SDelete

SDelete is an application that securely deletes data in a way that makes it unrecoverable. It is part of the Microsoft Sysinternals suite of tools. [1]

ID: S0195
Type: TOOL
Platforms: Windows
Version: 1.1

Techniques Used

Domain ID Name Use
Enterprise T1116 Code Signing SDelete is digitally signed by Microsoft.[1]
Enterprise T1485 Data Destruction SDelete deletes data in a way that makes it unrecoverable.[1]
Enterprise T1107 File Deletion SDelete deletes data in a way that makes it unrecoverable.[1]

Groups

Groups that use this software:

APT29
Cobalt Group
FIN5

References