To help deal with some requirements for an automation project we needed to come up with a way to securely (that means fully) remote data from the system. We used to use Heidis Eraser, but, this program has proven to be ineffective according to auditors. So, the Sysinternals sDelete utility was our next option. I basically wrote the following function to remove files by wrapping sDelete to ensure the data was cleaned up. From what I can tell sDelete simply overwrites the file space with random data, but, I could be wrong. sDelete just ensures the actual space, not just the pointers to the used space, is overwritten. This script assumes the sDelete.exe is located in C:Program FilesSysinternals directory, but, that can be overridden in the script, or, you can simply add the folder path to the file to your environmental variables.
function Remove-FileSecurely {
<# .AUTHOR Will Steele
.NOTES Current version of sdelete has the following help:
usage: C:program filessysinternalssdelete.exe [-p passes] [-s] [-q] <file or directory> C:program filessysinternalssdelete.exe [-p passes] [-z|-c] [drive letter] -c Zero free space (good for virtual disk optimization) -p passes Specifies number of overwrite passes (default is 1) -q Dont print errors (Quiet) -s Recurse subdirectories -z Clean free space
function Write-TimeStamp { Get-Date -Format $LogFormat }
foreach($item in $name) { if(Test-Path -Path $item) { # Test to see if item is a directory if($item.PSIsContainer) { Write-Verbose "$(Write-TimeStamp): $item is a directory. Skipping." }
# Assumes item is a file else { . $sdeletePath -p $Passes $item | Out-NullTo if(Test-Path $item) { Write-Verbose "$(Write-TimeStamp): $item was not deleted." } else { Write-Verbose "$(Write-TimeStamp): $item was deleted." } } } } }
0 comments:
Post a Comment