Author Posts

May 10, 2018 at 3:58 pm

Sort of works but for what ever reason it only works on the last hit ..Lots of people use PS scripts with sdelete .. I guess I could load up that binary into memory PS via encode but that seems overkill and may still get flagged as bad from Security software.

Ref: https://cyber-defense.sans.org/blog/2010/02/11/powershell-byte-array-hex-convert
ref this takes to long and I dont need 'secure' delete just /dev/null to file and delete ( prevent most data recovery tools ) : https://gallery.technet.microsoft.com/scriptcenter/Secure-File-Remove-by-110adb68

function wow1
{

[CmdletBinding()] Param (
[Parameter(Mandatory = $True, ValueFromPipeline = $True)] $Path )

$bytes = (Get-Item $Path).length

$myArray = ,0 * $bytes
[io.file]::WriteAllBytes($Path,$myArray)

write-host $Path.FullName

#Remove-Item $Path

}

#iex 'echo A > c:\delete\_OLD\txt.txt'
Get-ChildItem c:\delete\_OLD\ -Force -Recurse -Include * -File | wow1

May 10, 2018 at 6:30 pm

Why not just call the built-n Windows cipher.exe a try. Just shell out to it from your script. AV will not scream about this cipher.exe use.
It's in every version of Windows, since WinXP.
'support.microsoft.com/en-us/help/814599/how-to-use-cipher-exe-to-overwrite-deleted-data-in-windows-server-2003'

May 10, 2018 at 8:48 pm

Interesting! not sure this will work I don't want to wait 9h ours to delete one file 🙂 It looks like I can crypt the files I want to delete and then run that command but I think that will takt 2x's as long to crypt and then secure delete the file. I am just trying to quickly write 0's to the files.

Trying to rewrite my quickclean and quickkill with just powershell and https://github.com/MoscaDotTo/Winapp2

I see some of your point :

"With modern solid-state drives, the drive's firmware scatters a file's data across the drive. Deleting a file will result in a “TRIM” command being sent, and the SSD may eventually remove the data during garbage collection. A secure delete tool can tell an SSD to overwrite a file with junk data, but the SSD controls where that junk data is written to. The file will appear to be deleted, but its data may still be lurking around somewhere on the drive. Secure delete tools just don't work reliably with solid-state drives. (The conventional wisdom is that, with TRIM enabled, the SSD will automatically delete its data when you delete the file. This isn't necessarily true, and it's more complicated than that.)"

May 11, 2018 at 4:48 pm

You could use some .NET methods to do it. Here's an illustrative example script I threw together:

$File = New-TemporaryFile
"Hello, I am Steve" | Set-Content -Path $File.FullName
Write-Host "Testing file contents..."
Get-Content -Path $File.FullName

$Bytes = [System.IO.File]::ReadAllBytes($File.FullName)
$Bytes | % {"{0:X}" -f $_} | Out-Host

[byte[]] $ZeroBytes = 1..($Bytes.Length) | ForEach-Object {
    0x00000000
}

Write-Host "Overwriting file with zeroes..."

[System.IO.File]::WriteAllBytes($File.FullName, $ZeroBytes)

Write-Host "Checking file contents..."

[System.IO.File]::ReadAllBytes($File.FullName)
Get-Content $File.FullName

And the short version, in function form for easy use:

function Reset-FileBytes {
    [CmdletBinding(SupportsShouldProcess, ConfirmImpact = "Medium")]
    param(
        [Parameter(Position = 0, Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
        [Alias('FullName', 'FilePath')]
        [ValidateScript({
            Test-Path -Path $_
        })]
        [string]
        $Path
    )
    process {
        Write-Verbose "File contents being overwritten:"
        Get-Content -Path $Path | Write-Verbose

        $ByteLength = [System.IO.File]::ReadAllBytes($Path).Length

        Write-Verbose "File length in bytes: $ByteLength"

        if ($PSCmdlet.ShouldProcess($Path, "Overwrite all bytes with zero-bytes.")) {
            [byte[]] $EmptyBytes = 1..$ByteLength | ForEach-Object {
                0x00000000
            }

            [System.IO.File]::WriteAllBytes($Path, $EmptyBytes)
        }

        Write-Verbose "File content should now be zero-bytes, displayed below:"
        [System.IO.File]::ReadAllBytes($Path) | Write-Verbose 
    }
}