Fill file with Zeros

Welcome Forums General PowerShell Q&A Fill file with Zeros

This topic contains 3 replies, has 3 voices, and was last updated by

 
Participant
6 months, 1 week ago.

  • Author
    Posts
  • #100414

    Participant
    Points: 0
    Rank: Member

    Sort of works but for what ever reason it only works on the last hit ..Lots of people use PS scripts with sdelete .. I guess I could load up that binary into memory PS via encode but that seems overkill and may still get flagged as bad from Security software.

    Ref: https://cyber-defense.sans.org/blog/2010/02/11/powershell-byte-array-hex-convert
    ref this takes to long and I dont need 'secure' delete just /dev/null to file and delete ( prevent most data recovery tools ) : https://gallery.technet.microsoft.com/scriptcenter/Secure-File-Remove-by-110adb68

    function wow1
    {

    [CmdletBinding()] Param (
    [Parameter(Mandatory = $True, ValueFromPipeline = $True)] $Path )

    $bytes = (Get-Item $Path).length

    $myArray = ,0 * $bytes
    [io.file]::WriteAllBytes($Path,$myArray)

    write-host $Path.FullName

    #Remove-Item $Path

    }

    #iex 'echo A > c:\delete\_OLD\txt.txt'
    Get-ChildItem c:\delete\_OLD\ -Force -Recurse -Include * -File | wow1

  • #100416

    Participant
    Points: 208
    Helping Hand
    Rank: Participant

    Why not just call the built-n Windows cipher.exe a try. Just shell out to it from your script. AV will not scream about this cipher.exe use.
    It's in every version of Windows, since WinXP.
    'support.microsoft.com/en-us/help/814599/how-to-use-cipher-exe-to-overwrite-deleted-data-in-windows-server-2003'

  • #100419

    Participant
    Points: 0
    Rank: Member

    Interesting! not sure this will work I don't want to wait 9h ours to delete one file 🙂 It looks like I can crypt the files I want to delete and then run that command but I think that will takt 2x's as long to crypt and then secure delete the file. I am just trying to quickly write 0's to the files.

    Trying to rewrite my quickclean and quickkill with just powershell and https://github.com/MoscaDotTo/Winapp2

    I see some of your point :

    "With modern solid-state drives, the drive's firmware scatters a file's data across the drive. Deleting a file will result in a “TRIM” command being sent, and the SSD may eventually remove the data during garbage collection. A secure delete tool can tell an SSD to overwrite a file with junk data, but the SSD controls where that junk data is written to. The file will appear to be deleted, but its data may still be lurking around somewhere on the drive. Secure delete tools just don't work reliably with solid-state drives. (The conventional wisdom is that, with TRIM enabled, the SSD will automatically delete its data when you delete the file. This isn't necessarily true, and it's more complicated than that.)"

  • #100438

    Participant
    Points: 161
    Helping Hand
    Rank: Participant

    You could use some .NET methods to do it. Here's an illustrative example script I threw together:

    $File = New-TemporaryFile
    "Hello, I am Steve" | Set-Content -Path $File.FullName
    Write-Host "Testing file contents..."
    Get-Content -Path $File.FullName
    
    $Bytes = [System.IO.File]::ReadAllBytes($File.FullName)
    $Bytes | % {"{0:X}" -f $_} | Out-Host
    
    [byte[]] $ZeroBytes = 1..($Bytes.Length) | ForEach-Object {
        0x00000000
    }
    
    Write-Host "Overwriting file with zeroes..."
    
    [System.IO.File]::WriteAllBytes($File.FullName, $ZeroBytes)
    
    Write-Host "Checking file contents..."
    
    [System.IO.File]::ReadAllBytes($File.FullName)
    Get-Content $File.FullName

    And the short version, in function form for easy use:

    function Reset-FileBytes {
        [CmdletBinding(SupportsShouldProcess, ConfirmImpact = "Medium")]
        param(
            [Parameter(Position = 0, Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
            [Alias('FullName', 'FilePath')]
            [ValidateScript({
                Test-Path -Path $_
            })]
            [string]
            $Path
        )
        process {
            Write-Verbose "File contents being overwritten:"
            Get-Content -Path $Path | Write-Verbose
    
            $ByteLength = [System.IO.File]::ReadAllBytes($Path).Length
    
            Write-Verbose "File length in bytes: $ByteLength"
    
            if ($PSCmdlet.ShouldProcess($Path, "Overwrite all bytes with zero-bytes.")) {
                [byte[]] $EmptyBytes = 1..$ByteLength | ForEach-Object {
                    0x00000000
                }
    
                [System.IO.File]::WriteAllBytes($Path, $EmptyBytes)
            }
    
            Write-Verbose "File content should now be zero-bytes, displayed below:"
            [System.IO.File]::ReadAllBytes($Path) | Write-Verbose 
        }
    }

The topic ‘Fill file with Zeros’ is closed to new replies.