BCWipe data wiping software is designed as an extension to Windows Explorer - meaning that BCWipe Setup extends the set of commands available in Windows Explorer. If you want to wipe a specific file, or a group of files or folders, just select them in the right pane of Explorer, right-click, and then the Delete with wiping command should appear. BCWipe then allows you to configure suitable options for wiping.
To run Wipe Free Space on a drive, just right-click on the location in the drive string in the left pane of Windows Explorer. A pop-up context menu should appear which contains the Wipe Free Space command. BCWipe then allows you to configure suitable options for wiping.
We strongly recommend running a disk checking utility before wiping free space on a drive.
BCWipe also includes the BCWipe Task Manager utility for configuring wiping tasks to run automatically. You can schedule a time for running a task, as well as other special options.
BCWipe features Transparent Wiping (introduced in version 4.0) which intercepts all 'delete' commands by the user or by the system and securely wipes the data files. Furthermore, all temporary files created by Windows or by any application will be wiped when they are no longer needed. Activating Transparent Wiping eliminates time-consuming processes, such as the need to wipe free space.
You should keep in mind all possible traces: the file itself, its shadow copies, old data stored in file slack space, parts existing in the swap file, the file name stored in MFT, directory slack space.
BCWipe takes responsibility for properly wiping all of these places. It is typically best to follow all BCWipe recommendations and click 'Yes' to any cautions. On the ‘Wiping option’ tab, it is highly recommended to enable all options.
BCWipe can erase all traces of a file on file system level - including (file) content, name, attributes, directory/MFT records. To increase the lifetime of the drive, SSD is different from conventional Hard Disk Drives by featuring a wear-leveling function which performs copy/cache of information evenly around the drive.
Since it is not possible to guarantee that new data overwrites the old data in the same place, file wiping tools (including BCWipe) cannot be 100% effective on SSD. If you try to wipe selected files/folders on SSD, BCWipe will detect it and will display a warning message.
Our technical team is working to overcome this issue on SSD. Yet for now, to prevent unauthorized access or recovery of your sensitive data, we suggest to combine BCWipe with BestCrypt Volume Encryption:
- Encrypt the whole disk with BestCrypt Volume Encryption prior to writing sensitive data
- Wipe files with BCWipe
You should run BCWipe Task Manager (Start > Programs > BCWipe > BCWipe Task Manager) and create a task for ‘Wipe Internet History’. On the 'Internet history' tab, select the folders you want to wipe. Go to the 'Wipe options' tab and set wiping options if required. The 'Schedule' tab helps you set the start time for Internet history wiping.
BCWipe can permanently delete temporary files of common Internet browsers: Internet Explorer, Mozilla Firefox, Opera, Google Chrome.
To protect your pagefile using the latest version of BCWipe, we recommend using the embedded CryptoSwap utility to transparently encrypt the swap file. CryptoSwap allows you to encrypt the swap file with symmetric algorithms (Rijndael 256-bit key, Blowfish 448-bit key, GOST 28147-89 256-bit key, Twofish 256-bit key). The swap file is automatically encrypted on the fly: just create the Swap File Encryption task in BCWipe Task Manager (restart is needed).
In addition, BCWipe can wipe unused portions of the swap file. On the ‘Wiping options’ tab, check ‘unused space in Swap File’.
BCWipe's Reserved Space Manager significantly cuts the time needed to wipe free space by preserving previously wiped space in a clean state. Once the Reserved Space is created, BCWipe will recognize it the next time the ‘wipe free space’ process is running. Since the wiped data in Reserved Space is considered occupied, it will not get used or "dirty", so that space does not need to be wiped. Less space to wipe results in less time spent on this process.
The size of free and reserved space is automatically maintained by BCWipe. Just assign a threshold - the size of free space that remains after wiping. BCWipe will ensure that the drive never has less free space than this threshold. BCWipe will gradually free formerly wiped and reserved space when the system needs more free space.
File slack is the disk space from the end of a file till the end of the last cluster used by that file. A cluster is the minimal portion of disk space used by the file system. For example, if you create and save a long document that fills up 75% of a cluster, and then you delete it with a standard delete command, then the data will still be available in that 75% of the cluster, but the cluster itself will be available for future reuse. If you then create and save a short document that fills up only 50% of that same cluster, then the 25% left over from the previously deleted document will still remain in the cluster.
The data in file slack (or slack space) is invisible by simple windows file editors (e.g., Notepad, MS Word), but it is easily read by other special utilities. So it's important to wipe file slack space to have total confidence that all traces of your data have been permanently deleted from the disk.
The NTFS directory is a special file that contains names of files and subdirectories. Disk clusters that belong to a directory are known as directory nodes. Directory nodes have a slack (space from the end of directory data up to the end of a cluster). On FAT/exFAT file systems, file names are stored in directory entries. Slack of directory nodes or directory entries may still contain names of deleted files, as well as other deleted data.
Before running a task, BCWipe warns you about System Protection active on your computer and recommends turning it off.
On Windows 7 and Windows Vista it is necessary to disable System Protection because the system saves copies of all files that were changed or deleted. Copies of files stored in the System Protection archive are named 'Shadow Copies'. Here is an example of how it works:
- Create a restore point.
- Then choose any file (for example any .txt file) and edit it. The right-click drop-down menu for this file will offer to select ‘Restore previous version’. When clicking this option you will see that there is a Shadow Copy available.
- Press ‘Shift-delete’ for this file.
- Create a file with the same name. The right-click drop-down menu for this file will offer to select ‘Restore previous version’. When clicking this option you will see that there is a Shadow Copy still available.
- Therefore, you could easily restore the previously deleted file.
This clarifies why it is so important to turn off System Restore before wiping.
On Windows XP this is not such a critical issue - if you wipe files with System Restore ON, then it would not cause a security leak because it does not concern your private data: On Windows XP, System Restore only guards system files (e.g., .exe, .com, .bat, .ini, .dll).
BCWipe cannot be used for wiping an entire hard drive. Jetico has a separate product for this purpose: BCWipe Total WipeOut.
Wiping an entire hard drive (or all hard drives) on a computer with BCWipe Total WipeOut is a simple procedure - just boot the computer using a BCWipe Total WipeOut bootable disk (CD/DVD or USB flash drive) and confirm wiping.
Learn more at http://www.jetico.com/wiping-bcwipe-total-wipe-out.
BCWipe complies with modern standards for wiping procedures. Among others, BCWipe comes embedded with the following standards:
- US DoD 5220.22-M(ECE) - 7 passes
- US DoD 5220.22-M(E) - 3 passes
- German BCI/VSITR
- US DoE - Department of Energy standard
- Russian GOST R 50739-95
- British HMG IS5 (Baseline, Enhanced)
- NAVSO-P5239-26 (MFM,RLL)
- Canadian RCMP TSSIT OPS-II
- US Army AR380-19
- Bruce Schneier
- Peter Gutmann
- One random pass
You can also create your own wiping scheme with as many passes as you need: just go to the Wiping Scheme Editor and create a custom scheme by clicking ‘New’.
Please refer to Jetico Central Manager (JCM), which has been specifically designed (among other things) to control and monitor wiping tasks running on remote client computers. JCM should be used to control all functions including the initial installation of the administration database on a server and the deployment of client software on any number of remote workstations.
Please, learn more at http://www.jetico.com/data-protection-wiping-bcwipe-enterprise/
The trial version is available for evaluation purposes for 21 days from the date of installation. It allows only one-pass wiping schemes. After the trial version has expired you cannot create new tasks in BCWipe Task Manager.
BCWipe with an expired license will still perform its task without restrictions on its performance. However, a valid license gives you the right to access and use updates during the year. As operating systems, programs and applications can change regularly, it is recommended to keep the software version current to ensure secure and stable performance. Prompt license renewal (within two years after expiration) will also save you money as it is easier and less expensive than buying a new license.
Use a log file for investigation purposes. Follow these steps:
- In the Transparent Wiping task, enable the 'Use log file' option.
- Click 'LogView' for the special Log Viewer utility to open the log file.
- Continue your usual activity:
- Open/Close applications like MS Word, Internet browser, email program, etc.
- Run system procedures like Disk CleanUp, Empty Recycle Bin, disable System Protection, etc.
LogViewer will show you the Transparent Wiping process in progress. You will see the process that initiated the deletion, the file name and whether or not the wipe was successful.
If the information you need is not posted here, then please contact Jetico Technical Support by using our online form at http://www.jetico.com/support-contact-jetico-technical-support/ or via email at
For the best support service, we suggest to include the following information:
- Detailed problem description
- Configuration description (Operating System, software name, software version number)
File slack is the disk space from the actual end of a file up to the end of the last cluster used by that file. When BCWipe shreds slack space of some file, the program needs to open the file for writing and then overwrite the slack space of the file. Then BCWipe restores the file's original attributes, including date of creation/modification. So when wiping file slack, BCWipe does not change the file's contents or its attributes.
Windows File Protection utility (http://msdn.microsoft.com/en-us/library/windows/hardware/gg463455.aspx) may detect and report the change. You should ignore this message and confirm the system file replacement. If you let BCWipe complete its task, then it will restore the file in the same state as before wiping - except of course that the file slack will be wiped.
You can assign some files or folders to be skipped during file slack wiping. Please do the following:
- Run 'wipe free space' command, go to 'Wiping options' tab and check the 'Use skipped list' box.
- Click 'Edit/View skipped list'.
- Check the 'Skip windows folder' box in the displayed window.
- The same is true for files from the 'Program Files' folder, so you should check the 'Skip program folder' box as well.
Note that if you skip some folders, private information may remain inside the file slack space. For example, you've just deleted a sensitive file and then the Windows Update process has started and occupies the space. Now the 'wipe free space' operation won't wipe this sensitive file because the space is no longer free, and the 'wipe file slack' operation won't wipe it because you skipped the Windows folder.
Even if you don't skip any folder, the security hole exists because Windows doesn't allow BCWipe (or any other application) to open some system files for writing. As a result, BCWipe cannot wipe the slack space and honestly reports it in the log file.
So what is the solution?
The best solution is to enable Transparent Wiping so you don't need to worry anymore about sensitive information residing in file slack space or free space.
The following actions may improve your system performance while using Transparent Wiping:
- Disable logging when you are confident that Transparent Wiping has been configured properly and works effectively.
- Set 'one random pass' as the wiping scheme for Transparent Wiping (only if permitted by your organization's data security policy)
- Use a predefined configuration of Include/Exclude lists - select 'Predefined configuration' and move the slider to the desired level.
- Use 'auto configure' to set the excluded applications list for your system. Switch to the 'Manual configuration' on the Transparent Wiping tab. The utility uses the log file to make a list of programs to be excluded according to their activity.