Skip to content

Features

Everything it takes to prove a drive is clean

Two sanitization categories, read-back verification, tamper-evident certificates, and safety engineering that assumes the worst — all in one portable console.

Sanitization

Clear and Purge — two standards-defined categories

ProofWipe implements the Clear and Purge sanitization categories defined by NIST SP 800-88. You choose the category per drive; the certificate records exactly which was used.

Clear — overwrite

NIST SP 800-88 Clear

Overwrites user-addressable storage so data cannot be recovered with standard tools.

  • Single-pass and multi-pass overwrite methods, including crypto-random patterns (AES-256-CTR keystream)
  • Bad-sector handling: unwritable regions are isolated, skipped, and disclosed on the certificate
  • Works on any writable drive Windows can address — SATA, NVMe, USB media

Purge — firmware sanitize

NIST SP 800-88 Purge

Uses the drive’s own firmware sanitize commands to render data recovery infeasible even with laboratory techniques.

  • ATA SANITIZE and Secure Erase for SATA drives; NVMe Sanitize and Format for NVMe drives
  • Hard support detection: drives behind USB bridges, BIOS-frozen, or lacking the capability are greyed out with the reason stated
  • Post-sanitize read-back evidence is captured, and the certificate distinguishes Purge from Clear

Not sure which you need? The standards pageexplains when Clear is sufficient and when Purge is warranted.

Verification

Verified, not assumed

Every wipe is verified by read-back sampling (1%, 10%, or 100%) and documented with a tamper-evident certificate secured by a SHA-256 log hash.

  • Sampling always includes the first and last regions of the drive — the classic spots where residual data hides
  • Caches are flushed before verification reads, so what’s checked is what’s on the platters or flash — not what’s in RAM
  • Sectors skipped as unreadable during the wipe are excluded from verification and disclosed on the certificate

Verification levels

1%Fast spot-check for low-sensitivity media
10%Balanced default for routine decommissioning
100%Full read-back for high-assurance disposition

Every level always samples the first and last regions of the drive in addition to the random sample.

Illustrative sample sanitization certificate

Sanitization Certificate

NIST SP 800-88 · CSE ITSP.40.006

Verified
Certificate ID
PW-2026-0R7A-4F19-C3E2
Device
Samsung SSD 870 EVO 1TB
Serial
S6PTNZ0T4••••••
Method
Purge — NVMe/ATA firmware sanitize
Verification
Read-back sampling · 100%
Result
Success
Operator
J. Tremblay
Completed
2026-06-18 14:22 UTC

SHA-256 log hash

9f2c1a7b6e4d0c83a5f1e29d7b4c60a8f3e5d1c927b8a6f40e3d2c1b0a9f8e7d6

Illustrative sample — not a real certificate

Certificates

Documentation auditors can trust

The certificate is the product of the wipe — not an afterthought. Every field an auditor or downstream buyer needs is captured automatically.

  • HTML report + PDF certificate from a shared content model — same facts, two formats
  • SHA-256 log hash binds the certificate to the wipe log for tamper evidence
  • A certificate is generated for every outcome — including cancelled or partial wipes.
  • Discloses method, verification level, operator, arming method, BitLocker status, hidden-area findings, and any skipped sectors

An online portal to validate certificate IDs and log hashes iscoming soon.

Safety

Fail-closed, by engineering — not by checkbox

Fail-closed by design: ProofWipe refuses to touch the system or application disk. A drive is wipeable only when it is positively determined to be safe.

System & app disks are untouchable

The engine positively identifies the Windows system disk and the disk ProofWipe itself runs from (by device number, not drive letter) and refuses to select them. Protection is enforced in the engine — not just greyed out in the UI.

Uncertainty means protected

If a drive’s role can’t be positively determined — unreadable disk, virtual/VHD disk, failed volume mapping — it is treated as protected. Never the other way around.

Two-step arming + confirmation

Each drive must be armed by typing its serial number (or a generated code when the serial is unavailable), then confirmed in a modal before anything destructive happens. Identity is re-validated immediately before the wipe starts, with a hard abort on mismatch.

And more

Built for real decommissioning benches

HPA/DCO hidden-area detection

Some ATA drives hide capacity behind a Host Protected Area or Device Configuration Overlay. ProofWipe detects both at enumeration, warns in the UI, and discloses them on the certificate — noting that an overwrite Clear cannot reach hidden areas, while an ATA SANITIZE Purge does.

Multi-drive parallel batch

Wipe many drives at once with fully isolated per-drive sessions — own locks, progress, cancellation, and certificate. One drive failing or being cancelled never touches another. Per-drive arming is preserved: there is deliberately no “arm all”. System sleep is blocked for the duration of the batch.

BitLocker awareness

BitLocker-encrypted volumes are detected before the wipe and recorded on the certificate — useful chain-of-custody context for drives that were encrypted in service.

Offline by design

Offline by design — no phone-home, no telemetry. Licensing uses offline keys. The app never needs a network connection — a fit for air-gapped and controlled environments.

Portable, zero-install

One self-contained .exe that runs from a USB stick on Windows 10/11 (Administrator required). No installer, no dependencies, no traces to clean up on the host.

Bootable WinPE edition

Wipe the Windows system disk itself — and sealed devices like Surface — by booting from ProofWipe media. Built from the same engine.

See it on your own bench

The Free tier wipes a single drive with NIST Clear and 10% verification — enough to evaluate the whole workflow end to end.