GitHub - bugfishtm/bugfish-nuke: 🪟 Windows ➡️ A Windows tool for emergency privacy: instantly deletes sensitive data and active logins to protect my information during unexpected searches or house warrants.
lemmy.mlHello there!
just updated a previous mentioned tool which has been in discussion here and wanted to share updates on the software status.
The software is in my opinion finished for now and tutorial videos are available, do not hesitate to ask for features if anything is missing.
Github URL: https://github.com/bugfishtm/bugfish-nuke
Documentation: https://bugfishtm.github.io/bugfish-nuke/
Features
- Instantly erase user data, application traces, and sensitive files in a single click.
- Secure deletion: Files are overwritten, not just moved to the recycle bin.
- Clear clipboard contents
- Flush DNS cache
- Erase event logs
- Delete most recently used (MRU) lists
- Remove thumbnail caches
- Empty the recycle bin (system default)
- Set overwrite passes (1 or more) for each deletion:
- 1 pass: Fast, effective for most cases
- 3+ passes: Higher security, slower
- Warning: 0 passes disables overwriting and is NOT recommended
- Add your own scripts (e.g., batch files) to run alongside the deletion process
- Example: Dismount VeraCrypt volumes automatically
- Optional: Corrupt Windows login files after deletion to prevent further access
- Use with caution: This will render Windows unbootable and require reinstallation
- Play a custom or built-in music track during deletion
- Music stops when deletion is complete-useful as an audible signal if you step away
- Overview of selected actions before launch
- Settings for post-deletion behavior: auto-close, force restart, etc.
- Direct links to tutorials and help resources
Security Notes
- Overwriting: Files are overwritten according to your settings, making recovery nearly impossible.
- Recycle Bin: Emptied using Windows default; secure overwrite for the bin may be added in future versions.
- Custom Scripts: Scripts run independently and can be used to automate additional emergency tasks.
- File Deletion: Files are securely overwritten (unless you set passes to 0), making recovery extremely unlikely.
- Music Player: It provides an audible signal when the deletion process is finished, useful if you need to leave your computer during an emergency wipe.
- Use with Caution: Bugfish Nuke is designed for emergency situations. Use with care, especially the destructive system options.
Have a great one
Bugfish
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 3.78K Posts
- 95.6K Comments
- Modlog
Quick question about the overwrite passes: is it overwritten with random numbers or is there a sequence of passes?
Greetings
The files are overwritten with random numbers (random bytes) for each pass. Specifically, for each overwrite pass, the method fills the file with cryptographically secure random data generated by RandomNumberGenerator.Create(). There is no sequence of different patterns (such as 0xFF, 0x00, then random) in my implementation-each pass is random data only.
If you are interested in different overwrite patterns let me know, then i may will implement a solution to choose methods. Overwrite passes count can be set inside the software after hitting the launch button in the confirmation process.
Have you considered if secure deletion will work as expected when using SSDs or SD Card? I heard the only way to actually delete something is to fill it with gibbirish and format it
Really good point. Data Deletion on SSDs and NVMEs are handled differently. (I dont really know about SD Cards but it may be similar)
NVMA/SSD Data Deletion follows 3 Steps
So best is to activate the TRIM Feature when Its implemented on the next update, but this feature will also be auto-executed by the windows system. - Best is to wait hours (its hard to know when garbage collection is finished) after the trim feature has been enabled to be sure garbage collection has deleted the content/files.
But for security measures it still can help to delete the data, even if the garbage collection is not finished. The risk for recover depends than on how many resources the opponent is ready to acquire to get to that data. It will make the recover process difficult without special forensics software etc.
Best and most secure way is to encrypt your data at all so none one can access even if they have the files.
Is there a benefit from this over the inbuilt Secure Erase functionality in most SSDs/NVMEs? To my knowledge, it instantly dumps the current from all cells, emptying the data on it.
Furthermore, another issue with SSDs/NVMEs is that it automatically excludes bad blocks, meaning that classic read/write operations can’t even reach those blocks anyways. Theoretically that feature could also be used against you to preserve the data on the disk by marking all blocks as bad, rendering them as inaccessible by the file system.
Of course there’s also the issue of Secure Erase not being implemented properly in some drives, leading to the bad blocks not being touched by the hardware chip during that procedure.
The benefit is to delete data and execute operations (as deleting logins) in emergency situations when time is a factor. The manufactures inbuilt secure erase function is definitely the better way to make your data unrecoverable, but can take more time and may not be suitable in emergency situations.
Its not planed to add something against bad block data in bugfish-nuke, my recommendation to be safe in that matter:
Just encrypt the entire disk. In an emergency, turn the power off.
And have a script to secure erase the key material. Much faster and will prevent forced/coerced unlocks.
This will be added as a functionality in the next release, thanks for the hint.
Yes this would be more secure and recommended