home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2004 March
/
Chip_2004-03_cd1.bin
/
software
/
kill
/
manual.txt
< prev
Wrap
Text File
|
2003-10-02
|
14KB
|
332 lines
Active@ KILLDISK for DOS
Copyright (c) 1999-2003
LSoft Technologies Inc.
USERS MANUAL
1. PRODUCT OVERVIEW
1.1. Deleting Confidential Data
1.2. Advanced Data Recovery Systems
1.3. High Standards
2. SYSTEM REQUIREMENTS
3. OPERATING PROCEDURES
3.1. Prepare bootable floppy disk (startup disk).
3.2. Run Active@ KILLDISK (Interactive mode)
3.2.1. Start data erasing on the particular HDD or partition
3.2.2. Erasing Progress
3.2.3. Erasing Report
3.3 Configuration Options
3.3.1. Erase methods
3.3.2. Number of Passes
3.3.3. Verification
3.3.5. Ignore Errors
3.3.6. Clear Log File before Start
3.3.7. Skip Confirmation
3.4. Run Active@ KILLDISK (Command Line mode)
3.4.1. Parameters description
3.4.2. Start Active@ KILLDISK with parameters
4. COMMON QUESTIONS
1. PRODUCT OVERVIEW
1.1. Deleting Confidential Data
Modern methods of data encryption are deterring unwanted network attackers from
extracting sensitive data from stored database files. Unfortunately, attackers
wishing to retrieve confidential data are becoming more resourceful by looking
into places where data might be stored temporarily. A hard drive on a local
network node, for example, can be a prime target for such a search. One avenue
of attack is the recovery of supposedly-erased data from a discarded hard disk
drive. When deleting confidential data from hard drives or removable floppies,
it is important to extract all traces of the data so that recovery is not
possible.
Most official guidelines around disposing of confidential magnetic data do not
take into account the depth of todays recording densities. The Windows DELETE
command merely changes the file name so that the operating system will not look
for the file. The situation with NTFS is similar.
Removal of confidential personal information or company trade secrets in the
past might have used the FORMAT command or the DOS FDISK command. Ordinarily,
using these procedures gives users a sense of confidence that the data has
been completely removed.
When using the FORMAT command, Windows displays a message like this:
Important: Formatting a disk removes all information from the disk.
The FORMAT utility actually creates new FAT and ROOT tables, leaving all
previous data on the disk untouched. Moreover, an image of the replaced FAT
and ROOT tables are stored, so that the UNFORMAT command can be used to
restore them. FDISK merely cleans the Partition Table (located in the drive's
first sector) and does not touch anything else.
1.2. Advanced Data Recovery Systems
Advances in data recovery have been made such that data can be reclaimed
in many cases from hard drives that have been wiped and disassembled. Security
agencies use advanced applications to find cybercrime-related evidence. Also
there are established industrial spy agencies adopting sophisticated channel
coding techniques such as Partial Response Maximum Likelihood (PRML), a
technique used to reconstruct the data on magnetic disks. Other methods
include the use of magnetic force microscopy and recovery of data based on
patterns in erase bands.
Although there are very sophisticated data recovery systems available at a
high price, data can easily be restored with the help of an off-the-shelf
data recovery utility like Active@ File Recovery (www.file-recovery.net)
or Active@ UNERASER (www.uneraser.com), making your erased confidential
data quite accessible.
Using Active@ KILLDISK, our powerful and compact utility, all data on your hard
drive or removable floppy drive can be destroyed without the possibility of
future recovery. After using Active@ KILLDISK, disposal, recycling, selling
or donating your storage device can be done with peace of mind.
1.3. High Standards
Active@ KILLDISK has several methods for data destruction that conform to
US Department of Defense clearing and sanitizing standard DoD 5220.22-M,
German VSITR, Russian GOST p50739-95.
More sophisticated methods like Gutmann's or User Defined methods are
available as well. You can be sure that once you wipe a disk with
Active@ KILLDISK, sensitive information is destroyed forever.
Active@ KILLDISK is a quality security application that destroys data permanently
from any computer that can be started using a DOS floppy disk. Access to the
drive's data is made on the physical level via the Basic Input-Output
Subsystem (BIOS), bypassing the operating systems logical drive structure
organization. Regardless of the operating system, file systems or type of
machine, this utility can destroy all data on all storage devices. Thus it
does not matter operating systems and file systems located on the machine,
it can be DOS, Windows 95/98/ME, Windows NT/2000/XP, Linux, Unix for PC.
2. SYSTEM REQUIREMENTS
To be able to use Active@ KILLDISK you require:
- AT compatible CPU with 386 or greater processor
- 4Mb of RAM
- 1.44 Mb floppy diskette drive
- Bootable Floppy disk containing MS-DOS 6.0+,or startup disk for Windows 95/98
- HDD of type IDE/ATA/SCSI attached to be erased.
3. OPERATING PROCEDURES
3.1. Prepare bootable floppy disk (startup disk).
If you do not have bootable floppy, you can prepare such disk from MS-DOS,
Windows 95/98 the following ways:
- If you boot in MS-DOS or in Command Prompt mode of Windows 95/98,
insert blank floppy and type:
FORMAT A: /S
and follow the instructions on a screen.
- If you boot in Windows 95/98, go to the "Control Panel" then
"Add/Remove Programs", then switch to tab "Startup Disk" and
click button "Startup Disk..."
Copy Active@ KILLDISK (KILLDISK.EXE) to the bootable floppy disk
Alternatively you can use ours "Bootable Floppy Creator" that allows you
to create bootable floppy with DEMO version of Active@ KILLDISK pre-installed.
Look in the Downloads section at product's web site: www.killdisk.com
3.2. Run Active@ KILLDISK (Interactive mode)
- Boot from the bootable floppy in DOS mode
- Run Active@ KILLDISK by typing in command line:
KILLDISK.EXE
You will see the list of detected hard disk drives and partitions.
When you move cursor through them, you'll see their system information.
3.2.1 Start data erasing on the particular HDD or partition
- Using arrows select hard disk drive or partition you want to erase
at the left side. Configuration dialog appears.
- Using arrows and [F10] key choose configuration options (see Configuration
Options section) or leave defaults and press F10 to continue
- To confirm the erasing action, please type: ERASE-ALL-DATA
Erasing process will start.
3.2.2. Erasing Progress
See the progress and stop the operation if you want to.
- Wait until operation is complete
or
- Stop an operation at any time by pressing [ESC]
After operation is completed successfully you'll see erasing report.
If there are any errors, for example due to bad clusters, you'll see them
on the screen and will be able to continue or cancel the operation.
3.2.3. Erasing Report
After erasing operation is complete, report is displayed.
It contains target drive, timing, erase method, etc. related to the
erasing session. If there were some errors, for example bad clusters,
you'll see this information here. Use arrows to scroll window.
Example of the Erasing Report:
------------- Erase Session -----------------------
Active@ KILLDISK started at: Thu Feb 20 11:56:51 2003
Target: Floppy (00h) 1.40MB
Erase method: US DoD 5220.22-M Passes:3
Verification:40% (completed successfully)
Time taken: 00:01:26
Total number of erased device(s), partition(s): 1
The report is automatically saved to KILLDISK.LOG file located at
the same folder where you started Active@ KILLDISK from.
3.3 Configuration Options:
3.3.1. Erase methods
Erase method allows to define security level or cleaning standard for the
following erase operation.
It is one of:
- One pass zeros: 1 pass, quick, low security
- One pass random: 1 pass, quick, low security
- US DoD 5220.22-M: 3 passes, slow, high security
- German VSITR: 7 passes, slow, high security
- Russian GOST p50739-95: 5 passes, slow, high security
- Gutmann: 35 passes, very slow, highest security
- User Defined: You can specify number of passes (random) 1 to 99
3.3.2. Number of Passes
For all erasing methods except User Defined this number is fixed and cannot be
changed (see above). For User Defined method you can change number of passes.
Each overwriting pass will be performed with a buffer containing random
characters.
3.3.3. Verification
After erasing is complete you can direct software to perform verification of
the surface on the drive to be sure that the last overwriting pass was
performed properly and data residing on drive now match data written by KILLDISK.
Verification is a long process. You can turn off the verification,
or turn it on and specify percentage of the surface to be verified.
3.3.4. Retry Attempts
If error happens while data reading/writing onto the drive (it could happen,
for example, due to the physical damage of drive's surface), Active@ KILLDISK
tries to perform the operation again and again, and you can specify number
of retries to be performed.
If drive is not completely damaged, sometimes after several retries it is
possible to read/write sector.
3.3.5. Ignore Errors
If this option is turned on, you'll not see error messages while data
erasing/verification is in progress. All errors have been ignored, however
all information about errors will be written to the KILLDISK.LOG file and
displayed later on in the Erasing Report.
3.3.6. Clear Log File before Start
If this option is turned on, KILLDISK.LOG log file will be truncated before
erasing starts, and after erasing completion will contain information only
about the last session.
If this option is turned off, KILLDISK.LOG log file will not be truncated,
information about the last erasing session will be appended to the end.
3.3.7. Skip Confirmation
If this option is turned on, you'll not be asked to type phrase:
ERASE-ALL-DATA on the next step of the erasing process. This confirmation
step is just skipped.
Turning off this option (default state) is safer because you have one
more last chance to see what is going to be erased completely with no
possibility of future data recovery.
Advanced users can turn it on to speed up the process.
3.4. Run Active@ KILLDISK (Command Line mode)
Active@ KILLDISK has command line mode. To get the help type:
KILLDISK.EXE /?
3.4.1. Parameters description
-erasemethod=[0-6] - Erase method to be applied
See "Erase methods" section above
-passes=[1-99] - Number of Passes for User Defined method
See "Number of Passes" section above
-verification=[1-100] - Percentage of surface to be verified
See "Verification" section above
-retryattempts=[1-99] - Number of retries if read/write error occurs
See "Retry Attempts" section above
-ignoreerrors - Ignore error messages display.
If any error occurs-just write to the log and skip it
-clearlog - Clears the log file before erasing starts
See "Clear Log File before Start" section above
-noconfirmation - Skip confirmation step before erasing
See "Skip Confirmation" section above
-test - Create a file containing hardware configuration
Send this file to us to analyze the problem if any
-eraseallhdds - Automatically erase all detected hard disk drives
3.4.2. Start Active@ KILLDISK with parameters
You can use this command line to erase all detected hard disk drives
using the most secure Gutmann's method (35 passes) with no user confirmation:
A:\>KILLDISK.EXE -eraseallhdds erasemethod:5 -noconfirmation -verification=100
After operation is completed successfully, 100% of drive's surface would be
verified and information on how drives have been erased is saved to the
KILLDISK.LOG file.
4. COMMON QUESTIONS
4.1 How many operating systems supported by Active@ KILLDISK?
Active@ KILLDISK is a DOS program and it does not matter which operating system is
installed on the machine. If you can boot in DOS mode (from boot diskette for
example), you can erase any drives independently of Operating System installed
(it could be DOS, Windows, Linux, Unix for PC).
4.2 I cannot boot from floppy. What to do?
The reasons could be:
- Your machine has boot priority for HDD higher than for floppy.
Go to BIOS, check it and change the priority if so.
- Your floppy disk is not bootable or damaged.
Verify whether system files (COMMAND.COM, etc..) are located on floppy or not.
If so, disk or some files are probably damaged
If not, prepare and test bootable floppy disk (see documentation)