Data Destroyer Disk Wipe Section 3: Purging the swap file Programs and data are loaded into fast-access RAM memory, which is normally anything from 64 MB in size and up. If many programs are running simultaneously then there may not be enough space in the RAM memory to hold all the data, so Windows stores some of it in a file on disk. As different programs are put in use, Windows "swaps" data between RAM and this disk file, so it is called a swap file or, in Windows XP, a paging file.
The swap file can grow to be quite large, often well over 100 MB. It is preserved when Windows shuts down and is used again when Windows starts up, so (unless you have told Windows not to use a swap file) it is always on your computer. In Windows 98 it is normally named WIN386.SWP and is normally located in the root directory of Drive C or in the \WINDOWS folder. In Windows XP it is named PAGEFILE.SYS and is normally located in the root directory of Drive C.
The swap file holds much of the data used during your most-recent use of your computer, so it can contain sensitive information such as credit card details, passwords, images, Excel spreadsheet data and so on. A program for searching the swap file might be able to extract this information.
However, the swap file cannot easily be purged because Windows is continually swapping data to and from it and tries to prevent other programs from doing anything to it. Thus the swap file cannot be purged using Data Destroyer Disk Wipe, because this program runs under Windows.
If you are running Windows NT, 2000 or XP then the swap file can be wiped when you shut down your computer. The NT Resource Kit says:
To create a new paging file or to change the size of a paging file, double-click the System option in Control Panel, click the Performance tab, then click the Change button in the Virtual Memory box.
ClearPageFileAtShutdown REG_DWORD Range: 0 or 1 Default: 0 Specifies whether inactive pages in the paging file are filled with zeros when the system stops. If this value is set to 1, as the system stops, Windows NT fills all inactive pages in the paging file with zeros so that they cannot be read by another process. It cannot fill all pages with zeros because some are being used by the system or other remaining active processes.
For users of Windows 95, 98 and ME a solution to the problem of purging the swap file is provided by means of an auxiliary program, bundled with Data Destroyer Disk Wipe, called WIPESWAP.EXE. This is a console application and can be run under MS-DOS, without Windows being active. The remainder of this page describes how to purge the swap file using this utility.
In the Data Destroyer Disk Wipe program menu (via Start | Programs | Hermetic Systems) you can select "Wipeswap program (ZIP file)". Save this ZIP file (WIPESWAP.ZIP) to the top folder on Drive C and unzip it to obtain WIPESWAP.EXE.
Then shut down Windows from the Start menu, selecting "Restart in MS-DOS mode" from the panel when it appears. When your computer has completed restarting you will be at the MS-DOS command line prompt. Change to C:\ if you are not there already. Now enter WIPESWAP at the command line and the command syntax for this program will be displayed, as follows:
WIPESWAP overwrites the swap file first with 0xFF bytes then with zero bytes, and the subsequent overwrites (at least two) use sequences of random bytes. Like Data Destroyer Disk Wipe it flushes the data to disk after each overwrite, so that it is the bytes on the disk which are overwritten, not just the bytes in RAM.
If the purge is taking too long then you can interrupt it by pressing the Escape key; in this case the swap file may have been overwritten a number of times but it will not have been deleted. You can delete it using the DOS DEL command (which must be done so that Windows does not try to use a swap file full of random bytes when it is restarted).
When you reboot your computer you will be asked whether to restart in MS-DOS mode or in Windows.
Data Destroyer Disk Wipe Main Page Hermetic Systems Home Page