------------

2012-10-1013:54:28Rescannedhardware

7/30/2019 KillDisk7

35/45



A summary of errors is presented in this report if the process encounterederrors from, for example, bad clusters.

Details ofthisreportaresavedbydefaultto a logfile locatedinthefolderfrom [email protected] locationcanbechangedin Settings.

Example ofan EraseCertificatethatcanbeprintedorsavedas a PDF:

7/30/2019 KillDisk7

36/45

4CommonQuestions

4.1 Howdoesthelicensingwork?

Thesoftwareislicensedon a perCD/DVDorUSBmediastoragedevice

basis.Eachlicenseallowsyoutousetheprogram from a separateCD/DVDorUSBdevice. Forexample, ifyouwanttousetheprogramtowipefivecomputersconcurrently,youwouldneedfiveCDsorDVDsorUSBdevices(orcombination ofthethreenotexceeding five), andthereforeneed a five-userlicense.

4.2 Howisthedataerased?

Active@KillDiskcommunicateswiththesystemhardwaredevicedirectly.The Free version erasesdatabyoverwritingalladdressable locationsonthedrivewith zeros.Active@KillDiskProfessionalversionsuggestsseveral

methodsfordatadestruction.Forexample,in USDoD5220.22-Mmethoditoverwritesal laddressablestorageandindexing locationsonthedrivethreetimeswith zeros (0x00),complement(0xFF),andrandomcharacters. It thenverifiesal lwritingprocedures.ThiscomplieswiththeUSDoD5220.22-Msecuritystandard.

4.3 WhatisthedifferencebetweentheSiteandEnterpriselicense?

SiteLicensemeansanunlimitedusage oftheprogramin onephysicallocation;EnterpriseLicense-in any companyslocations.

4.4 WhichoperatingsystemsaresupportedbyActive@KillDisk?

Active@KillDiskforWindowscan be launchedand workunder Windows XP,WindowsVista, Windows 7, Windows 8, Windows 2003,and 2008 Server.Active@ KillDisk for Windows can be also launched fromapre-installedonmediastoragedeviceoperatingsystem(WinPE).Asitcanbeinstalledeasilyonto a bootableCD/DVDorUSBcard, itdoesnot matter whichoperatingsystemisinstalledonthemachines harddrive.IfyoucanbootfromthebootCD/DVD/USB, youcandetectanderaseanydrivesindependent oftheinstalledoperating system.This way you can easily erase UNIX, Linux andMacOS X partitions and disks.

4.5 IsActive@KillDiskforWindowscompatiblewithMacintoshcomputers?

YoucannotrunActive@KillDisk intheold Mac OS environment(basedonPowerPCarchitecture). However,themostrecentApplecomputers(iMacrunning MacOS X)arebasedontheIntelarchitecture. In this case, itis
http://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htm

7/30/2019 KillDisk7

37/45

4 Common Questions


possibletobootfromActive@BootDiskusing a CD, DVDorUSBdevice. Todoso,holdtheOptionkeydownwhenstartingthecomputer.

4.6 WillIbeabletousemyHardDiskDriveafterActive@KillDiskerase

operation?Yes. To beabletousethe HDDagainyouneedto:

Repartitiontheharddriveusing a standardutility likeFDISK.

Reformatpartitionsusing a standardutilitylikeFORMAT.

ReinstalltheOperatingSystem using a bootableCD/DVD-ROM.

4.7 IcannotbootfromtheCD/DVD.WhatshouldIdonext?

Yourcomputermayhave bootpriorityforHardDiskDrives,oranotherdevicesethigherthanbootpriorityforCD/DVDdevice.

Parametersthataresetin low-levelsetuparewrittentothemachine'sBIOS.

To changethebootpriority:

1. Openthelow-levelsetuputility,usually by pressingF1,F2, F10orESConthekeyboardduringstartup.

2. UsethearrowkeystolocatethesectionaboutBootdevicepriority.Thissectionwillallowyoutosetthesearchorderfortypesofbootdevices.Whenthescreenopens, a list ofbootdevicesappears.Typicaldevicesonthislistwillbeharddrives,CDorDVDdevices,floppydrivesandnetworkbootoption.

3. IftheCDorDVDdevice hasbeendisabled,enableit(providedyouhavea deviceinstalled). The priorityshould indicatethattheCD/DVDdeviceisthenumberonedevicetheBIOSconsultswhensearchingforbootinstructions.IftheCD/DVDdeviceis at thetopofthelistthatisusuallytheindicator.

4. Saveandexitthesetuputility.

7/30/2019 KillDisk7

38/45

5Erase/WipeParametersandApplicationSettings

Whetheryouchoosetoerasedatafromthedriveortowipedatafromunoccupieddrivespace,themethodsofoverwriting these spacesarethesame.

5.1Erase/WipeMethods

OnePassZerosorOnePassRandom

Whenusing One PassZerosorOnePassRandom,thenumberofpassesisfixedandcannotbechanged.

Whenthewriteheadpassesthrough a sector,itwritesonlyzerosoraseriesofrandomcharacters.

UserDefined

Youindicatethenumberoftimesthewriteheadpassesovereachsector.Eachoverwriting pass isperformedwith a buffercontainingthe patternyouspecified(ASCIIstring).

USDoD5220.22-M

Thewriteheadpassesovereachsectorthree times.Thefirsttimeis withzeros (0x00),the secondtimewith0xFF, andthethird time withrandomcharacters.Thereisonefinal pass toverifyrandomcharactersbyreading.

US DoD 5220.22-M (ECE)

Thewriteheadpassesovereachsectorseventimes (0x00,0xFF,Random,0x96,0x00,0xFF,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.

CanadianOPS-II

Thewriteheadpassesovereachsectorseventimes(0x00,0xFF,0x00,0xFF, 0x00,0xFF,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.

GermanVSITR

Thewriteheadpassesovereachsectorseventimes(0x00,0xFF,0x00,

0xFF, 0x00,0xFF,0xAA).Thereisonefinal pass toverifyrandomcharactersby reading.

RussianGOSTp50739-95

Thewriteheadpassesovereachsectortwotimes(0x00,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.

7/30/2019 KillDisk7

39/45

5 Erase/Wipe Parameters and Application Settings


USArmyAR380-19

Thewriteheadpassesovereachsectorthreetimes.Thefirsttimewith0xFF, the secondtimewith zeros (0x00), andthethird time with randomcharacters. Thereisonefinal pass toverifyrandomcharactersbyreading.

USAirForce5020Thewriteheadpassesovereachsectorthreetimes.Thefirsttimewithrandomcharacters,the secondtimewith zeros (0x00),andthethird timewith 0xFF. Thereisonefinal pass toverifyrandomcharactersbyreading.

HMG IS5(BaselineandEnhanced)

Baselinemethodoverwritesdiskssurfacewithjustzeros(0x00).

Enhancedmethod-thewriteheadpassesovereachsectorthreetimes.Thefirst time with zeros (0x00),the secondtimewith0xFF, andthethird timewithrandomcharacters.

Thereisonefinal pass toverifyrandomcharactersbyreading.

NavsoP-5329-26(RLandMFM)

RLmethod-thewriteheadpassesovereachsectorthreetimes (0x01,0x27FFFFFF,Random).

MFM method-the writeheadpassesovereachsectorthreetimes (0x01,0x7FFFFFFF, Random).

Thereisonefinal pass toverifyrandomcharactersbyreading.

NCSC-TG-025

The writeheadpassesovereachsectorthreetimes (0x00,0xFF, Random).Thereisonefinal pass toverifyrandomcharactersbyreading.

NSA130-2

The writeheadpassesovereachsectortwotimes (Random,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.

BruceSchneier

Thewriteheadpassesovereach sectorseventimes(0xFF,0x00,Random,

Random,Random,Random,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.

Gutmann

Thewriteheadpassesovereachsector35times.Fordetailsaboutthis,themostsecuredataclearingstandard, youcanreadtheoriginalarticle at thelinkbelow:

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

7/30/2019 KillDisk7

40/45



5.2Erase/WipeOptions

In additiontothe erasemethod,youcan specifymoreoptionsforerasing/wiping.

VerificationAftererasing iscompleteyoucandirectthesoftwaretoperformverificationofthesurfaceonthedrivetobesurethatthelastoverwriting pass wasperformedproperlyanddataresidingonthedrive matchesthedatawrittenby theerasingprocess.

Becauseverification is a long process, you may specifyapercentageofthesurfacetobeverified. You may alsoturntheverification offcompletely.

WipeoutDeleted/Unuseddata

Thisparameterappearsonlywhenyouarewipingdatafromunusedspaceontheharddrive.Thewipingprocessclearsdataresiduefromunoccupied

spaceontheharddriveanddoesnotaffectinstalledapplicationsorexistingdata.Thisprocesscontainsthreeoptions:

Wipeunusedclusters

Wipeunusedspacein MFT/Rootarea

Wipeslackspace in fileclusters

Youmaychoosetorunonlyoneortwo oftheseoptionsinordertomaketheprocesscompletemorequickly.Ifyouwant a thoroughwiping ofunusedspace,thenincludeall oftheoptions.

5.3GeneralSettings

Generalparametersallowyoutoturnfeaturesonorofforchangedefaultsettingswhenyouareerasingorwipingdata from unoccupied space. Youcan alsochangethe look and feel of the applicationand its loggingoptions.To viewandchangesettings,pressthe F2key,orclickthe Settingstoolbarbutton.

Read/WriteRetryAttempts

Ifanerrorsuch as physical damage on the drive surfaceisencountered

whilewritingdatato the drive,Active@KillDisktriestoperformthewriteoperationagain. You canspecifythe numberofretriestobeperformed.Sometimes,ifthedrivesurfaceisnotcompletelydestroyed, adamagedsectorcanbeoverwrittenafterseveralretries.

IgnoreDiskWriteErrors(badsectors)

Ifthisoption isturnedon,errormessageswillnotbedisplayedwhiledataerasingorverification isinprogress. All information about errors is written to

7/30/2019 KillDisk7

41/45



the KILLDISK.LOG file. ThesemessagesaredisplayedinthefinalErasingreportafter the process is complete.

ClearLog FilebeforeStart

Ifthisoption isturnedon,the KILLDISK.LOGlogfilewillbetruncatedbefore

erasingstarts.Aftererasingiscompleted,thelogfilewillcontain informationonlyaboutthelastsession.

Ifthisoption isturnedoff,the KILLDISK.LOGlogfilewillnotbetruncatedandinformationaboutthelasterasingsessionisappendedtotheend ofthefile.

SkipDiskEraseConfirmation

Theconfirmationscreenisthefinal step beforeerasing data. In thisscreen,youtypeERASE-ALL-DATAtoconfirmwhatisabouttohappen.IfSkipConfirmation isturnedon,thisfinalsafetyrequestdoesnotappear.Thisoption istypicallyusedwithcaution by advancedusersinordertospeedup

theprocess.ItissafertorunKillDiskwiththe default state of Skip DiskErase Confirmation selected.Youmaywanttousethis as a safetybuffertoensurethatdatafromthecorrectdrivelocation isgoingtobeerasedcompletelywithnopossibility offuturedatarecovery.

SaveLog&ShutdownPCaftercompletion

Erasing can take many hours.You can leave work with KillDisk running and setto turn the computer off when erasing is completed. A log file is saved andcan be reviewed later on.

EventLogging

By defaultKillDiskdoesaMinimal logging. Information is placed intheEvent

LogviewandsavedtotheKILLDISK.LOGlogfile. Ifmoredetailedinformation isrequiredorexecutionerrorsoccur,youcanspecifytheDetailed loggingoption. Theproblemcan then be moreeffectively analyzed.

ApplicationStyle

By defaultKillDiskhas beenlaunchedin aDarkcolor scheme. Ifyouareuncomfortablewith it,changetheApplicationStyletoLightmode.Anapplicationre-startisrequiredwhenyouchangetheApplication Style.

IncludeLogo/TechnicianinfointoCertificate

Aftererasing/wiping, KillDiskcanproduce a certificatePDFfilethatcanbe

printed lateron. This certificatecaninclude custom attributes,such ascompany logo(graphics)and companyinfo(text).Youcanconfigure theseparametersinthe Logo/Technician Info tab. Turn onthisoptiontoincludeal lsuppliedparametersintheCertificate.

Thisoption isavailableonly inthe Professionalversion.

7/30/2019 KillDisk7

42/45



Send e-mailNotification

Aftererasing/wiping is complete, KillDiskcandelivertheoutputreport (contents ofthelogfile)toyour e-mail mailbox.Youcanconfiguresendingparametersonthe SMTPtab.Turnonthisoptiontosendoutareportaftersuccessfuljobcompletionor iferrorsoccur.

Thisoption isavailable inonly in the Professionalversion.

5.4CertificateandLogFileSettings

Thesesettingsallowconfiguration of thestorageanddisplayparametersforthe certificateand log file.

Certificateoptions

Theseparametersallowdisplayof the erase\wipecertificateandsetting ofits storage location as a PDF file for future printing.

Log file optionsTheseparametersallownaming the log file and setting its storage location.

5.5LogoandTechnicianInfoSettings

Thesesettingsallowembedding custom information intothestandardPDFcertificateforprinting.

Theseoptionscanbeconfigured in the Freeversion,but are useableonlyintheProfessionalversion.

LogoYoucanselecta companylogo from agraphicsfile (*.BMP, *.JPG,*.PNG).The image sizemustbe450by200pixelstobeprintedproperly.Thecompany logowillbeplaced at thetop ofthe certificateandwillbeembeddedinto a PDFfilethatyoucanprint lateron.

TechnicianInformation

Youcanspecifyal lorsome ofthefields beingdisplayedona certificateandembeddedinto a PDFfile:

ClientName

TechnicianName

CompanyName

CompanyAddress

CompanyPhone

Comments

7/30/2019 KillDisk7

43/45



5.5SMTPSettings

Thesesettingsallowconfiguringmailersettingsfordeliveringerasing/wipingreportstoyourmailbox.SimpleMailTransportProtocol(SMTP)isresponsiblefortransmitting e-mail messages andneedstobeconfiguredproperly.

Theseoptionscanbeconfigured in the Freeversion,but are useable only inthe Professional version.

AccountType

KillDiskoffers youa free SMTPaccountlocatedon www.smtp-server.comthatcanbeusedforsendingoutreports.Bydefaultal lrequiredparametersarepre-filledandconfiguredproperly. Theonlyfieldyouneedtotypein isthe e-mailaddress wherereportswillbesentto. Ifyourcorporatepolicydoesnotallowusingservicesotherthanits own, youneedtoswitchthisoptionto CustomAccountandconfigureallsettingsmanually. Askyoursystem/networkadministratortogettheseparameters.

To

Typethe e-mail address whereerasing/wipingreportswillbesentto.

From

Typethe e-mailaddress whichyouexpectthesereportstocomefrom.

SMTPServer

KillDiskoffers youthe use of smtp-server.comfor a free SMTP account.Thisaccountis pre-configuredforKillDiskusers.Askyoursystem/networkadministratortogetthe SMTPservername to be used in the Custom

Account.

SMTPPort

ForthefreeSMTPaccount,KillDiskallowsyouto use smtp-server.comonport 80. Thisis a standardWWWportbeingusedbyal lwebbrowserstoaccessthe internet.Thisportmostlikelywillbekeptopenon a corporateorhomenetwork.Otherportscanbefiltered by andclosedon a networkfirewall.Forthe Custom account,askyoursystem/networkadministratortoset properSMTPportfortherelatedSMTPserver.

SMTPServerrequestsauthorizationTo avoidspamandothersecurityissues,someSMTPserversrequireeachusertobeauthorizedbeforeallowsending e-mails. In thiscasea properusernameandpasswordarerequired.Askyoursystem/networkadministratortogetproperconfigurationsettings.
http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/

7/30/2019 KillDisk7

44/45

6Glossary ofTerms

BIOSsettings

BasicInputOutputSubsystem.Thisprogrammablechipcontrolshowinformation is passedtovariousdevicesinthecomputersystem.AtypicalmethodtoaccesstheBIOSsettingsscreenistopressF1,F2,F8,F10orESCduringthebootsequence.

bootpriority

BIOSsettingsallowyoutorun a bootsequencefromafloppydrive,aharddrive, aCD/DVD-ROMdriveoraUSBdevice. You may configuretheorderthatyourcomputersearchesthesephysicaldevicesforthebootsequence.Thefirstdeviceintheorderlist has thefirstbootpriority.Forexample,tobootfrom a CD/DVD-ROMdriveinstead ofaharddrive,placetheCD/DVD-ROMdriveaheadoftheharddrivein priority.

compressedcluster

Whenyouset a fileorfolderpropertytocompressdata,thefileorfolderuses lessdiskspace.Whilethesize ofthefileissmaller,it must use a wholecluster inordertoexistontheharddrive.Asaresult,compressedclusterscontain"fileslackspace".Thisspace may containresidualconfidentialdatafrom thefilethatpreviouslyoccupiedthisspace.KillDiskcanwipeouttheresidualdatawithouttouchingtheexisting data.

cluster

Alogicalgroup ofdisksectors,managedbytheoperatingsystem,forstoring

files.Eachclusterisassigned a uniquenumberwhen it isused.Theoperatingsystemkeepstrackofclustersintheharddisk'srootrecordsorMFTrecords.

freecluster

Aclusterthatisnotoccupied by a file. Thisspacemaycontainresidualconfidentialdatafromthefilethatpreviouslyoccupiedthisspace.KillDiskcanwipeouttheresidual data.

fileslackspace

Thesmallestfile(and even anemptyfolder)takesupanentirecluster.A10-byte filewilltakeup2,048bytesifthatistheclustersize.Fileslackspace istheunusedportion of a cluster. Thisspacemaycontainresidualconfidentialdata from thefilethatpreviouslyoccupiedthisspace.KillDiskcanwipeouttheresidualdatawithouttouchingtheexisting data.

deletedbootrecords

Alldisksstartwith a bootsector. In a damageddisk,ifthelocation ofthebootrecordsisknown,thepartitiontable canbereconstructed.Thebootrecordcontains a filesystemidentifier.

7/30/2019 KillDisk7

45/45

6 Glossary of Terms

ISO

AnInternationalOrganizationforStandardization ISO-9660filesystemis astandardCD-ROMfilesystemthatallowsyoutoreadthesameCD-ROMwhetheryou'reon a PC,Mac,orothermajorcomputerplatform.DiskimagesofISO-9660filesystems(ISOimages)areacommonwaytoelectronically

transferthecontentsofCD-ROMs.Theyoftenhavethefilenameextension.ISO(thoughnotnecessarily),andarecommonlyreferredtoas"ISOs".

lostcluster

Aclusterthathasanassignednumberinthefileallocationtable,eventhoughit isnotassignedtoanyfile.Youcanfreeupdiskspacebyreassigning lostclusters. In DOSandWindows,youcanfindlostclusterswiththeScanDiskutility.

MFTrecords

MasterFile Table.Afilethatcontainstherecords ofeveryotherfileanddirectoryin anNTFS-formattedharddiskdrive.Theoperatingsystemneedsthis informationtoaccessthefiles.

rootrecords

FileAllocation Table.Afilethat containstherecords ofeveryotherfileanddirectoryin a FAT-formattedharddiskdrive.Theoperatingsystemneedsthis informationtoaccessthefiles.ThereareFAT32,FAT16andFATversions.

sector

Thesmallestunitthatcanbeaccessedon a disk. Tracksareconcentriccirclesaroundthediskandthesectorsaresegmentswithineachcircle.

unallocatedspace

Spaceonaharddiskwherenopartition exists.Apartition may havebeendeletedordamagedor a partition may nothavebeencreated.

unusedspaceinMFTrecords

Theperformance ofthecomputersystemdependsalotontheperformanceoftheMFT.Whenyoudeletefiles,theMFTentryforthatfileisnotdeleted,it ismarkedasdeleted.Thisiscalledunusedspacein theMFT.IfunusedspaceisnotremovedfromtheMFT,thesize ofthetablecouldgrowto apointwhere itbecomesfragmented,affectingtheperformance oftheMFT

andpossiblytheperformanceofthecomputer.Thisspace may alsocontainresidualconfidentialdata(file names,fileattributes,residentfile data) fromthefilesthatpreviouslyoccupied these spaces.KillDiskcanwipeouttheresidualdatawithouttouchingtheexisting data.

killdisk7

Documents