Secure File Deletion using Sdelete and Powershell

If you deal with any private data, you may have a need to securely delete the file to ensure the data is non recoverable.

Microsoft Sysinternals provides the SDelete utility to accomplish just this. The utility will overwrite the data in the file with zeros or random characters. It has the ability to make multiple passes on the file as well, providing further security.

I use this utility quite a bit. In most cases, I determine what files to securely delete based on the date the file was created. For example I want to securely delete all files in the c:\temp folder that are older than 30 days.

I then setup the script to be run as a scheduled task on a daily bases. This ensures my old data is securely deleted while other data remains safe.

Note -- The script does not take into account possible race conditions. It does a parse of the specified folder and as files older than the specified days are found, they are securely deleted immediately. It is my hope that this will mitigate any issues.

You can download the script here.

The text of the script is listed below.

To use the script, modify the root, logfile and shred parameters to suit your environment. You can also modify the iterations parameter with the number of times the SDelete utility will overwrite the file before deletion.

$root = "Path to root folder, starting point"
$Logfile = "Path to log file"
$shred = "Path to shred utility"
$iterations = "-p 6"
$runtime = date
Add-content $Logfile -value "--------"
Add-content $Logfile -value "   Beginning run at: $runtime"
Add-content $Logfile -value "  Using root folder: $root"
Add-content $Logfile -value "Using shred command: $shred"
Add-content $Logfile -value "   Shred iterations: $iterations"
foreach($file in (Get-ChildItem $root -Recurse | ? { -not $_.PSIsContainer -and $_.CreationTime -lt $limit } | select FullName)){ 
   Add-content $Logfile -value "Shreding file: $($file.FullName)"
   Add-content $Logfile -value "$shred $iterations `"$($file.FullName)`""
   $p = start-process $shred -ArgumentList "$iterations `"$($file.FullName)`"" -wait -NoNewWindow -PassThru
   Add-content $Logfile -value "Shred exited: $($p.HasExited)"
   Add-content $Logfile -value "Shred return code: $($p.ExitCode)"
   }
$runtime = date
Add-content $Logfile -value "Ending run at: $runtime"

Leave a Reply