Tuesday, August 30, 2016

PowerShell v2 Function Remove FileSecurely Requires sDelete

To help deal with some requirements for an automation project we needed to come up with a way to securely (that means fully) remote data from the system.  We used to use Heidis Eraser, but, this program has proven to be ineffective according to auditors.  So, the Sysinternals sDelete utility was our next option.  I basically wrote the following function to remove files by wrapping sDelete to ensure the data was cleaned up.  From what I can tell sDelete simply overwrites the file space with random data, but, I could be wrong.  sDelete just ensures the actual space, not just the pointers to the used space, is overwritten.  This script assumes the sDelete.exe is located in C:Program FilesSysinternals directory, but, that can be overridden in the script, or, you can simply add the folder path to the file to your environmental variables.
function Remove-FileSecurely {

<#
.AUTHOR
Will Steele

.NOTES
Current version of sdelete has the following help:

SDelete - Secure Delete v1.51
Copyright (C) 1999-2005 Mark Russinovich
Sysinternals - www.sysinternals.com <http://www.sysinternals.com>

usage: C:program filessysinternalssdelete.exe [-p passes] [-s] [-q] <file or directory>
C:program filessysinternalssdelete.exe [-p passes] [-z|-c] [drive letter]
-c Zero free space (good for virtual disk optimization)
-p passes Specifies number of overwrite passes (default is 1)
-q Dont print errors (Quiet)
-s Recurse subdirectories
-z Clean free space

.LINKS
sDelete - http://technet.microsoft.com/en-us/sysinternals/bb897443

.EXAMPLE
md C: est
1..100 | % { dir > C: est$_.txt }
Get-ChildItem C: est*.txt | `
% { Remove-FileSecurely -Name $_ -Passes 10 -LogFormat "HH:mm:ss" -Verbose }
#>

[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $true
)]
[String[]]
$Name,

[Parameter(
Mandatory = $false
)]
[ValidateScript({Test-Path $_})]
$sdeletePath = "C:Program FilesSysinternalssdelete.exe",

[Parameter(
Mandatory = $false
)]
[ValidateScript({$_ -ge 0})]
[Int]
$Passes = 1,

[Parameter(
Mandatory = $false
)]
$LogFormat = "yyyy-MM-dd HH:mm:ss"
)

function Write-TimeStamp
{
Get-Date -Format $LogFormat
}

foreach($item in $name)
{
if(Test-Path -Path $item)
{
# Test to see if item is a directory
if($item.PSIsContainer)
{
Write-Verbose "$(Write-TimeStamp): $item is a directory. Skipping."
}

# Assumes item is a file
else
{
. $sdeletePath -p $Passes $item | Out-NullTo
if(Test-Path $item)
{
Write-Verbose "$(Write-TimeStamp): $item was not deleted."
}
else
{
Write-Verbose "$(Write-TimeStamp): $item was deleted."
}
}
}
}
}

Related Post:

0 comments:

Post a Comment

 
Copyright 2009 Information Blog
Powered By Blogger