speakerNEW!iShredder™ Business for iOS and Android are now available for Enterprise users.Learn more

Advanced Secure Deletion Algorithm (ASDA)
The next generation of secure data erasure.

Since 2017, ASDA has replaced our former 50‑pass method: four precisely tuned steps, verified and logged—fast, resource‑efficient, and audit‑ready.
Advanced Secure Deletion Algorithm (ASDA)

ASDA enables highly effective, verifiable data erasure with minimal resource consumption. The four passes are designed for efficiency and transparency: read‑after‑write verification and deletion logs document every step. AES‑256 and cryptographically strong random numbers make forensic reconstruction significantly harder. The implementation integrates seamlessly into existing processes.

ASDA also exceeds the requirements of NIST SP 800‑88 Rev. 1 (Clear / Purge / Destroy). Depending on the medium (HDD/SSD/Flash), additional purge mechanisms may be appropriate—such as Block Erase or Cryptographic Erase.

Overview of the four passes

Pass No.
Data written
1
Overwrite with 0xFF
The data area is fully overwritten with 0xFF—original content becomes unrecoverable.
2
AES‑256 encryption
The original buffer content is encrypted with AES‑256 and written back—creating a cryptographic barrier against forensic reconstruction. (Keys reside only temporarily in RAM and are securely wiped afterwards.)
3
Bit pattern & verification
A defined bit pattern (e.g., 10010010 01001001 00100100) is written, followed by read‑after‑write verification. Deviations are overwritten again and recorded in the erasure report.
4
Random data (CSPRNG)
Finally, ASDA overwrites the area with cryptographically strong random numbers (CSPRNG per NIST SP 800‑90A).

View source code

Documentation about the source code:

The ASDAErase function in the DataShredder class is used to securely delete data from a file. This process involves four steps, which are carried out in sequential order.

The first step is to overwrite all data in the file with a specific pattern. This is done using the memset function, which sets a block of memory to a specific value.

The second step is to encrypt the original data in the file using the 256-bit AES (Advanced Encryption Algorithm). This is done using the AES class, which has a StartEncryption method that takes an array of unsigned char as input. The data to be encrypted is passed to this method as an argument.

The third step involves verifying the data that was written to the file in the second step. This is done by reading the data back from the file and comparing it to the original data using the memcmp function. If the data read from the file does not match the original data, a status value of 0xC0000719L (STATUS_CONTEXT_MISMATCH) is returned.

Finally, the last step is to overwrite the data in the file with a random pattern. This is done using the DoRandomErase function, which takes three arguments: the size of the data to be erased, a buffer to hold the data, and a byte value representing the iteration number.

If all four steps are completed successfully, the ASDAErase function returns a status value of 0. If any of the steps fails, an appropriate error code is returned.

Source code:

long DataShredder::ASDAErase(DWORD size, byte *buf, byte iteration)
{
    long status=0;

        LARGE_INTEGER nCurrentFilePointer = {0};
        this->m_pLowLevelIO->GetFilePointer(&nCurrentFilePointer);

        // working buffer
        byte *buf1 = (byte*)malloc(size);

        // read file content
        if(iteration == 0) {
                status=this->m_pLowLevelIO->Read(buf1, size, NULL);
                this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);
        }

        // wipe with 0xFF
        if(status == 0)
        {
                memset(buf, 0xFF, size);

                status=this->m_pLowLevelIO->Write(buf, size, NULL);
                if(!m_noBuffering)
                        this->m_pLowLevelIO->Flush();
                this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);      
        }

        // encrypt original file content
        if(status == 0)
        {
                ULONG K[8];

                ULONG seed;
                seed=GetTickCount();
                K[0]=LowLevel::IO::Random(&seed);
                K[1]=LowLevel::IO::Random(&seed);
                K[2]=LowLevel::IO::Random(&seed);
                K[3]=LowLevel::IO::Random(&seed);
                K[4]=LowLevel::IO::Random(&seed);
                K[5]=LowLevel::IO::Random(&seed);
                K[6]=LowLevel::IO::Random(&seed);
                K[7]=LowLevel::IO::Random(&seed);

                AES aes;
                aes.SetParameters(256);
                aes.StartEncryption((const unsigned char *)K);
                
                for(ULONG i=0; (i*4)m_pLowLevelIO->Write(buf, size, NULL);

                if(!m_noBuffering)
                        this->m_pLowLevelIO->Flush();
                this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);      
        }

        if(status == 0)
        {
                byte bData[] = {
                        0x92,//10010010,
                        0x49,//01001001,
                        0x24 //00100100
                };
                for(DWORD i = 0; i < size; i++)
                {
                        buf[i] = bData[i%3];
                }

                status=this->m_pLowLevelIO->Write(buf, size, NULL);
                if(!m_noBuffering)
                        this->m_pLowLevelIO->Flush();
                this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);

                // verify
                if(0==this->m_pLowLevelIO->Read(buf1, size, NULL))
                {
                        this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);      

                        if(memcmp(buf1, buf, size))
                        {
                                status=0xC0000719L;//STATUS_CONTEXT_MISMATCH;
                        }
                }
                else
                {
                        status=0xC0000719L;//STATUS_CONTEXT_MISMATCH;
                }
                
        }

        if(status == 0)
        {
                status = this->DoRandomErase(size, buf, 0);
        }

        free(buf1);

    return status;
}

Explanation of the source code:

This source code defines a function called ASDAErase, which takes in three parameters: an integer size, a pointer buf to a byte array, and an integer iteration. The function returns an integer value status.

The function starts by declaring and initializing some variables. It then reads the current file pointer using the GetFilePointer function of an object of the LowLevelIO class. It then allocates memory for a working buffer buf1 and reads the file content into this buffer using the Read function of the same LowLevelIO object.

The function then wipes the data in the file with the value 0xFF by writing this value to the file using the Write function of the LowLevelIO object, and then encrypts the original file content using the AES (Advanced Encryption Standard) algorithm. It does this by generating a random key and setting up the AES encryption parameters, and then encrypting the file content in blocks of 4 bytes using the StartEncryption function.

The function then writes the encrypted data back to the file, and then overwrites the file with a pattern of 0x92, 0x49, and 0x24 repeating in that order. It then verifies that the data was written correctly using the Read function and the memcmp function to compare the data in the working buffer buf1 with the pattern data in buf.

If all of these operations are successful, the function then calls another function called DoRandomErase to overwrite the file with random data. Finally, the function frees the memory allocated for buf1 and returns the status value.