Main functions and tools of the BCWipe system
The BCWipe system provides the following ways to shred contents of deleted files:
- Delete with wiping. Using the Delete with wiping command, appeared in context menus of Windows Shell (‘My computer’ window), you can delete and wipe file or folder, as well as selected group of them.
- Wipe free disk space. When you delete sensitive files using a standard Windows ‘Delete’ command, the operating system does not shred contents of the documents from hard drive, it just marks disk space, earlier occupied by the files, as ‘free’. To completely remove all the traces of the earlier deleted files, use this command to wipe free space on the disk, where these files were stored.
- Swap file wiping. BCWipe utility has an optional switch for wiping unused portion of Windows Swap File, where the operating system may store parts of files, earlier opened by applications. The option can be set when you run Wipe Free Space or Delete with wiping commands.
- Hibernation File wiping. Hibernation File supports transition of computer to the hibernation state. At that time system copies all the data stored in RAM memory, including opened sensitive documents, to the Hibernation File. To avoid the security leak you may configure BCWipe to wipe the Hibernation File regularly (read the Wipe Special Folders task type chapter).
- File slacks wiping. File slack is the disk space from the actual end of a file up to end of the last cluster used by the file. You can turn on/off file slack wiping before running the Wipe Free Space process.
- Directory entries wiping. Directory entry is a reserved space on a FAT disk, where the file system stores name and attributes of the file. During ordinary Windows delete operations, Windows marks a corresponding directory entry as unused. Windows does not erase a whole directory entry. (This is why Unerase utilities work!). Any file that has been ‘deleted’ by Windows, can get its name restored by special utilities, and if the file has not been over-written, contents of the file can be recovered. You can set the Wipe directory entries option when you run Wipe Free Space and Delete With Wiping commands.
NTFS filesystem has different structure, analog of Directory Entries is called MFT Records on NTFS. BCWipe can erase MFT Records only when you run Wipe Free Space command for NTFS disk.
- Wiping a whole hard drive. Sometimes we need erasing a whole hard drive, so that information on all physical sectors of the drive is destroyed. It is desirable to avoid leak of information when you sell computer or the hard drive, and would not like the contents of the disk to be read by someone. The BCWipe system includes command-line BCWipePD.exe utility that can be used for that purpose.
The following tools allows users to control the wiping process and enhance security of Windows system Swap File:
- BCWipe Task Manager. The utility allows configuring BCWipe to run some wiping tasks automatically. You can set a time for running the task, as well as special options for the task. For example, you can configure BCWipe to wipe free space of all your hard drives at midnight every Friday and use US DoD 5200.28-STD wiping standard for the process.
- Swap File Encrypting utility. Swap File is the Windows system file that is used for the virtual memory support, and it can store parts of documents, you are working with, in an opened form on hard drive. Even if some powerful encryption program encrypts an original document, Windows can put a whole document or part of it to the Swap file in an opened form. Encryption keys, passwords, and other sensitive information can also be swapped to hard drive. Even if you use all of the security advantages of the latest Windows versions, simple investigating of the Swap file in DOS mode may allow extracting a lot of interesting information from the file. BCWipe allows encrypting the Swap file contents and preventing such a leak in the operating system.
- Hexadecimal File Viewer. Using the Viewer you can examine contents of file after wiping. The utility is useful for investigating a quality of wiping process, for example when you use a custom wiping scheme.