Software version: 5.2.1
Hardwipe Commander is the command line utility that ships with the Hardwipe Data Sanitization Security Toolset. It combines the Hardwipe data sanitization engine with the total control and flexibility afforded by a rich command line interface.
A primary application of Hardwipe Commander is the automation of remnant data sanitization in sensitive business environments. For example, it makes it easy to schedule file wiping tasks to erase old backup files in the user's work area, or to hard wipe the recycler whenever the user logs out.
Hardwipe Commander ships with the both the Desktop and Portable Editions of the software. However, it is an advanced feature offering, and you need to purchase a Professional Level Upgrade to use it fully.
You can try out Hardwipe Commander for free. It is functional, but non-wiping until you upgrade.
The Hardwipe Commander executable is:
It can be found under the Hardwipe installation directory, and the installer will offer the option to add this to the environment PATH variable so that the "hwipe" command is available at the console terminal. Alternatively, you can add the location to the PATH variable yourself, or elect to supply the full executable path in scripts or the Task Scheduler.
This command line interface supports the English language only.
Hardwipe supports input using either Windows or Linux style form. Command line inputs can include simple switches or parameters with a value. Options may also be expressed in short or long form.
For example, both the following examples are equivalent:
If you prefer Linux style syntax, long-form arguments should begin with a double hyphen ("--"), whereas the short-forms should use a single hyphen only. In Windows style, all arguments should be prefixed with "/". It is important to note that, in either style, long form arguments such as "abort-on-error" are case insensitive, however, the short form equivalents are case sensitive. For example, the inputs "/s" and "/S" have different meanings.
Notice also the use of the colon ":" and equals "=" separators with the "wipe" command parameter in the example above. Where an argument is followed by a value, either a colon or equals character must be used to separate the name from the value.
Hardwipe Commander provides a rich, yet simple, interface to the Hardwipe data sanitization engine which lends itself to automation from the Windows Task Scheduler.
Windows Task Scheduler
The Task Scheduler provides an easy to use and flexible way to automate tasks at periodic intervals or on certain events, such as when the user logs in, or whenever the computer becomes idle. The Schedule Tasks command can be found under "Administrator Tools" on Windows Control Panel.
The simulation switch runs a wipe task in non-deleting "test mode". You should use it in conjunction with the output option to safely test any auto-executing sanitization task before allowing it to execute for real from the scheduler.
Application exit code are as follows:
Windows Console Terminal
Perform the specified wiping task, which may be one of the following:
file: wipe file path(s)
vol: wipe logical volume(s)
dev: wipe physical device(s)
fspc: wipe free (unused) space on the specified volume(s)
rcyc: wipe the recycler on the specified volume(s)
By default, the wipe task will require user confirmation before starting (see right).
One or more file paths can be specified, including files and/or entire directories. In the following example, two files will be removed under the "Temp" directory. Note that paths containing spaces should be surrounded in quotes, as shown in the second path.
In the above, all other files under "Temp" will be left untouched. The following command, however, will destroy all files under the "Temp" directory, including all directory sub-trees, and will remove the "Temp" directory itself on completion. Note that, here, we are using the short form of the wipe command ("/w").
The wildcard characters '*' and '?' may be used in the last element of the pathname, and the following differs subtly from the example above in that it will hard wipe all items in the directory, including sub-trees, but will leave the empty "Temp" directory behind.
The example below is more sophisticated and demonstrates the use of additional parameters.
In this, the sanitization scheme ("/s") GOST R 50739-95 is specified along with a last pass verification ("/y"). The wildcard path and the modification time ("/m") parameter will restrict wiping to files with the extension ".bak" directly under the "Temp" directory that are older than (i.e. unmodified for) 7 days. All other paths will be left untouched.
Note that files under sub-directories of "Temp" will not be removed even if they end with the "*.bak" extension. For example, the file "C:\Temp\data\file.bak" will be excluded because its "data" directory does not match the wildcard pattern. If, however, a directory name were to match the pattern, then all its contents will be wiped and the directory itself removed.
One or more logical volumes can be specified for wiping, as follows:
This will hard wipe the volumes "I:" and "J:". You can use the vol-list command to display volume information. Note that this command will not allow you to wipe the volume hosting the OS (normally on "C:").
One or more physical devices can be specified for wiping, as follows:
This will hard wipe the device ID 1. The following variations will also be recognised:
You can use the dev-list command to display device information. Note that this command will not allow you to wipe the device hosting the OS volume.
Free space can be wiped on one or more volumes as follows:
This will overwrite free storage space in order to destroy remnant data that is no longer accessible at the file system level, but still physically resides on the device. It does not delete existing file data.
If the empty-recycler option is specified with this task, the recycler (if any) on the specified drive volume will be emptied prior to cleaning.
Free space can be wiped on one or more volumes as follows:
If called with administrator privileges, the files sent for recycling by all users will be destroyed. Otherwise, only the recycler contents beloning to the current user will be affected.
The volume path can be omitted with this task, in which case the recyclers contents on all connected drives will be wiped.
List physical storage devices attached to the computer.
List drive volumes on the computer.
Input your license registration key to activate the software. This command will activate both command line utility and GUI applications, provided the key pertains to a Professional Level Upgrade. If your installation ships with the GUI, you may alternativaly use the GUI to input the key, although the command line may be preferrable in certain scenarios.
There will be no feedback as to whether the license key was accepted or not, however, you can use the version command to confirm the registration status.
The key must be contained on a single input line, as shown above (the key shown is an example only). This feature was introduced in version 5.1.4.
Displays help information.
Output version information.
Abort the wiping task on the first error encountered.
This switch can be specified with any wiping task, although it is, perhaps, mainly applicable when wiping files.
This will hard wipe all files under the "Temp" directory. Assume that the first file encountered cannot be removed because it is locked by some other process. Normally, Hardwipe will log the error and move on to the next file. However, if this switch is specified, the task will be aborted at this point.
Write BOM when logging to output file. See the output option.
Empty recycler when cleaning free drive space.
This will call the Windows shell to empty the recycler on C: prior to overwriting its free space.
Wait for key press before exiting.
This switch can be specified with any command, and if used, the process will wait for the user to press a key before it exists, thus allowing the user an opportunity to review the output log before the console window is closed.
Leave empty directories behind when wiping files. This option can be specified when wiping file paths.
Here, all files under the "Temp" directory will be hard wiped, including all files under any sub-directories. However, the empty sub-tree structure will be left behind, including the root "Temp" directory itself.
Restricts file wiping to items that are older than (i.e. unmodified since) the date-time specified. Typically, this options is useful when hard wiping files that match a given wildcard pattern, but can also be used when wiping the recycler.
The date-time can be specified as either as a time period relative to the current clock time, as shown above, or as an absolute date-time in ISO 8601 format.
Relative periods can be specified as follows:
/m:<n>s(or "sec" / "secs" / "second" / "seconds")
/m:<n>m(or "min" / "mins" / "minute" / "minutes")
/m:<n>h(or "hr" / "hrs" / "hour" / "hours")
/m:<n>d(or "dy" / "dys" / "day" / "days")
/m:<n>w(or "wk" / "wks" / "week" / "weeks")
/m:<n>mon(or "month" / "months" — equivalent to 31 days)
/m:<n>y(or "yr" / "yrs" / "year" / "years" — equivalent to 366 days)
Where "n" is an integer value. Do not put a space between the integer value and the period specifier (although a hyphen can be used), as this will confuse the command interpreter (i.e. use "/m:7days" or "/m:7-days", but not "/m:7 days"). It is not possible to mix period types — the input "/m:7days3hrs" is invalid.
Absolute date-time values should be specified in the form:
The time part and the use of '-' and ':' separators is optional. Additionally, the year-day form "yyyy-ddd" may be used instead, where ddd is the day number in the range 1 to 366. The character "T" must be used to separate the date-time parts if the time is present.
Valid examples include:
/m:2014-08-15T11:38(local date and time)
/m:2014-08-15T11:38:09Z(UTC with seconds)
Times are local times unless the UTC designation "Z" is given, as shown in the last example above. Input using weeks, weekdays or repeating intervals is not supported.
Specify where to write logging information. Log files are generated when performing a wiping operation (i.e. using the "wipe" command).
Portable variants of Hardwipe Commander will, by default, write log files to its local "hw-log" directory. The log files will reflect the username and time. Desktop editions of the command line utility, however, have no default local log directory and will, by default, not log wiping operations unless configured*.
You can use this option to set or change the logging location for a wiping operation. Use it to specify either a directory, or a fully qualified log filename. If the input is an existing directory, Hardwipe will append its own filename to the path. If, however, the input does not exist as a directoy, Hardwipe will assume that it pertains to a fully qualified filename.
Here, output will be written to a UTF-8 text file under the "Log" directory. Output is not re-directed, rather the file is copy of what is written to the console. This is useful when automating data sanitization from the Windows Task Scheduler, as it will log events and errors.
You will note the presence of the placeholder variable "%DATETIME%" in the above example. This will be replaced with the current date-time value from system clock in ISO 8601 form, without separators, i.e. "YYYYMMDDThhmmss".
The following placeholders are also supported:
%DATETIME%: local date-time, i.e. "20140814T143523"
%DATETIMEZ%: UTC date-time, i.e. "20140814T133523Z"
%DATE%: local date, i.e. "20140814"
%DATEZ%: UTC date
%TIME%: local time, i.e. "143523"
%TIMEZ%: UTC time, i.e. "133523Z"
%YYYY%: local 4 digit year, i.e. "2014"
%YYYYZ%: UTC 4 digit year
%YY%: local 2 digit year
%YYZ%: UTC 2 digit year
%MM%: local month
%MMZ%: UTC month
%DD%: local day
%DDZ%: UTC day
%hh%: local hour
%hhZ%: UTC hour
Placeholders variables are case sensitive.
NONE" to disable file logging on the operation. For example:
hwipe /o:NONE ...".
*For the Desktop Edition, the default log directory output can be set from the GUI settings window. If a directory is configured here, the command line utility will use it also as its default logging output location.
See also the "bom" option for use with generating output. Note that the behaviour of this command was updated in version 5.1.4.
The number of times a file or directory is randomly re-named prior to removal from the file system. This option can be specified with any wiping task.
Values between 0 and 26 are accepted. The default value is 3.
Sanitization scheme. This option can be specified with any wiping task.
Accepted values are:
zero: Zero Overwrite
ran: Random Data
gost: GOST R 50739-95
dod: DOD 5220.22-M
The default value is "ran" (Random Data).
Skip final confirmation when wiping (use with care).
When using the wipe command, final user confirmation will normally be requested before any action is taken. Specifying this option, however, will omit the interactive confirmation and wiping will commence immediately. This is useful when automating data sanitization from the Windows Task Scheduler, but should be used with care. It is recommended that automated sanitization commands be tested first using the simulation option.
See also the silent option.
Do not write to stdout.
Example. Note the presence of the skip-confirm ("k") option:
The presence of this switch will also cause the console window to be closed at the earliest possible instance. This is useful when automating data sanitization from the Windows Task Scheduler, as it will suppress the console window, although it may not always be possible to prevent the window appearing briefly.
Disk writing speed option.
This speed setting allows the disk writing speed to be reduced. Lowering the write speed on lengthy tasks may improve the computer's responsivity if it is being used for other important tasks. This option value can be specified with any wiping task.
Recognized input values include:
Additionally, any integer percentage value may be specified in the range 1 to 100, where 100 is the maximum. The writing speed adapts to the capability of the device, and it cannot be assumed that the scale is linear, but only that lower values relate to a lower writing speed.
The maximum allowable number of verification errors (or write failures), expressed as a percentage value, before the task is terminated and flagged as failed.
This option can be specified with any wiping task. For example, a value of 0.5% for an entire drive overwrite will mean that errors up to 0.5% of the drive's total size will be tolerated before the job is aborted. For file wiping, it applies to files individually.
The default value is 1.0%.
Setting this value to zero will cause the task to terminate on the first write or verification failure. Note that any I/O error will be flagged as a warning in the log irrespective of this setting, so it is not necessary to set it to zero to be sure of detecting errors.
Simulate the wiping task.
This switch can be specified with any wiping task, and prevents real data from being removed. In effect, a test simulation of the task is performed where file items and drives are analyzed and an output log generated, but no actual data will be destroyed. This is useful in automating data sanitization because it allows input sequences to be safely tested prior to letting them run without supervision.
In some cases, data sizes written to the output will be fictitious (hard-coded) rather than real, and using this switch with a drive overwrite test will result in the simulated task completing near instantly, whereas in reality the process may take sometime to perform. This behaviour is normal.
Verbose output. This switch can be specified with any wiping task. When used, full length file paths are always listed in the process output.
Perform verification pass.
This option can be specified with any wiping task, and currently supports the following values:
last: Perform last pass verification
When verification is used, a read-back pass is performed as part of the wipe process and verifies the values written by the previous overwrite. Any verification errors will be reported in the output. Additionally, the tolerence option can be used to specify at what point the process will be aborted if verification errors are detected.
Write username to output. This switch can be specified with any wiping task.
This option has been deprecated since version 5.1.4, and will be ignored. The platform and username are now always written in the log.