killdisk7
TRANSCRIPT
-
7/30/2019 KillDisk7
1/45
Active@KillDiskforWindows
UserGuide
-
7/30/2019 KillDisk7
2/45
2 Active@ KillDisk User Guide
Copyright 1999-2012, LSOFTTECHNOLOGIESINC.All rights reserved. No part of thisdocumentation may be reproducedinanyform or byany means or used to make any
derivative work (such as translation, transformation, or adaptation) without written permissionfrom LSOFT TECHNOLOGIESINC.
LSOFT TECHNOLOGIES INC.reserves the right to revise this documentation and to makechanges in content from time to time without obligationon the partofLSOFTTECHNOLOGIES
INC. to providenotificationofsuch revision or change.LSOFT TECHNOLOGIES INC.provides this documentation without warrantyofany kind, eitherimplied or expressed,including,butnotlimitedto, the implied warranties ofmerchantability
and fitness for aparticularpurpose.LSOFTmay make improvements or changes in theproduct(s) and/ortheprogram(s) described in this documentationatany time.
All technical data andcomputersoftwareiscommercialin nature and developedsolelyat
private expense. As the User, or Installer/Administratorofthis software, you agree not toremove or defaceany portion ofanylegend provided onanylicensed program or
documentation contained in, or delivered to youinconjunction with, this User Guide.
Active@ KillDisk, the Active@ KillDisk logo, KillDiskand Erasers Software are trademarks ofLSOFT TECHNOLOGIES INC.
The LSOFT.NET logo isa trademark ofLSOFTTECHNOLOGIESINC.
Other brand andproduct names may be registeredtrademarks or trademarks oftheirrespective holders.
-
7/30/2019 KillDisk7
3/45
3
Contents
1 Product Overview................................................................................................ ................41.1 Erasing Confidential Data................................................................ ..............................41.2WipingConfidential Data from UnoccupiedDiskSpace ...................................................6
2 System Requirements ................................................................................................ ....... 122.1Active@ KillDisk for Windows Version ................................................................ .......... 12
3Running Active@ KillDisk................................................................................................ ... 153.1Active@BootDiskCreator ................................................................ ..........................153.2Interactive, Command Line and Batch Modes............................................................... 173.3 Completed Erase or Wipe Operation Information..........................................................34
4Common Questions................................................................................................ ........... 365 Erase/Wipe Parameters and Application Settings................................................................ . 386GlossaryofTerms ................................................................................................ ............. 44
-
7/30/2019 KillDisk7
4/45
1.ProductOverview
Active@ KillDiskforWindows is a powerfulutilitythatwill:
Wipeconfidentialdata from unusedspaceonyourharddrive.
Erase datafrompartitionsor from anentireharddisk.
Destroydatapermanently.
Wipingthe logicaldrive'sdeleteddatadoesnotdeleteexistingfilesandfolders. It processesal lunoccupieddrivespacesothatdatarecoveryofpreviouslydeletedfilesbecomesimpossible.Installedapplicationsandexistingdataarenottouchedbythisprocess.Active@KillDiskwipesunuseddataresidue fromfileslackspace,unusedsectors,andunusedspaceinsystemrecordsordirectoryrecords.
WhenyouerasedatawithActive@KillDiskforWindows, youdestroydatapermanently byconformingtoanyone offifteeninternationalstandardsor
usingyour own custom settings.
Wipingdrive space orerasingdatacantake a longtime,soperformtheseoperationswhenthe system is not being otherwise utilized. Forexample,these operations may berunovernight.Ifyouhaveseveralphysicalharddrives attachedtothemachine,KillDiskcan erase or wipe themsimultaneously(inmulti-threadedmode),thussavingyoutimeandworkcosts.
Aftererase or wipeactions arecompleted, KillDiskoffersyouthe options ofinitializingeraseddisks,shuttingdownyourcomputer,saving a logfileandthecertificate(PDFtobeprinted), andevensending logfilesvia e-mailtoyourmailbox.Customerase or wipecertificatescanbecreatedusingyourcompany logoandattributes.
1.1ErasingConfidentialData
Modernmethods ofdataencryptionaredeterringnetworkattackersfromextractingsensitivedatafromstoreddatabasefiles.Attackerswhowanttoretrieveconfidentialdataarebecomingmoreresourceful by looking intoplaceswheredatamightbestoredtemporarily.For example, aharddriveon
a localnetworknodecanbeaprimetargetforsuch a search.Oneavenueofattackistherecoveryofdatafromresidualdataon a discardedharddrive.Whendeletingconfidentialdata from harddrives, removabledisks, orUSBdevices, itisimportanttoextractall traces ofthedatasothatrecoveryisnotpossible.
Mostofficialguidelinesregarding the disposal ofconfidentialmagneticdatadonottakeintoaccountthedepthoftodaysrecordingdensities, northemethodsusedbytheoperatingsystemwhenremovingdata. Forexample,
-
7/30/2019 KillDisk7
5/45
1. Product Overview
Active@ KillDisk for Windows User Guide 5
theWindowsDELETEcommandmerelychangesthefile name sothattheoperatingsystemwillnotlookforthefile.Thesituationwith NTFS issimilar.
Removal ofconfidentialpersonal informationorcompanytradesecretsin thepast might have been performed usingtheFORMATcommandorthe FDISKcommand.Ordinarily,using these proceduresgivesusersasenseof
confidencethatthedatahasbeencompletelyremoved.
WhenusingtheFORMATcommand,Windows displays a messagelikethis:
Important:Formatting a diskremoves all informationfromthedisk.TheFORMATutilityactually creates new FAT andROOTtables,leavingallpreviousdataonthediskuntouched.Moreover,animageofthereplacedFAT andROOTtablesis stored so thattheUNFORMATcommandcanbeusedtorestorethem.
FDISKmerelycleansthePartitionTable(locatedinthedrive'sfirstsector)anddoesnottouchanythingelse.
1.1.1AdvancedDataRecoverySystems
Advancesindatarecoveryhavebeenmadesuchthatin many cases datacanbereclaimedfromharddrivesthathavebeenwipedanddisassembled.Securityagencies use advancedapplicationstofindcybercrime-relatedevidence.There alsoareestablished industrial spy agenciesadoptingsophisticatedchannelcodingtechniquessuchasPRML (PartialResponseMaximumLikelihood), a techniqueusedtoreconstructthedataonmagneticdisks.Othermethodsincludethe use ofmagneticforcemicroscopyand
recoveryofdatabasedonpatternsinerasebands.Althoughthereareverysophisticateddatarecoverysystemsavailable at ahighprice,datacaneasilyberestoredwiththehelp ofanoff-the-shelfdatarecoveryutilitylike Active@FileRecovery, makingyourerasedconfidentialdataquiteaccessible.
Usingour powerful and compactActive@KillDiskforWindowsutility, alldataonyourharddriveorremovabledevicecanbedestroyedwithoutthepossibility offuturerecovery.AfterusingActive@ KillDiskforWindows,disposal,recycling,selling, ordonatingyourstoragedevicecanbedonewithpeace ofmind.
1.1.2InternationalStandards in DataRemoval
Active@KillDiskforWindowsconformstofifteeninternationalstandardsforclearingand sanitizingdata(USDoD5220.22-M,Gutmannandothers).Youcanbesurethatsensitive information is destroyed forever onceyoueraseadiskwith Active@ KillDiskforWindows.Active@KillDiskforWindows is aqualitysecurityapplicationthatdestroysdatapermanentlyonanycomputer
http://www.file-recovery.com/http://www.file-recovery.com/http://www.file-recovery.com/http://www.file-recovery.com/http://www.file-recovery.com/ -
7/30/2019 KillDisk7
6/45
6 Active@ KillDisk User Guide
thatcanbestartedusing a bootableCD/DVD-ROMorUSBFlashDisk.Accesstothedrive'sdataismadeonthephysical level via theBIOS (BasicInput-OutputSubsystem),bypassingtheoperatingsystemslogicaldrivestructureorganization.Regardlessoftheoperatingsystem,filesystems, ortypeofmachine,thisutilitycandestroyal ldataonal lstoragedevices. It doesnotmatterwhichoperatingsystemsorfilesystemsarelocatedonthemachine.
1.2WipingConfidentialDatafromUnoccupiedDisksSpace
Youmayhaveconfidentialdataonyourharddrivein spaces wheredatamay havebeenstoredtemporarily.YoumayalsohavedeletedfilesbyusingtheWindowsRecycle Bin andthenemptying it. Whileyouarestillusingyourlocalharddrive,there may beconfidential informationavailable intheseunoccupiedspaces.
Wipingthe logicaldrive'sdeleteddatadoesnotdeleteexistingfilesand
folders. It processesal lunoccupieddrivespacesothatrecoveryofpreviouslydeleted filesbecomesimpossible.Installedapplicationsandexistingdataarenottouchedbythisprocess.
Whenyouwipeunoccupieddrivespace,theprocessisrunfromthebootableCD/DVDoperatingsystem.Asaresult,thewipeor erase processusesanoperating system thatisoutsidethelocalharddriveandisnotimpededbyWindowssystemcaching. ThismeansthatdeletedWindows system recordscanbewipedclean.
KillDiskwipesunuseddataresidue from fileslackspace,unusedsectors,andunusedspacein MTFrecordsordirectoryrecords.
Wiping drive space can take a long time, so do thiswhen the system is notbeing otherwise utilized. For example, this can be doneovernight.
1.2.1WipeAlgorithms
Theprocessofdeletingfilesdoesnoteliminate them fromtheharddrive.Unwantedinformation may stillbeleftavailable for recovery onthecomputer.Amajorityofsoftwarethatadvertisesitselfas performingreliabledeletionssimplywipesoutfreeclusters.Deletedinformation may bekeptin
additional areas of a drive.KillDisktherefore offersextrastepstoensuresecuredeletion.
-
7/30/2019 KillDisk7
7/45
Active@ KillDisk for Windows User Guide 7
1.2.2Specifics ofWipingforDifferentFileSystems
1.2.2.1NTFSFileSystem
NTFSCompressedFiles
Wipingfreespaceinside a file:
ThealgorithmNTFShastocompressafileit separates intocompressedblocks(usually
64KBlong).Afteritisprocessed,eachoftheseblocks has beenallocated a certain
amountofspaceonthevolume. Ifthecompressedinformationtakesuplessspacethan
thesourcefile,thentherestofthespaceislabeled as sparsespaceandnospaceon
thevolumeisallocatedtoit.Becausethecompresseddataoften doesn'thaveasize
exactly that ofthecluster,theend ofeachoftheseblocks stays as unusablespace of
significant size. Ouralgorithmgoesthrougheach oftheseblocksin a compressedfile
andwipestheunusablespace,erasingpreviouslydeletedinformationthatwaskeptin
thoseareas.
TheMFT (MasterFileTable)Area
Wipingthesysteminformation:
The$MFTfilecontainsrecords describingeveryfileonthevolume.Duringthedeletion
ofthesefiles,therecordsoftheirdeletionareleftuntouched -- they aresimplyrecorded
as "deleted".Therefore,filerecoverysoftwarecanusethisinformationtorecover
anythingfromthenameofthefileandthestructureofthedeleteddirectoriesdown to
filessmallerthan 1KB thatareabletobesavedintheMFTdirectly.Thealgorithmused
-
7/30/2019 KillDisk7
8/45
8 Active@ KillDisk User Guide
by KillDiskwipesal l oftheunusedinformationout oftheMFTrecordsandwipesthe
unusablespace,making a recoveryprocessimpossible.
1.2.2.2FAT/FAT32/exFAT FileSystem
WipingDirectoryAreas
Eachdirectoryon a FAT/FAT32oran exFATvolumecanbeconsideredas a specificfile
describingthecontents ofthedirectory.Insidethisdescriptortherearemany32-byte
records describingeveryfileandotherinnerfolders.Whenyoudeletefiles thisdatais
notbeingfullyerased. Itisjustmarkedasdeleted(hexsymbol0xE5). Thats whydatarecoverysoftwarecandetectandusetheserecordstorestorefilenamesandfull
directorystructures. In somecases,dependent onwhether a spacewherean itemis
located has beenoverwritten yet ornot,filesandfolderscanbefully or partially
recovered.Active@KillDiskmakes datarecoveryimpossible by usingan algorithmthat
wipesoutal lunused informationfromdirectorydescriptors.Active@KillDisknotonly
removesunusedinformation butalsodefragmentsDirectoryAreas,thusspeedingup
directoryaccess.
-
7/30/2019 KillDisk7
9/45
Active@ KillDisk for Windows User Guide 9
This is how Directory Area looks before Wiping, red rectangles display deleted
records:
This ishowDirectoryArealooksafterWiping:alldeletedrecordsremoved,root
defragmented:
-
7/30/2019 KillDisk7
10/45
10 Active@ KillDisk User Guide
1.2.2.3WipeHFS+
HFS+B-tree
AB-treefile isdividedup intofixed-size nodes,eachofwhichcontainsrecords
consisting of a keyandsomedata.
Intheeventofthedeletion of a fileorfolder,thereis a possibility ofrecoveringthe
metadataofthefile (suchasitsnameandattributes),aswell as theactualdatathatthe
fileconsistsof.KillDisk'sWipemethodclearsoutal l ofthisfreespaceinthesystemfiles.
1.2.2.4WipingExt2fs/Ext3fs/Ext4fs
ALinuxExtFs(Ext2/Ext3/Ext4) volumehasaglobaldescriptorstable.Descriptorstablerecordsarecalledgroupdescriptorsanddescribeeachblocksgroup.Eachblocksgroup
has anequalnumber ofdatablocks.A datablock isthesmallestallocationunit;sizes
varyfrom1024bytesto4096bytes.Eachgroupdescriptor has a blocks allocation
bitmap. Eachbit ofthebitmap showswhethertheblock isallocated (1) oravailable (0).
KillDisksoftwareenumeratesal lgroupsandforeachandeveryblockwithinthegroup
onthe volumecheckstherelatedbitmaptodefine itsavailability.Iftheblock is
available,KillDiskwipes itusingthe methodsupplied by the user.
-
7/30/2019 KillDisk7
11/45
Active@ KillDisk for Windows User Guide 11
1.2.3WipingFileSlackSpace
Thisrelatestoanyregularfileslocatedonanyfilesystem.Free space to be wiped isfound inthe tail end of a file because disk space is usually allocated in 4 KB clusters. Most fileshave sizes of more or less than 4KB and thus have slack space at their end.
-
7/30/2019 KillDisk7
12/45
2SystemRequirements
ThischapteroutlinestheminimumrequirementsforPCsusingActive@KillDiskforWindows.
PersonalComputer
IBMPCcompatiblemachine
IntelPentiumorhigher
350 MbofRAM
Video: VGAresolution(800 x 600)or better
OperatingSystem:Windows XP orhigher
DriveStorageSystem
CD/DVD-ROMor Blu-Ray drive
USB2.0orUSB3.0 storagedevice (USB flashdiskor externalUSBdisk)
Removable media (memory stick,SD card, compact flash, floppydisk)
HardDiskDrivetypes: IDE,ATA,SSD,SATA, eSATAorSCSIwithcontrollers.AdditionaldriverscanbeloadedforRAIDsornon-standardcontrollersafterthesystemisbootedup.
OtherRequirementsAblankCD/DVD/BDdiscforburninganISOimage, or a USB flash cardtoprepare a bootable USBdisk.
2.1Active@KillDiskforWindowsVersion
Theperformance ofActive@KillDiskforWindowsdependsontheversion oftheapplication as displayedinthetablebelow.
Table 2-1 DifferencesbetweenFreeware andProfessional Versions
Feature FreewareVersion
ProfessionalVersion
Securelyoverwrites and destroys all data onphysical drive or logical partition
yes yes
Erases partitions, logical drives and unused disk yes yes
-
7/30/2019 KillDisk7
13/45
2 System Requirements
Active@ KillDisk for Windows User Guide 13
Feature FreewareVersion
ProfessionalVersion
space
Supports IDE / ATA / SATA / SSD / SCSI hard
diskdrives
yes yes
Supports parallelerasing/wiping:two or moreHDDs can be cleaned up simultaneously
yes yes
Supports fixed disks, floppies, zip drives, USBFlash Cards and USB/USB3 external devices
yes yes
Supports large-sized drives (more than 2 TB) yes yes
Supports CommandLine parameters yes yes
Supports BatchMode(canbe run without of
any user interaction)
yes
Operates from bootable CD/DVD/BD Disc or
USBdisk
yes yes
Erases withone-pass zeros yes yes
Erases withone-pass random characters yes
Eraseswith user-definednumberofpasses yes
US Department ofDefense 5220.22 M compliant yes
US Army AR380-19 compliant yes
US Air Force 5020 compliant yes
German VISTR compliant yes
Russian GOST p50739-95 compliant yes
Canadian OPS-II compliant yes
HMGIS5 Baseline/Enhanced compliant yes
Navso P-5329-26 (RL/MFM) compliant yes
NCSC-TG-025 & NSA130-2 compliant yes
Peter Gutmanns method compliant yes
Bruce Schneiers method compliant yes
Customizable security levels yes
-
7/30/2019 KillDisk7
14/45
2 System Requirements
14 Active@ KillDisk User Guide
Feature FreewareVersion
ProfessionalVersion
Supports erasing of all detected HDDs and USBs yes yes
Erasing report is created and can be saved infile
yes yes
Erasing report can be sent out by e-mail viaSMTP after erasing/wiping completed
yes
Displays detected drive and partitioninformation
yes yes
Scans NTFS/EFS, FAT/FAT32/exFAT, HFS+,
Ext2/Ext3/Ext4fs volumes and displays existingand deleted files and folders
yes yes
Data verification may be performed aftererasing is completed yes
DiskViewer allows you to preview any sectorsor file clusters on a drive
yes yes
Displays Erase/Wipe certificate for printing yes yes
Saves Erase/Wipe certificate to PDF file yes yes
PDF Certificate can be customized, technicianinfo and company logo canbe inserted
yes
Wipes out NTFS, FAT/exFAT, HFS+ volumesfrom areas containing deleted and unused data
yes yes
Wipes out free clusters (unused by file datasectors)
yes yes
Wipes out file slack space (unused bytes inthelast clusteroccupied by file)
yes yes
Wipes out deleted MFT records on NTFS andDirectory system records on FAT/exFAT
yes yes
Wipes out unused space in any MFT records
andcompressed clusters on NTFS
yes yes
-
7/30/2019 KillDisk7
15/45
3RunningActive@KillDisk
AfteryoudownloadActive@KillDisk,youwillreceiveaninstallationfilenamedKILLDISK-SETUP.EXE.Thisfilecontains everythingyouneedtoget
started.To installtheapplication,double-clickKILLDISK-SETUP.EXEandfollowtheinstructionsinthe installationwizard.
Theinstalledapplicationcontainstwomainapplications:
Active@KillDiskforWindows Runthisapplication from yourWindowsoperatingsystemtoscanlocaldrives.
Active@BootDiskCreator Create a bootableWindows PE CD/DVD/[email protected] Active@KillDiskthiswayallowsyoutowipeconfidentialdata from thesystemcachewhilegainingexclusiveuseofa partitionbecausetheoperating
systemrunsoutsidethepartitionthatyouaresecuring.
3.1Active@BootDiskCreator
Active@BootDiskCreatorhelpsyouprepareabootableCD,DVD,Blu-ray orUSB mass storagedevicethatyoumayusetostartamachineandrepairsecurityaccessissuesordestroyal ldataontheharddrives.
To prepare a bootabledeviceforWindows:
1. FromtheWindowsStartmenu,clickAllPrograms>Active@
KillDisk>BootableDiskCreator.TheActive@BootDiskCreatormainpageappears.
2. In theActive@BootDiskCreatormainpage,selectthedesiredbootablemedia: a CD/DVD/Blu-ray, a USBFlashDriveoran ISOImagefiletobeburnedlater.Ifseveralmediadrivesare inserted,clickthe e llipsisbutton () andchooseaparticulardevice.ClickNext.
3. ClickBootintoWindows.Atthis step youcanspecifyadditionaloptions:
a. To addyourcustomfilestothe bootablemedia,clickthe UsersFilestab.Addfilesorfoldersusingthe relatedbuttonsattheright
side.Addeditemswillbeplacedin theUser_Filesrootfolder.b. To addspecificdriverstobeloadedautomatically,clickthe Add
Driverstab.Addallfilesfortheparticulardriver(*.INF,*.SYS,).Addeditemswillbeplaced in theBootDisk_Driversrootfolder.Atboottimeal l*.INFfileslocatedinthisfolderwillbeinstalled.
c. To addspecificscriptstobelaunchedafterActive@BootDiskisloaded,clickthe AddScriptstab.Addyourscripts(*.CMDfiles).
-
7/30/2019 KillDisk7
16/45
3 Running Active@ KillDisk
16 Active@ KillDisk User Guide
Addedfileswillbeplacedin theBootDisk_Scriptsrootfolder.At
boottimeal l *.CMD fileslocatedin thisfolderwillbeexecuted.
To specifyadditionalbootoptions,clickthe BootSettingstab. You canchangethe defaultsettingstobeused:TimeZone, AdditionalLanguageSupport,NetworkSupportandAuto-startDelay. You
can also change these options in theActive@ Boot Disk initializationscreen while booting.ClickNext.Verifythe selected media, sizesandbootup environment.
ClickCreate.Aprogressbarappearswhilethemediaisbeingprepared.
Note:AUSBDriveorblankCD/DVD/BDmustbeinsertedandexplicitlychosenonthefirststepbeforeyoucanproceedfurther.
Note: Whenyouprepare a USBFlashDrivebootablemedia,itwillbereformatted andal ldataonthe mediawillbeerased.Youwill have the
choice ofcreating aNTFSora FAT32filesystemonthe media. WerecommendyoutouseFA32forsmaller volumes. UseNTFSforlargermediasizes sinceitsupportslargevolumes(>32GB)andfilesizes(>2GB).
Note: Ifyouvecreatedan ISOImagefile,youcanburnitto a disklateronusingeither ourfreeActive@ISOBurnerutility ( www.ntfs.com/iso-burning.htm) or a utilityof your choice.
http://www.ntfs.com/iso-burning.htmhttp://www.ntfs.com/iso-burning.htmhttp://www.ntfs.com/iso-burning.htm -
7/30/2019 KillDisk7
17/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 17
3.2Interactive,CommandLineandBatchModes
Active@ KillDiskforWindowscanbeusedtwoways:
Interactive Mode
CommandLineandBatchMode
3.2.1InteractiveMode
Thestepsforerasingdataandwipingdataaresimilar. Follow steps 1through10andthenclickthelinkto completeeithertheerasingprocessorthewipingprocess.
Ifyouarebooting from aCD/DVD-ROMdrive,checkthatthedrivehasbootpriority intheBIOSsettings ofyourcomputer.
Herearethestepsforinteractiveoperation:
1. StartActive@ KillDiskeither from a bootableCD/DVD, a USBdevice, ortheProgramsmenu.
TheLocalSystemDevicesscreenappears.
Figure 3-1 DetectedPhysical Devices
All system physicaldevicesandlogicalpartitionsaredisplayedin a list.
HarddrivedevicesarenumberedbythesystemBIOS.Asystemwith asingleharddriveshows as number0.Subsequentharddrivedevicesare
-
7/30/2019 KillDisk7
18/45
3 Running Active@ KillDisk
18 Active@ KillDisk User Guide
numberedconsecutively.Forexampletheseconddevicewillbeshownas FixedDisk1.
2. Select a deviceandreadthedetailedinformationaboutthedevicein therightpane.Belowthedevice,select a logicalpartition. The informationintherightpanechanges.
3. Be certainthatthedriveyouareselectingistheonethatyouwanttoerase or wipe. Ifyouchoosetoerase,al ldatawillbepermanentlyerasedwithnochanceforrecovery.
To previewthesectorson a physicaldiskoron a volume(logicaldisk),selectitandpressALT+P,orclickHexPreviewonthetoolbar. TheHex Previewpanelappears.
Figure 3-2 Data Viewer
4. To scrollupanddown, use thekeyboardnavigation arrow keys PAGEUP, PAGEDOWN,HOMEandEND, orusetherelatedbuttonsonthetoolbar.
5. Tojumptoaspecificsector,typethesectornumberin the SectorboxandpressENTERorclickGoonthetoolbar.
6. Whenyouaresatisfiedwiththeidentification ofthedevice,closetheHex Previewpanel (ALT+P).
7. To previewthefilesin a logicaldisk, selectthevolumeandpressENTERordouble-click it. KillDiskscans thedirectoriesforthepartition. TheFoldersandFilesscreenappears.
-
7/30/2019 KillDisk7
19/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 19
Figure 3-3 FilesPreview
8. PressTABtomovebetweenpanels orchoose a panelwiththemouse.
9. To selectaniteminthelist, use PAGEDOWN,PAGEUPortheupordownarrow keys orusethemouse.
10.To open a folder,double-clickthefolderorselectitandpressENTER.KillDiskscans thesystemrecordsforthisfolder. The filesinthefolderappearintherightpanel.Existingfilesandfoldersare markedbyyellow
iconsanddeletedfilesandfoldersare markedbygrayicons.Ifyouarewipingdatafromunoccupiedareas,thegray-coloredfile names areremovedafterthewipingprocesscompletes.You may usethe HexPreviewmodetoinspecttheworkdonebythewipingprocess.Afterwiping,thedatain these areasandtheplaces thesefileshold in therootrecordsorothersystemrecordsaregone.
3.2.1.1EraseDatafromaDevice
Whenyouselect a physicaldevice(forexample,FixedDisk0), theerasecommandprocessespartitionsnomatterwhatcondition they arein.
Everything isdestroyed.Ifyouwanttoerasedataonselectedlogical drives, followthestepsin 3.2.3Erase orWipe LogicalDrives(Partitions).
To erasethedata:
1. Be certainthatthedriveyouarepointingtoistheonethatyouwanttoerase.Alldatawillbepermanentlyerasedwithnochanceforrecovery.
-
7/30/2019 KillDisk7
20/45
3 Running Active@ KillDisk
20 Active@ KillDisk User Guide
2. Whenyouhaveselectedthedevicetoerase, selectthecheckboxforthisharddrive.You may selectmorethanonephysicaldiskfortheeraseaction. In thiscasethesediskswillbeerasedsimultaneously. Topermanentlyerasealldataontheselecteddisk(s), pressF10orclickKillonthetoolbar. TheKilldialog box appears.
Figure 3-4 Kill dialog box
3. Selectan erase methodfromthelist.Erasemethodsaredescribed in
Chapter5Erase/WipeParameters inthis guide.4. Setotherparametersforerasing. To specifylogandcertificatefile
location, e-mailnotifications, andothersettings, clickthe moreoptions linkat the bottom.The settings box will then appear.
Forinformationon these settings, seeChapter5inthisguide.
5. ClickStart.
IftheSkipDiskEraseConfirmationcheckboxisclear,theConfirmActiondialog box appears.
http://www.killdisk.com/http://www.killdisk.com/http://www.killdisk.com/ -
7/30/2019 KillDisk7
21/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 21
Figure 3-5 Confirm Action
6. Thisisthefinal step beforeremovingdata from theselecteddriveforever.TypeERASE-ALL-DATAinthetextboxandpressENTERorclickYES.TheProgressbarappears.
7. To stoptheprocessatanytime,clickthe Stopbuttonfortheparticulardisk. C lickthe StopAllbuttonattopleftcornertocancelerasingforal ldisks. Notethatdatathathasalreadybeenerasedwillnotberecoverable.
Figure 3-6 DiskErasingis in Progress
-
7/30/2019 KillDisk7
22/45
3 Running Active@ KillDisk
22 Active@ KillDisk User Guide
8. Thereisnothingmoretodountiltheend ofthediskerasing process.Theapplicationwilloperateonitsown.
Ifthereareanyerrors,forexampleduetobadclusters,theywillbereportedontheInteractivescreenandin thelog. Ifsuchamessageappears,youmaycanceltheoperation(clickAbort), oryoumaycontinueerasingdata(clickIgnoreorIgnoreAll).
NOTE: Because oftheBIOSrestrictions ofsomemanufacturers, a harddiskdevicethatislargerthan300MB must haveanMBR(MasterBootRecord)in sectorzero.Ifyouerasesectorzeroandfill itwith zeros orrandomcharacters,youmightfindthatyoucannotusetheharddriveaftererasingthedata.ItisforthisreasonKillDiskcreatesanemptypartitiontableandwrites a typical MBRin sectorzero(incase theInitializedisk(s)afterEraseoptionisselected).
3.2.1.2WipeDatafromaDevice
Whenyouselect a physicaldevicesuch asFixedDisk0, thewipecommandprocessesall logicaldrivesconsecutively,deletingdatain unoccupiedareas.Unallocatedspace(wherenopartitionexists)hasbeenerasedaswell. IfKillDiskdetects thatapartition has beendamagedorthatit isnotsafetoproceed,KillDiskdoesnotwipedatain thatarea.Thereason itdoesnotproceedisthatadamagedpartitionmightcontain importantdata.
Therearesomecaseswherepartitionson a devicecannotbewiped. Someexamples areanunknownorunsupportedfile system, a systemvolume, oranapplicationstartupdrive. Inthesecases theWipebuttonisdisabled. If
youselect a deviceandtheWipebuttonis disabled,selectindividualpartitions(drives)andwipe them separately.
Ifyouwanttoerasedatafromtheharddrivedevicepermanently,see3.2.1.1Erase Data.
Ifyouwanttowipedatainunoccupied areas onselectedlogical drives,followthe steps in 3.2.3EraseorWipe LogicalDrives(Partitions).
To wipedeleteddatafromadevice:
1. To chooseadevicetowipe,selectthecheckboxnexttothedevicename.You may selectmultipledevices.Inthiscasethesediskswillbe
wipedoutsimultaneously
2. To wipeoutal ldatainunoccupied sectors ontheselectedpartitions,pressF9orclickthe Wipetoolbarbutton. The WipeFreeDiskSpacedialog box appears.
-
7/30/2019 KillDisk7
23/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 23
Figure 3-7 Wipe FreeDiskSpace
3. To select a wipe type, choose a methodfromtheWipeMethodlist.WipemethodsaredescribedinChapter5Erase/WipeParametersinthisguide.
4. Youmaychangeparametersinthisdialog box, orclickthe moreoptionsl inkat bottomtoreviewandchangeotheroptions. For
informationon these parameters,seeChapter5Erase/WipeParametersinthisguide.
5. To advancetothefinal step beforeerasing data, clickStart. IftheSkipConfirmationcheckboxisclear,theConfirmActiondialog boxappears.
-
7/30/2019 KillDisk7
24/45
3 Running Active@ KillDisk
24 Active@ KillDisk User Guide
Figure 3-8 Confirm Action
6. Thisisthefinal step beforewipingdataresidue from unoccupiedspaceontheselecteddrive.
To confirmthewipeaction,clickYes. The progressofthewipingprocedurewillbemonitoredintheDiskWipingscreen.
7. To stoptheprocessforanyreason,clickthe Stopbuttonforaparticulardisk. C lickthe StopAllbuttonatthe topleftcornertocancelwipingforal lselecteddisks. Notethatal lexistingapplicationsanddatawillnotbetouched.Datathathasbeenwiped from unoccupiedsectorsisnotrecoverable.
8. Thereisnothingmoretodountiltheend ofthediskwiping process. Theapplicationoperatesonitsown.
Ifthereareanyerrors,forexampleduetobadclusters,theywillbereportedontheInteractivescreenandin theLog. Ifsuchamessageappears,youmaycanceltheoperationorcontinuewiping data.
9. AfterthewipingprocessiscompletedselectthewipedpartitionandpressENTERordouble-click itto inspect the work that has been done.
KillDiskscans thesystemrecordsortherootrecordsofthepartition.TheFoldersandFilestabappears.
Existingfilenamesandfoldernamesappearwith a multi-colored iconanddeletedfile names andfoldernamesappearwith a gray-coloredicon. Ifthewipingprocesscompletedcorrectly,thedataresiduein thesedeletedfileclustersandtheplacethesefileshold inthedirectoryrecordsorsystemrecordshasbeenremoved. Youshouldnot see anygray-coloredfilenamesorfoldernamesinthewipedpartition.
-
7/30/2019 KillDisk7
25/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 25
3.2.2CommandLineandBatchMode
KillDiskcanbeexecutedwith some settingspre-definedwhenstartedfromacommandpromptwith specific commandlineparameters.
KillDiskcanbealsolaunchedinfullyautomatedmode(batch mode)whichrequiresnouserinteraction.
KillDiskexecutionbehaviordependsoneither commandlineparameters(highestpriority),settingsconfigured in interactivemodeandstoredin theKILLDISK.INIfile(lowerpriority), or defaultvalues(lowestpriority).
3.2.2.1Command Line Mode
To runActive@KillDisk in commandlinemode, open a commandpromptscreen.
Atthecommandprompt,startActive@KillDiskforWindows by typing:
> KILLDISK.EXE -?
Alist ofparametersappears. You canfind explanations ofthem inthetablebelow.
Table 3-2 Command Line Parameters
Parameter Short Default Options
no parameter Withnoparameter,theInteractivescreens will appear.
-erasemethod=[0 - 17] -em= 2 0 - One pass zeros (quick, low security)
1 - One pass random (quick, lowsecurity)
2 - US DoD 5220.22-M (slow, highsecurity)
3 - US DoD 5220.22-M (ECE) (slow,highsecurity)
4 - Canadian OPS-II (slow, highsecurity)
5 - HMG IS5Baseline (slow, high
security)
6 - HMG IS5 Enhanced (slow, highsecurity)
7 - Russian GOST p50739-95 (slow,high security)
8 - US Army AR380-19 (slow, highsecurity)
-
7/30/2019 KillDisk7
26/45
3 Running Active@ KillDisk
26 Active@ KillDisk User Guide
Parameter Short Default Options
9 - US Air Force 5020 (slow, highsecurity)
10 - Navso P-5329-26 (RL) (slow, highsecurity)
11 - Navso P-5329-26 (MFM) (slow,highsecurity)
12 - NCSC-TG-025 (slow, high security)
13 - NSA130-2 (slow, high security)
14 - German VSITR (slow, highsecurity)
15 - Bruce Schneier (slow, highsecurity)
16 - Gutmann (very slow, highest
security)
17 - User Defined Method. Number ofPasses and Overwrite Pattern suppliedseparately.
-passes=[1 - 99] -p= 3 Numberoftimesthewriteheadswillpass over a disk area to overwrite data
with User Defined Pattern. Valid forUser Defined Method only.
-verification=[1 - 100] -v= 10 Set the amount of area the utility reads
toverify that the actionsperformed by
thewriteheadcomplywiththechosenerase method (reading 10% of the areaby default).
Verification is a longprocess.Setthe
verification tothe level that works foryou better.
-retryattempts=[1 - 99] -ra= 2 Set the number oftimes that the utility
will tryto rewrite in the sector when thedrive write head encounters an error.
-erasehdd=[80h - 8Fh] -eh= Number in BIOS ofthe hard drive tobeerased.
-eraseallhdds -ea Erase all hard disk drives.
-ignoreerrors -ie Do not stop erasing each time a disk
error is encountered. When you use this
parameter, all errors are ignored andjust placed to the application log.
-
7/30/2019 KillDisk7
27/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 27
Parameter Short Default Options
-clearlog -cl Use this parameter to clear the log filebefore recording new activity. When a
drive is erased, a log file is kept. Bydefault, new data is appended to this
log for each erasing process. By default
the log file is stored inthe same folderwhere the software is located.
-logpath=[fullpath] -lp= Pathto save application log file. Can be
eitherdirectoryname or fullfilename.
Use quotes iffull path contains spaces.
-certpath=[fullpath] -cp= Pathto save erase/wipe certificate. Canbe either directory name or full file
name. Use quotes if full path containsspaces.
-inipath=[fullpath] -ip= Pathtothe configuration file(KILLDISK.INI) for loading theadvanced settings. See table below.
-noconfirmation -nc Skip confirmation steps before erasing
starts. By default, confirmation stepswill appear in command line mode for
each hard drive as follows:
Are you sure?
-beep -bp Beep after erasing is complete.
-wipeallhdds -wa Wipe all hard drives.
-wipehdd = [80h-8Fh] -wh= Number in BIOS ofthe hard drive tobewiped out. First disk has number 80h.
-test Ifyou are having difficulty with Active@
KillDisk for Windows, use thisparameter to create a hardware
information file to be sent to ourtechnical support specialists.
-batchmode -bm Execute in batch mode basedon
command line parameters and INI filesettings (no user interaction).
-userpattern=[fullpath]
-u File to get user-defined pattern from.Applied to User Defined erase method.
-shutdown -sd Save log file and shutdown PC aftercompletion.
-
7/30/2019 KillDisk7
28/45
3 Running Active@ KillDisk
28 Active@ KillDisk User Guide
Parameter Short Default Options
-help or -? Displaythis list of parameters.
Note: Parameters-testand-help mustbeusedalone. They cannotbeusedwithotherparameters.
Note: Commandserasehdd,-eraseallhdds,-wipehddand -wipeallhddscannotbecombined.
Typethecommandandparametersintothe commandprompt consolescreenattheprompt.Hereisanexample:
> killdisk.exe -eh=80h -bm
In theexampleabove,dataondevice80hwillbeerasedusingthedefault
method (USDoD5220.22-M) withoutconfirmationandreturningtothecommandpromptscreen whencomplete.
Hereisanotherexample:
> killdisk.exe -eh=80h -nc -em=2
In thisexample,alldataonthe device80hwill be erased usingUSDoD5220.22-M methodwithout confirmationandshowing a report at theend oftheprocess.
Afteryouhave typedKILLDISK.EXEandadded commandlineparameters,
press ENTERtocomplete thecommandandstarttheprocess.Informationonhowdriveshavebeenerasedisdisplayedonthescreenwhen the operation has completed successfully. KillDiskexecutionbehaviordependsoneither commandlineparameters(highestpriority),settingsconfiguredin interactivemodeandstoredinthe KILLDISK.INIfile(lowerpriority), or defaultvalues(lowestpriority).
3.2.2.2 BatchMode
Thisfeatureisintendedforadvancedusers.
Batchmodeallows KillDiskto be executedin fullyautomatedmodewithoutany userinteraction.All events anderrors(ifany)willbeplacedinthe logfile.Thisallows systemadministratorsandtechnicianstoautomateerase/wipe tasks bycreatingscripts(*.CMD,*.BATfiles)for differentscenarios thatcanbeexecutedlateronin differentenvironments.
-
7/30/2019 KillDisk7
29/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 29
To startKillDisk inbatch mode,addthebm(or-batchmode) commandlineparametertothe otherparametersandexecuteKillDiskeither from thecommandpromptorbyrunning a script.
Hereisanexample ofbatch modeexecutionwiththewipecommand:
> killdisk.exe -wa -bm -em=16
Thiswill, usingGutman'smethodandreturningtothe commandpromptwhencomplete, wipe all deleted data and unused clusters on all attachedphysical disks without any confirmations
3.2.2.3ApplicationsettingsstoredinKILLDISK.INIfile
WhenyoustartKillDisk,changeitssettings(erasemethod,certificateoptions, etc) andclosetheapplication,al lcurrentsettingsare savedtotheKILLDISK.INI file in thelocation ofthe KillDiskexecutable. Thesesettingswillbeusedasdefaultvalues the next time KillDisk is run.
KILLDISK.INIisastandardtextfile possessingsections,parameternamesandvalues.AllKillDisksettingsarestoredinthe [General]section.
Forparameterstoragethesyntaxbeingusedis:
Parameter=value
Hereisanexample ofan INIfile:[General]
logging=0
showCert=true
saveCert=false
initDevice=true
clearLog=false
ignoreErrors=false
skipConfirmation=true
retryAtt=2
certPath=C:\\ProgramFiles\\LSoftTechnologies\\ActiveKillDisk\\
logPath=C:\\ProgramFiles\\LSoftTechnologies\\ActiveKillDisk\\
logName=killdisk.log
WhenKillDisk isrunning in interactivemode, all these parameters can beconfigured from a settingsdialogaccessed by clickingthe Settingstoolbarbutton. They also can be changedmanually by editingthe KILLDISK.INIfilein any texteditor such asNotepad.
Hereisan explanation ofal lsettings:
-
7/30/2019 KillDisk7
30/45
3 Running Active@ KillDisk
30 Active@ KillDisk User Guide
Table 3-3 KillDisksettings inINI file
Parameter Default Options
showCert= true true/falseoptionofdisplaying theErase/Wipe Certificate for printing aftercompletion
saveCert= false true/false option ofsaving theErase/Wipe Certificate after completion
certPath= Full path to the location where
Erase/Wipe Certificate will be saved.This is a directory name
logPath= Full path to the location where log filewill be saved. This is a directory name
logName= Nameofthe log file whereeventlogwill be saved to
skipConfirmation= false true/false whether to display or skipErase/Wipe confirmation dialog, or not
ignoreErrors= false true/false whether to display diskwriting errors (bad sectors), or ignorethem (just place them tothe log file)
clearLog= false true/false whether to truncate log file
content before writing new sessions, ornot (append to existing content)
initDevice= true true/falsewhether to initializedisksafter erasing complete, or not
shutDown= false true/false whether to shutdown PCafter Erase/Wipe execution complete, ornot
sendSMTP= false true/false to send e-mail report by e-mail via SMTP
useDefaultAccount= true true/false use pre-defined Free SMTPaccount for sending e-mail reports
fromSMTP= E-mail address youll get a report from,forexample:[email protected]
toSMTP= E-mail address the report will be sent to
nameSMTP= SMTP server (relay service) being used
for sending e-mail reports, for example:www.smtp-server.com
-
7/30/2019 KillDisk7
31/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 31
Parameter Default Options
portSMTP= 25 TCP/IP port SMTP service will be
connectedon. The standard SMTP port
is 25, however some internet providersblockiton a firewall
authorizeSMTP= false true/false use SMTP authorization forsending e-mail reports (Username andPassword must be defined as well)
usernameSMTP= IncaseifSMTPservicerequiresauthorization, this is SMTP Username
passwordSMTP= In case ifSMTP service requiresauthorization, this is SMTP Password
showLogo= false true/false whether to display custom
Logo(image)on a Certificate,ornot
logoFile= Full path to the file location where Logoimage is stored
clientName= ClientName - custom text to bedisplayed on a Certificate
technicianName= Technician Name - custom texttobedisplayed on a Certificate
companyName= Company Name - custom text to bedisplayed on a Certificate
companyAddress= Company Address - custom textto bedisplayed on a Certificate
companyPhone= Company Phone - custom textto bedisplayed on a Certificate
logComments= AnyComments - customtexttobedisplayed on a Certificate
killMethod= 2 [0-17] Erase method to use fordisk/volume erasing. See tableofErase
Methods available. DoD 5220.22-M by
default
killVerification= true true/false whether to use dataverification after erase, or not
killVerificationPercent= 10 [1-100] verification percent, in case ifdataverification is used
killUserPattern= ASCII texttobe used for User Defined
-
7/30/2019 KillDisk7
32/45
3 Running Active@ KillDisk
32 Active@ KillDisk User Guide
Parameter Default Options
erase method as a custom pattern
killUserPasses= [1-99] number of overwrites to beused for User Defined erase method
wipeMethod= 2 [0-17] Wipe method to use forvolume wiping.SeetableofErase
Methods available. DoD 5220.22-M bydefault
wipeVerification= true true/false whether to use dataverification after wipe, or not
wipeVerificationPercent= 10 [1-100]verificationpercent,incaseifdata verification is used
wipeUserPattern= ASCII texttobe used for User Defined
wipe method as a custom pattern
wipeUserPasses= [1-99] number ofoverwrites to beused for User Defined wipe method
wipeUnusedCluster= True true/false whether to wipe out allunused clusters on a volume, or not
wipeUnusedBlocks= False true/false whether to wipe out allunusedblocks in systemrecords, or not
wipeFileSlackSpace= False true/false whether to wipe out all fileslackspace (in last file cluster), or not
Youcanfinda more detailed explanation of each parameter inChapter5-Erase/Wipeparameters.
WhenyoustartKillDiskwithor without commandlineparameters,itsexecutionbehaviordependsoneither commandlinesettings (highestpriority),settingsconfiguredin interactivemodeandstoredintheKILLDISK.INIfile(lowerpriority), or defaultvalues(lowestpriority).
Defaultvaluemeansthatif theKILLDISK.INIfile isabsent,orexistsbutcontainsnorequiredparameter,thepre-defined(default)valuewillbe used.
3.2.3Erase or WipeLogicalDrives(Partitions)
In al lpreviousexamplesinthischapter,theprocesshaserasedorwipeddatafromaphysicaldrive.Using a similarmethod,youcaneraseorwipelogicaldisksandpartitions.This includesdamagedUnallocatedareaswherepartitionsusedtoexistandareasnotvisibletothecurrentoperatingsystem.
-
7/30/2019 KillDisk7
33/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 33
The Wipe button is disabled when partitions cannot be wiped because of
issues such as an unknown or unsupported file system.KillDiskmust lockthepartitionbefore performing a Wipe or Erase action. A partition cannot belocked if it is in use by another user or application. In thiscase a dialog boxappearswith informationthatthediskisbeingusedandyouneedto eitherskip it,orforcevolumedismount. Ifyouskip it,thewipeoreraseoperation iscanceledforthisdrive.Ifyouselectforcedismount,somedatainthedrivescachemaybelost.This could affect other applicationsworking with the same volume. If, for example, you made changes to aWord document located on D: and haven't saved the file, a subsequent"forced dismount" for D: would likely result in the loss of the changes. Thefile's original version should be unaffected.
3.2.3.1EraseDatafromaLogicalDrive
To erasedata from a logicaldrive:1. StartActive@KillDiskfrom a bootabledeviceor from thePrograms
menu.
2. TheLocalSystemDevicesscreenappears.
All system harddrivesandremovabledrivesaredisplayedin theleftpane. Systeminformation isdisplayedintherightpane.
Figure 3-9 Local System Devices andVolumes
3. Selectthecheckboxofalogicaldisk/volumeortheUnallocatedarea.
-
7/30/2019 KillDisk7
34/45
3 Running Active@ KillDisk
34 Active@ KillDisk User Guide
4. PressF10orclickKill.TheKilldialog box appears.
5. Setthe erasemethodandotherparametersforerasing.Forinformationontheseparameters,seeChapter5Erase/WipeParametersinthisguide.
6. Complete the process as you would for other devices.
3.2.3.2WipeDatafromaLogicalDrive
To wipedata from a logicaldrive:
1. StartActive@ KillDiskfrom a bootabledeviceor from theProgramsmenu.
2. TheLocalSystemDevicesscreenappears.
All system harddrivesandremovabledriveswillbedisplayedin theleftpanealongwiththeirsysteminformation in therightpane.
3. Selectthecheckboxofalogicaldisk/volumeortheUnallocatedspace.
4. PressF9orclickWipetowipedatafromunoccupiedareas.TheWipeFreeDiskSpacedialogboxappears.
5. Select a wipemethodandsetotherparametersforwiping.Forinformationon these parameters,seeChapter5Erase/WipeParametersinthisguide.
6. Completetheprocess as you wouldforother devices.
3.3Completed EraseorWipeOperationInformationAfteran operation iscompletedsuccessfully,informationonhowdriveshavebeenerasedorwiped isdisplayedin theEventLog at bottom ofthescreen.The textcanbesavedin a logfileand as a certificatethatcanbeprintedorsavedasa PDFfilefor future printing.
Anexample ofanerasesessionsavedin a Logfileisdisplayedbelow.
2012-10-1011:12:[email protected],Kernel2.10.10---------------------------------------EraseSessionBegin------------------------------
2012-10-1011:13:[email protected]
Erasemethod:USDoD5220.22-M(3passes,verify)Passes:3[Verification10%]EraseWDCWD1600YD-01NVB1FixedDisk(81h)(SerialNumber:WD-WMANM1702217)-153GBStarted:2012-10-1011:13:59
Pass1 - OK(0x0000000000000000)
Pass2 - OK(0xFFFFFFFFFFFFFFFF)Pass3 - OK(Random)
VerificationpassedOKFinished2012-10-1013:54:19
2012-10-1013:54:28Timetaken:02:40:212012-10-1013:54:28Erasingcompletedfor1device
---------------------------------------EraseSessionEnd-------------------------------
2012-10-1013:54:28Rescannedhardware
-
7/30/2019 KillDisk7
35/45
3 Running Active@ KillDisk
Active@ KillDisk for Windows User Guide 35
A summary of errors is presented in this report if the process encounterederrors from, for example, bad clusters.
Details ofthisreportaresavedbydefaultto a logfile locatedinthefolderfrom [email protected] locationcanbechangedin Settings.
Example ofan EraseCertificatethatcanbeprintedorsavedas a PDF:
-
7/30/2019 KillDisk7
36/45
4CommonQuestions
4.1 Howdoesthelicensingwork?
Thesoftwareislicensedon a perCD/DVDorUSBmediastoragedevice
basis.Eachlicenseallowsyoutousetheprogram from a separateCD/DVDorUSBdevice. Forexample, ifyouwanttousetheprogramtowipefivecomputersconcurrently,youwouldneedfiveCDsorDVDsorUSBdevices(orcombination ofthethreenotexceeding five), andthereforeneed a five-userlicense.
4.2 Howisthedataerased?
Active@KillDiskcommunicateswiththesystemhardwaredevicedirectly.The Free version erasesdatabyoverwritingalladdressable locationsonthedrivewith zeros.Active@KillDiskProfessionalversionsuggestsseveral
methodsfordatadestruction.Forexample,in USDoD5220.22-Mmethoditoverwritesal laddressablestorageandindexing locationsonthedrivethreetimeswith zeros (0x00),complement(0xFF),andrandomcharacters. It thenverifiesal lwritingprocedures.ThiscomplieswiththeUSDoD5220.22-Msecuritystandard.
4.3 WhatisthedifferencebetweentheSiteandEnterpriselicense?
SiteLicensemeansanunlimitedusage oftheprogramin onephysicallocation;EnterpriseLicense-in any companyslocations.
4.4 WhichoperatingsystemsaresupportedbyActive@KillDisk?
Active@KillDiskforWindowscan be launchedand workunder Windows XP,WindowsVista, Windows 7, Windows 8, Windows 2003,and 2008 Server.Active@ KillDisk for Windows can be also launched fromapre-installedonmediastoragedeviceoperatingsystem(WinPE).Asitcanbeinstalledeasilyonto a bootableCD/DVDorUSBcard, itdoesnot matter whichoperatingsystemisinstalledonthemachines harddrive.IfyoucanbootfromthebootCD/DVD/USB, youcandetectanderaseanydrivesindependent oftheinstalledoperating system.This way you can easily erase UNIX, Linux andMacOS X partitions and disks.
4.5 IsActive@KillDiskforWindowscompatiblewithMacintoshcomputers?
YoucannotrunActive@KillDisk intheold Mac OS environment(basedonPowerPCarchitecture). However,themostrecentApplecomputers(iMacrunning MacOS X)arebasedontheIntelarchitecture. In this case, itis
http://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htmhttp://www.killdisk.com/dod.htm -
7/30/2019 KillDisk7
37/45
4 Common Questions
Active@ KillDisk for Windows User Guide 37
possibletobootfromActive@BootDiskusing a CD, DVDorUSBdevice. Todoso,holdtheOptionkeydownwhenstartingthecomputer.
4.6 WillIbeabletousemyHardDiskDriveafterActive@KillDiskerase
operation?Yes. To beabletousethe HDDagainyouneedto:
Repartitiontheharddriveusing a standardutility likeFDISK.
Reformatpartitionsusing a standardutilitylikeFORMAT.
ReinstalltheOperatingSystem using a bootableCD/DVD-ROM.
4.7 IcannotbootfromtheCD/DVD.WhatshouldIdonext?
Yourcomputermayhave bootpriorityforHardDiskDrives,oranotherdevicesethigherthanbootpriorityforCD/DVDdevice.
Parametersthataresetin low-levelsetuparewrittentothemachine'sBIOS.
To changethebootpriority:
1. Openthelow-levelsetuputility,usually by pressingF1,F2, F10orESConthekeyboardduringstartup.
2. UsethearrowkeystolocatethesectionaboutBootdevicepriority.Thissectionwillallowyoutosetthesearchorderfortypesofbootdevices.Whenthescreenopens, a list ofbootdevicesappears.Typicaldevicesonthislistwillbeharddrives,CDorDVDdevices,floppydrivesandnetworkbootoption.
3. IftheCDorDVDdevice hasbeendisabled,enableit(providedyouhavea deviceinstalled). The priorityshould indicatethattheCD/DVDdeviceisthenumberonedevicetheBIOSconsultswhensearchingforbootinstructions.IftheCD/DVDdeviceis at thetopofthelistthatisusuallytheindicator.
4. Saveandexitthesetuputility.
-
7/30/2019 KillDisk7
38/45
5Erase/WipeParametersandApplicationSettings
Whetheryouchoosetoerasedatafromthedriveortowipedatafromunoccupieddrivespace,themethodsofoverwriting these spacesarethesame.
5.1Erase/WipeMethods
OnePassZerosorOnePassRandom
Whenusing One PassZerosorOnePassRandom,thenumberofpassesisfixedandcannotbechanged.
Whenthewriteheadpassesthrough a sector,itwritesonlyzerosoraseriesofrandomcharacters.
UserDefined
Youindicatethenumberoftimesthewriteheadpassesovereachsector.Eachoverwriting pass isperformedwith a buffercontainingthe patternyouspecified(ASCIIstring).
USDoD5220.22-M
Thewriteheadpassesovereachsectorthree times.Thefirsttimeis withzeros (0x00),the secondtimewith0xFF, andthethird time withrandomcharacters.Thereisonefinal pass toverifyrandomcharactersbyreading.
US DoD 5220.22-M (ECE)
Thewriteheadpassesovereachsectorseventimes (0x00,0xFF,Random,0x96,0x00,0xFF,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.
CanadianOPS-II
Thewriteheadpassesovereachsectorseventimes(0x00,0xFF,0x00,0xFF, 0x00,0xFF,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.
GermanVSITR
Thewriteheadpassesovereachsectorseventimes(0x00,0xFF,0x00,
0xFF, 0x00,0xFF,0xAA).Thereisonefinal pass toverifyrandomcharactersby reading.
RussianGOSTp50739-95
Thewriteheadpassesovereachsectortwotimes(0x00,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.
-
7/30/2019 KillDisk7
39/45
5 Erase/Wipe Parameters and Application Settings
Active@ KillDisk for Windows User Guide 39
USArmyAR380-19
Thewriteheadpassesovereachsectorthreetimes.Thefirsttimewith0xFF, the secondtimewith zeros (0x00), andthethird time with randomcharacters. Thereisonefinal pass toverifyrandomcharactersbyreading.
USAirForce5020Thewriteheadpassesovereachsectorthreetimes.Thefirsttimewithrandomcharacters,the secondtimewith zeros (0x00),andthethird timewith 0xFF. Thereisonefinal pass toverifyrandomcharactersbyreading.
HMG IS5(BaselineandEnhanced)
Baselinemethodoverwritesdiskssurfacewithjustzeros(0x00).
Enhancedmethod-thewriteheadpassesovereachsectorthreetimes.Thefirst time with zeros (0x00),the secondtimewith0xFF, andthethird timewithrandomcharacters.
Thereisonefinal pass toverifyrandomcharactersbyreading.
NavsoP-5329-26(RLandMFM)
RLmethod-thewriteheadpassesovereachsectorthreetimes (0x01,0x27FFFFFF,Random).
MFM method-the writeheadpassesovereachsectorthreetimes (0x01,0x7FFFFFFF, Random).
Thereisonefinal pass toverifyrandomcharactersbyreading.
NCSC-TG-025
The writeheadpassesovereachsectorthreetimes (0x00,0xFF, Random).Thereisonefinal pass toverifyrandomcharactersbyreading.
NSA130-2
The writeheadpassesovereachsectortwotimes (Random,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.
BruceSchneier
Thewriteheadpassesovereach sectorseventimes(0xFF,0x00,Random,
Random,Random,Random,Random).Thereisonefinal pass toverifyrandomcharactersbyreading.
Gutmann
Thewriteheadpassesovereachsector35times.Fordetailsaboutthis,themostsecuredataclearingstandard, youcanreadtheoriginalarticle at thelinkbelow:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
-
7/30/2019 KillDisk7
40/45
5 Erase/Wipe Parameters and Application Settings
40 Active@ KillDisk User Guide
5.2Erase/WipeOptions
In additiontothe erasemethod,youcan specifymoreoptionsforerasing/wiping.
VerificationAftererasing iscompleteyoucandirectthesoftwaretoperformverificationofthesurfaceonthedrivetobesurethatthelastoverwriting pass wasperformedproperlyanddataresidingonthedrive matchesthedatawrittenby theerasingprocess.
Becauseverification is a long process, you may specifyapercentageofthesurfacetobeverified. You may alsoturntheverification offcompletely.
WipeoutDeleted/Unuseddata
Thisparameterappearsonlywhenyouarewipingdatafromunusedspaceontheharddrive.Thewipingprocessclearsdataresiduefromunoccupied
spaceontheharddriveanddoesnotaffectinstalledapplicationsorexistingdata.Thisprocesscontainsthreeoptions:
Wipeunusedclusters
Wipeunusedspacein MFT/Rootarea
Wipeslackspace in fileclusters
Youmaychoosetorunonlyoneortwo oftheseoptionsinordertomaketheprocesscompletemorequickly.Ifyouwant a thoroughwiping ofunusedspace,thenincludeall oftheoptions.
5.3GeneralSettings
Generalparametersallowyoutoturnfeaturesonorofforchangedefaultsettingswhenyouareerasingorwipingdata from unoccupied space. Youcan alsochangethe look and feel of the applicationand its loggingoptions.To viewandchangesettings,pressthe F2key,orclickthe Settingstoolbarbutton.
Read/WriteRetryAttempts
Ifanerrorsuch as physical damage on the drive surfaceisencountered
whilewritingdatato the drive,Active@KillDisktriestoperformthewriteoperationagain. You canspecifythe numberofretriestobeperformed.Sometimes,ifthedrivesurfaceisnotcompletelydestroyed, adamagedsectorcanbeoverwrittenafterseveralretries.
IgnoreDiskWriteErrors(badsectors)
Ifthisoption isturnedon,errormessageswillnotbedisplayedwhiledataerasingorverification isinprogress. All information about errors is written to
-
7/30/2019 KillDisk7
41/45
5 Erase/Wipe Parameters and Application Settings
Active@ KillDisk for Windows User Guide 41
the KILLDISK.LOG file. ThesemessagesaredisplayedinthefinalErasingreportafter the process is complete.
ClearLog FilebeforeStart
Ifthisoption isturnedon,the KILLDISK.LOGlogfilewillbetruncatedbefore
erasingstarts.Aftererasingiscompleted,thelogfilewillcontain informationonlyaboutthelastsession.
Ifthisoption isturnedoff,the KILLDISK.LOGlogfilewillnotbetruncatedandinformationaboutthelasterasingsessionisappendedtotheend ofthefile.
SkipDiskEraseConfirmation
Theconfirmationscreenisthefinal step beforeerasing data. In thisscreen,youtypeERASE-ALL-DATAtoconfirmwhatisabouttohappen.IfSkipConfirmation isturnedon,thisfinalsafetyrequestdoesnotappear.Thisoption istypicallyusedwithcaution by advancedusersinordertospeedup
theprocess.ItissafertorunKillDiskwiththe default state of Skip DiskErase Confirmation selected.Youmaywanttousethis as a safetybuffertoensurethatdatafromthecorrectdrivelocation isgoingtobeerasedcompletelywithnopossibility offuturedatarecovery.
SaveLog&ShutdownPCaftercompletion
Erasing can take many hours.You can leave work with KillDisk running and setto turn the computer off when erasing is completed. A log file is saved andcan be reviewed later on.
EventLogging
By defaultKillDiskdoesaMinimal logging. Information is placed intheEvent
LogviewandsavedtotheKILLDISK.LOGlogfile. Ifmoredetailedinformation isrequiredorexecutionerrorsoccur,youcanspecifytheDetailed loggingoption. Theproblemcan then be moreeffectively analyzed.
ApplicationStyle
By defaultKillDiskhas beenlaunchedin aDarkcolor scheme. Ifyouareuncomfortablewith it,changetheApplicationStyletoLightmode.Anapplicationre-startisrequiredwhenyouchangetheApplication Style.
IncludeLogo/TechnicianinfointoCertificate
Aftererasing/wiping, KillDiskcanproduce a certificatePDFfilethatcanbe
printed lateron. This certificatecaninclude custom attributes,such ascompany logo(graphics)and companyinfo(text).Youcanconfigure theseparametersinthe Logo/Technician Info tab. Turn onthisoptiontoincludeal lsuppliedparametersintheCertificate.
Thisoption isavailableonly inthe Professionalversion.
-
7/30/2019 KillDisk7
42/45
5 Erase/Wipe Parameters and Application Settings
42 Active@ KillDisk User Guide
Send e-mailNotification
Aftererasing/wiping is complete, KillDiskcandelivertheoutputreport (contents ofthelogfile)toyour e-mail mailbox.Youcanconfiguresendingparametersonthe SMTPtab.Turnonthisoptiontosendoutareportaftersuccessfuljobcompletionor iferrorsoccur.
Thisoption isavailable inonly in the Professionalversion.
5.4CertificateandLogFileSettings
Thesesettingsallowconfiguration of thestorageanddisplayparametersforthe certificateand log file.
Certificateoptions
Theseparametersallowdisplayof the erase\wipecertificateandsetting ofits storage location as a PDF file for future printing.
Log file optionsTheseparametersallownaming the log file and setting its storage location.
5.5LogoandTechnicianInfoSettings
Thesesettingsallowembedding custom information intothestandardPDFcertificateforprinting.
Theseoptionscanbeconfigured in the Freeversion,but are useableonlyintheProfessionalversion.
LogoYoucanselecta companylogo from agraphicsfile (*.BMP, *.JPG,*.PNG).The image sizemustbe450by200pixelstobeprintedproperly.Thecompany logowillbeplaced at thetop ofthe certificateandwillbeembeddedinto a PDFfilethatyoucanprint lateron.
TechnicianInformation
Youcanspecifyal lorsome ofthefields beingdisplayedona certificateandembeddedinto a PDFfile:
ClientName
TechnicianName
CompanyName
CompanyAddress
CompanyPhone
Comments
-
7/30/2019 KillDisk7
43/45
5 Erase/Wipe Parameters and Application Settings
Active@ KillDisk for Windows User Guide 43
5.5SMTPSettings
Thesesettingsallowconfiguringmailersettingsfordeliveringerasing/wipingreportstoyourmailbox.SimpleMailTransportProtocol(SMTP)isresponsiblefortransmitting e-mail messages andneedstobeconfiguredproperly.
Theseoptionscanbeconfigured in the Freeversion,but are useable only inthe Professional version.
AccountType
KillDiskoffers youa free SMTPaccountlocatedon www.smtp-server.comthatcanbeusedforsendingoutreports.Bydefaultal lrequiredparametersarepre-filledandconfiguredproperly. Theonlyfieldyouneedtotypein isthe e-mailaddress wherereportswillbesentto. Ifyourcorporatepolicydoesnotallowusingservicesotherthanits own, youneedtoswitchthisoptionto CustomAccountandconfigureallsettingsmanually. Askyoursystem/networkadministratortogettheseparameters.
To
Typethe e-mail address whereerasing/wipingreportswillbesentto.
From
Typethe e-mailaddress whichyouexpectthesereportstocomefrom.
SMTPServer
KillDiskoffers youthe use of smtp-server.comfor a free SMTP account.Thisaccountis pre-configuredforKillDiskusers.Askyoursystem/networkadministratortogetthe SMTPservername to be used in the Custom
Account.
SMTPPort
ForthefreeSMTPaccount,KillDiskallowsyouto use smtp-server.comonport 80. Thisis a standardWWWportbeingusedbyal lwebbrowserstoaccessthe internet.Thisportmostlikelywillbekeptopenon a corporateorhomenetwork.Otherportscanbefiltered by andclosedon a networkfirewall.Forthe Custom account,askyoursystem/networkadministratortoset properSMTPportfortherelatedSMTPserver.
SMTPServerrequestsauthorizationTo avoidspamandothersecurityissues,someSMTPserversrequireeachusertobeauthorizedbeforeallowsending e-mails. In thiscasea properusernameandpasswordarerequired.Askyoursystem/networkadministratortogetproperconfigurationsettings.
http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/http://www.smtp-server.com/ -
7/30/2019 KillDisk7
44/45
6Glossary ofTerms
BIOSsettings
BasicInputOutputSubsystem.Thisprogrammablechipcontrolshowinformation is passedtovariousdevicesinthecomputersystem.AtypicalmethodtoaccesstheBIOSsettingsscreenistopressF1,F2,F8,F10orESCduringthebootsequence.
bootpriority
BIOSsettingsallowyoutorun a bootsequencefromafloppydrive,aharddrive, aCD/DVD-ROMdriveoraUSBdevice. You may configuretheorderthatyourcomputersearchesthesephysicaldevicesforthebootsequence.Thefirstdeviceintheorderlist has thefirstbootpriority.Forexample,tobootfrom a CD/DVD-ROMdriveinstead ofaharddrive,placetheCD/DVD-ROMdriveaheadoftheharddrivein priority.
compressedcluster
Whenyouset a fileorfolderpropertytocompressdata,thefileorfolderuses lessdiskspace.Whilethesize ofthefileissmaller,it must use a wholecluster inordertoexistontheharddrive.Asaresult,compressedclusterscontain"fileslackspace".Thisspace may containresidualconfidentialdatafrom thefilethatpreviouslyoccupiedthisspace.KillDiskcanwipeouttheresidualdatawithouttouchingtheexisting data.
cluster
Alogicalgroup ofdisksectors,managedbytheoperatingsystem,forstoring
files.Eachclusterisassigned a uniquenumberwhen it isused.Theoperatingsystemkeepstrackofclustersintheharddisk'srootrecordsorMFTrecords.
freecluster
Aclusterthatisnotoccupied by a file. Thisspacemaycontainresidualconfidentialdatafromthefilethatpreviouslyoccupiedthisspace.KillDiskcanwipeouttheresidual data.
fileslackspace
Thesmallestfile(and even anemptyfolder)takesupanentirecluster.A10-byte filewilltakeup2,048bytesifthatistheclustersize.Fileslackspace istheunusedportion of a cluster. Thisspacemaycontainresidualconfidentialdata from thefilethatpreviouslyoccupiedthisspace.KillDiskcanwipeouttheresidualdatawithouttouchingtheexisting data.
deletedbootrecords
Alldisksstartwith a bootsector. In a damageddisk,ifthelocation ofthebootrecordsisknown,thepartitiontable canbereconstructed.Thebootrecordcontains a filesystemidentifier.
-
7/30/2019 KillDisk7
45/45
6 Glossary of Terms
ISO
AnInternationalOrganizationforStandardization ISO-9660filesystemis astandardCD-ROMfilesystemthatallowsyoutoreadthesameCD-ROMwhetheryou'reon a PC,Mac,orothermajorcomputerplatform.DiskimagesofISO-9660filesystems(ISOimages)areacommonwaytoelectronically
transferthecontentsofCD-ROMs.Theyoftenhavethefilenameextension.ISO(thoughnotnecessarily),andarecommonlyreferredtoas"ISOs".
lostcluster
Aclusterthathasanassignednumberinthefileallocationtable,eventhoughit isnotassignedtoanyfile.Youcanfreeupdiskspacebyreassigning lostclusters. In DOSandWindows,youcanfindlostclusterswiththeScanDiskutility.
MFTrecords
MasterFile Table.Afilethatcontainstherecords ofeveryotherfileanddirectoryin anNTFS-formattedharddiskdrive.Theoperatingsystemneedsthis informationtoaccessthefiles.
rootrecords
FileAllocation Table.Afilethat containstherecords ofeveryotherfileanddirectoryin a FAT-formattedharddiskdrive.Theoperatingsystemneedsthis informationtoaccessthefiles.ThereareFAT32,FAT16andFATversions.
sector
Thesmallestunitthatcanbeaccessedon a disk. Tracksareconcentriccirclesaroundthediskandthesectorsaresegmentswithineachcircle.
unallocatedspace
Spaceonaharddiskwherenopartition exists.Apartition may havebeendeletedordamagedor a partition may nothavebeencreated.
unusedspaceinMFTrecords
Theperformance ofthecomputersystemdependsalotontheperformanceoftheMFT.Whenyoudeletefiles,theMFTentryforthatfileisnotdeleted,it ismarkedasdeleted.Thisiscalledunusedspacein theMFT.IfunusedspaceisnotremovedfromtheMFT,thesize ofthetablecouldgrowto apointwhere itbecomesfragmented,affectingtheperformance oftheMFT
andpossiblytheperformanceofthecomputer.Thisspace may alsocontainresidualconfidentialdata(file names,fileattributes,residentfile data) fromthefilesthatpreviouslyoccupied these spaces.KillDiskcanwipeouttheresidualdatawithouttouchingtheexisting data.