-
Notifications
You must be signed in to change notification settings - Fork 6
secure_delete_with_certificate.ps1
Corey Watson edited this page Dec 19, 2025
·
1 revision
Securely deletes files using Microsoft SDelete with DoD-compliant overwriting and generates legal documentation.
| Property | Value |
|---|---|
| Platform | Windows |
| Version | 1.0.0 |
| Category | Security |
Securely deletes files using Microsoft SDelete with DoD 5220.22-M compliant overwriting, generating comprehensive documentation suitable for legal proceedings. Creates a detailed certificate of destruction with file hashes, metadata, system information, and timestamped audit trail.
- Microsoft SDelete (auto-installed via winget if enabled)
- PowerShell 5.1 or later
- Administrator rights recommended for complete metadata access
| Variable | Description | Required |
|---|---|---|
$targetPath |
File or folder path to securely delete | Yes |
$outputDirectory |
Where to save the certificate (default: Desktop) | No |
$overwritePasses |
Number of overwrite passes (default: 3) | No |
$operatorName |
Name of person executing the deletion | Yes |
$caseReference |
Legal case reference number | No |
$witnessName |
Name of witness if present | No |
$notes |
Additional notes for the certificate | No |
| Setting | Description | Default |
|---|---|---|
$dryRun |
Test mode: performs all steps except actual deletion | $true |
$recursive |
Process subfolders if target is directory | $true |
$generateHtml |
Generate HTML certificate in addition to text | $true |
$autoInstallSDelete |
Auto-install SDelete via winget if not found | $true |
- Validates target path exists and SDelete is available
- Generates unique session ID for audit trail
- Captures complete system information (hardware, OS, user, network)
- Enumerates all target files with full metadata
- Calculates SHA-256, SHA-1, and MD5 hashes for each file
- Records file attributes, timestamps, size, and NTFS alternate data streams
- Executes SDelete with specified passes, capturing all output
- Verifies each file no longer exists post-deletion
- Generates comprehensive certificate with all collected data
- Outputs certificate to specified directory with timestamp
| Code | Description |
|---|---|
| 0 | All files successfully deleted and verified |
| 1 | Validation failed or deletion errors occurred |
- Certificate contains file paths and hashes which may be sensitive
- Store certificates securely according to legal requirements
- The DoD 5220.22-M standard uses 3 overwrite passes by default
- Dry run mode is enabled by default for safety
[ INPUT VALIDATION ]
--------------------------------------------------------------
Target Path : C:\Sensitive\Documents
Operator : John Smith
Case Reference : CASE-2025-001
Overwrite Passes : 3
Output Directory : C:\Users\john\Desktop
Recursive : True
Dry Run : True
*** DRY RUN MODE - NO FILES WILL BE DELETED ***
[ SESSION INITIALIZATION ]
--------------------------------------------------------------
Session ID : 20251208-143022-A7B3C9D1
Started : 2025-12-08 14:30:22.123 -05:00
[ CERTIFICATE GENERATION ]
--------------------------------------------------------------
Text certificate : C:\Users\john\Desktop\SecureDeletion_DRYRUN_20251208-143022.txt
HTML certificate : C:\Users\john\Desktop\SecureDeletion_DRYRUN_20251208-143022.html
[ FINAL STATUS ]
--------------------------------------------------------------
*** DRY RUN COMPLETE - NO FILES WERE DELETED ***
- 2025-12-08 v1.0.0 Initial release - comprehensive secure deletion with certificate generation