secure_delete_with_certificate.ps1 - limehawk/rmm-scripts GitHub Wiki
secure_delete_with_certificate.ps1
Securely deletes files using Microsoft SDelete with DoD-compliant overwriting and generates legal documentation.
Overview
| Property |
Value |
| Platform |
Windows |
| Version |
1.0.0 |
| Category |
Security |
Purpose
Securely deletes files using Microsoft SDelete with DoD 5220.22-M compliant overwriting, generating comprehensive documentation suitable for legal proceedings. Creates a detailed certificate of destruction with file hashes, metadata, system information, and timestamped audit trail.
Requirements
- Microsoft SDelete (auto-installed via winget if enabled)
- PowerShell 5.1 or later
- Administrator rights recommended for complete metadata access
Inputs
| Variable |
Description |
Required |
$targetPath |
File or folder path to securely delete |
Yes |
$outputDirectory |
Where to save the certificate (default: Desktop) |
No |
$overwritePasses |
Number of overwrite passes (default: 3) |
No |
$operatorName |
Name of person executing the deletion |
Yes |
$caseReference |
Legal case reference number |
No |
$witnessName |
Name of witness if present |
No |
$notes |
Additional notes for the certificate |
No |
Settings
| Setting |
Description |
Default |
$dryRun |
Test mode: performs all steps except actual deletion |
$true |
$recursive |
Process subfolders if target is directory |
$true |
$generateHtml |
Generate HTML certificate in addition to text |
$true |
$autoInstallSDelete |
Auto-install SDelete via winget if not found |
$true |
Behavior
- Validates target path exists and SDelete is available
- Generates unique session ID for audit trail
- Captures complete system information (hardware, OS, user, network)
- Enumerates all target files with full metadata
- Calculates SHA-256, SHA-1, and MD5 hashes for each file
- Records file attributes, timestamps, size, and NTFS alternate data streams
- Executes SDelete with specified passes, capturing all output
- Verifies each file no longer exists post-deletion
- Generates comprehensive certificate with all collected data
- Outputs certificate to specified directory with timestamp
Exit Codes
| Code |
Description |
| 0 |
All files successfully deleted and verified |
| 1 |
Validation failed or deletion errors occurred |
Notes
- Certificate contains file paths and hashes which may be sensitive
- Store certificates securely according to legal requirements
- The DoD 5220.22-M standard uses 3 overwrite passes by default
- Dry run mode is enabled by default for safety
Example Output (Dry Run)
[ INPUT VALIDATION ]
--------------------------------------------------------------
Target Path : C:\Sensitive\Documents
Operator : John Smith
Case Reference : CASE-2025-001
Overwrite Passes : 3
Output Directory : C:\Users\john\Desktop
Recursive : True
Dry Run : True
*** DRY RUN MODE - NO FILES WILL BE DELETED ***
[ SESSION INITIALIZATION ]
--------------------------------------------------------------
Session ID : 20251208-143022-A7B3C9D1
Started : 2025-12-08 14:30:22.123 -05:00
[ CERTIFICATE GENERATION ]
--------------------------------------------------------------
Text certificate : C:\Users\john\Desktop\SecureDeletion_DRYRUN_20251208-143022.txt
HTML certificate : C:\Users\john\Desktop\SecureDeletion_DRYRUN_20251208-143022.html
[ FINAL STATUS ]
--------------------------------------------------------------
*** DRY RUN COMPLETE - NO FILES WERE DELETED ***
Changelog
- 2025-12-08 v1.0.0 Initial release - comprehensive secure deletion with certificate generation