12Ghosts.com | Download | Order | Support 

12Ghosts Shredder

12Ghosts - Shredder


What does it do for me?

Overwrite, truncate length to zero, rename, reset file date, and finally delete files and folders. Even if the file is locked!! No trails are left of any compromising or confidential information. Nobody will ever be able to recover these files. Nobody will even find out the previous name or file size. The file can be overwritten several times with random patterns so that even the finest magnetic tracks are mixed up.

Sanitize hard drives, floppies, picture memory cards, flash drives, zip drives, and external drives. Wipe Disk overwrites empty space, even the unused end of files, and removes previously deleted file names. Because it does NOT use low-level file system functions, it works with all file systems, including FAT, FAT32, and NTFS4/5.

You may choose the number of overwrites according to your security ambitions. The higher the number the less the probability that even finest magnetic tracks could be detected. The Department of Defense (DOD 5220.22-M) recommends one character overwrite, one inverse overwrite, and one random overwrite for adequate security. While the NSA requires 7 passes, you may choose up to 99 write overs.

12-Shredder, of course, writes directly to the disk and flushes the file buffers after each overwriting, so that the file is overwritten on disk, not only in cache memory... This is what takes some time if it shreds more than once. (However, if you do the cleaning during shut down started by a shutdown manager like 12-ShutDown, and the computer is set to power off automatically when finished, you leave much sooner!)

After overwriting the file contents, the file size is set to zero to prevent drawing conclusions from the former file size. The file is also renamed, since the name would not be removed from the drive during a normal deletion. All file dates, created, modified, and last accessed, are reset to 1/1/80, the default for empty directory listings. And finally, what is left, is deleted.

  Q: Does 12-Shredder's Wipe Disk extend the live time of disks and flash memory?
  A: No software can extend the life time of hardware. You have fallen for agressive marketing.

  Q: Does it use low-level file system functions?
  A: No. 12-Shredder does not use low-level file system functions. Other wipe programs just write over areas of the disk without having locked the space. This will lead to problems when Windows or other programs create new files at the same time. The information will be lost. The file system may be damaged or Windows may not start any more. This cannot happen with 12-Shredder because we don't use low-level file system functions. This also means that 12-Shredder is independent of the file system, and works with FAT, FAT32, NTFS-4, NTFS-5, and even newer extensions of NTFS or system drivers.


Where should I start?

Start 12-Shredder and select the tab Shred Files. Here you can select a file or a folder. Select if you want to include subfolders or not. Finally, click on the button Shred Now. A confirmation message will appear (that you may disable in Shred Options - No Warnings). Click OK to remove the file and all its traces on the disk. Nobody will ever be able to recover this file!


Wipe Down Your Disk

Wipe Empty Space

When you delete a file in Explorer or other applications, without shredding them, only its entry in the folder list is removed. Its contents is always left on disk, no matter if you use Recycle Bin or not. 12-Shredder can wipe these areas, too.

Note, that some programs, for example Word, create temporary files and delete them when the document is closed. However, those temporary files are not overwritten by 12-Shredder. The file contents is still on the disk. Use Wipe Disk regularly to erase such areas on all disks.

IMPORTANT: Turn off any undelete programs while Wipe Disk is running, like Norton's Protected Files or Diskeeper's Recovery Bin. If you receive warnings about low disk space after using Wipe Disk you may need to empty the Recycle Bin or its replacements. Also, you don't want to run a defragger at the same time because it can slow down both processes.

End of Files

There's another area where crititcal data can still be found. At the unused end of files, sometimes called file slack. Files are saved in small clusters of 2 KB or more. Each cluster holds a part of the file. The last cluster, however, may not be filled completely. A file with 23 KB, for example, may fill 12 clusters, with the last cluster only filled half. If this last part was used before, for example by a different file, it may still contain compromising information. Again, use 12-Shredder's wipe disk regularly so you can feel save about what could be found on your disk.

Note: Please cancel prompts of the Windows File Protection to restore files; this is because the files are touched when Clearing End of Files, but they are not changed.

Remove Old Names

There is still one information left even after wiping empty space: the file and folder names of previously deleted files. The contents of files is gone after wiping empty space. However, the file names are stored in a directory on the disk which does not belong to "empty space". Just click 'Remove Old Names' to tell 12-Shredder to also overwrite unused names.

(This does NOT use file system functions, either. Here is where some wipe programs fail. This leads to problems with the integrity of the file system and even lost files. This cannot happen with 12-Shredder because we do not use low-level file system functions.)

  Q: Why is this feature disabled in the shareware version?
  A: It creates many temporary files on your disk. The temporary files are only cleaned up after the operation is complete. There is no way to test only a part of the feature.

  Q: I use an undelete program that still lists some deleted files with their file names. Did 12-Shredder fail?
  A: Again, since we don't use low-level file system functions, 12-Shredder can only access folders that the current user is allowed to access. This excludes folders like 'System Volume Information' because it is a system-only folder. You may, however, give yourself Full Control over that folder: First, you need to make it visible:

  1. Open Control Panel - Folder Options - View - Advanced Settings
  2. Check 'Hidden files and folders' -> 'Show hidden files and folders'
  3. Un-check 'Hide protected operating system files'
  4. Un-check 'Use simple file sharing'
  5. Open Explorer and right-click on 'System Volume Information' (for each partition)
  6. Select Properties - Security - Add - and enter your user name
  7. Click OK and check Full Control - Allow
  8. Repeat from 5. for other partitions

(Q: Simple enough, why doesn't 12-Shredder do this automatically? A: Because we don't mess with your security settings.   Q: Why don't you issue a warning for those of us not reading any...manuals? A: Because the information stored in this folder only concerns the system and is usually irrelevant for security considerations. It is well hidden from the user for a purpose.)

Limit Free Space (Wipe Options)

The common experience is that Wipe Empty Space takes a long time if you have 30 GB of free space. On the other hand, you may not need all this space right now but may be comfortable with 500 MB for a long, long time. Thus, you would run Wipe Empty Space first, then create one large file that occupies 29.5 GB of the wiped space - which you know is clean - so that you never have to clean it again. Next time you want to Wipe Empty Space, all that needs to be wiped are the remaining 500 MB.

The option Limit Free Space just creates this large file in the root of each partition. Click 'Off' to delete the large files and recover the space. Again, if you use Norton Protected Recycle Bin or Diskeeper's Recovery Bin you may need to 'Empty Recycle Bin' or its replacements after clicking 'Off'. Also of interest may be the fact that a defragger may not work with such few space, in particular not with the large 12-Shredder Limit Free Space file. That's fine since the large file is completely empty, useless, and doesn't need optimization. All you are going to do with it is delete it at some point. Anyway, if you feel like you need to run your defragger (no matter if it only saves you two seconds a year but costs you hours to run it regularly :) you may need to turn off Limit Free Space before.

  Q: I've read that new files created on NTFS are automatically filled with zeros. So when I enable Limit Free Space I can be sure it is overwritten already, and I don't need to wipe space before???
  A: No. Correct is that when you create a new file on NTFS and try to read it, it returns only zeros. Anything else would be hilarious and compromise the security of Windows. However, the file is not "filled", no zeros are written. Instead, NTFS uses Sparse Files. This is a zero-length file containing the information "this has zeros everywhere". No zeros are written - to save time. Hence, always wipe empty space BEFORE enabling or expanding Limit Free Space.


What we don't do

12-Shredder's "Overwrite" and "Wipe Disk" functions are faster than other disk wiping tools because we optimize write access to high speed. We write larger chunks, and we write directly to the disk (with no intermediate buffering or caching, so the I/O does not rely on synchronous operations of the memory manager). We try more deliberately to access even read-only and locked files. And, unlike others, we don't change the file date of any files during disk wiping. Not a big deal, maybe, but it's the fine tracks that other tools leave, and we don't.



Check if everything works as expected by letting 12-Shredder stop after each step. To do this, activate the Test Mode.

Verify after each step that 12-Shredder did what it says it did. First, make sure the file is indeed overwritten without changing the size (smaller wouldn't overwrite everything, larger could potentially lead to moving parts of the file to a different place on the disk - no longer overwriting the original clusters.)

You should hear a slight rattling of your disk when 12-Shredder flushes the disk write buffers after each overwriting. This makes sure it is overwriting the disk - not cache memory.

It also stops after truncating the file length to zero, after setting the file date to 1/1/80, and after renaming it to xxxxxxxxx.xxx, so you can confirm that it really does everything as expected.


How Many Passes of Overwrites?

The Department of Defense (DOD 5220.22-M) recommends three overwrites with different patterns for adequate security. The NSA requires 7 passes. Some Internet sites recommend 30 or more passes. Isn't one overwrite enough? What does it mean, anyway?

Let's look into why there may be data recoverable even after a write over: The write head of the disk may not write exactly in the same track as it did before. Due to different temperature of the material or wear and tear. There's a defined uncertainty, which is fine for normal reads since the width of the write head is wide enough for the next read operation to work perfectly.

However, left and right of the track there may still be some information "dropped off", no matter how often you overwrite. The idea of multiple passes is that the probability that the write head moves to all possible places is very high. It is not guaranteed, though.

We should add that almost all bit information on the disk will get scrambled after even a single pass. Just a few bits may still be intact. With a second and third pass chances get very low that a complete character can be recovered, much less a whole word or sentence.

With "recoverable" we are talking about a highly expensive lab examination. This requires a million dollar magnetic microscope. Would the person you try to hide something from be willing to spend that much money, let's say a four figure amount? If the answer is yes you might consider destroying the disk itself physically and buying a new disk for $50.

There is no way to recover the information even after one pass short of a lab examination. So if your only fear is that some people might get the wrong impression when discovering the data, one pass is fine. If you ask if 30 passes will save your head in a life threatening matter, the answer must be no, it sure doesn't.

Consider this: imagine you had the same information on a piece of paper. Would tearing it to pieces and hiding it under the other garbage be enough so is shredding with one pass. If you'd rather put it in a mechanical shredder producing extra small pieces of paper better use three passes. Should you consider burning the paper in the fire place or eat it up it is definitly better to destroy the disk physically (large magnet, scrapyard).

Formatting the disk, by the way, may not overwrite anything at all, but just clear the directory of the disk so it may appear empty. Even physical formatting at best overwrittes with one pass. In the worst case, however, it may create new tracks right beside the old tracks that contain essential information.


Command Line Options

You can start 12-Shredder automatically, from the command line, from a shortcut, from 12-Timer, or from within a batch file (a text file with the ending .bat, listing commands each on one line) with the following parameters. Use "no" to override the defaults: /noqueue /norestart /nodelfolder /warning /error /notesting.

<path>         File or folder to shred
/overwrites:N     N is the number of overwrites (default 1)
/subfolders Include subfolders if path is a folder
/queue Queue for next reboot if file is locked (recommended)
/restart Try to restart the shell if file is locked
/delfolder Delete the folder itself if it is empty (emtpy subfolders are always removed)
/nowarning      No confirmation, no display of shred progress
/noerror No error messages
/testing Stop after each step
/wipedisk Clear empty space and end of files, then stop
/silent Together with /wipedisk, do not show a dialog box. (To unhide the window just start 12-Shredder again without parameters.)

Example: 12shredder.exe "c:\docs\secret.doc" /queue /nowarning


12Ghosts Power Tools

© 1993-2014 12Ghosts Inc. All rights reserved.