What DeadMan's Handle is
Secure file deletion lies at the heart of DeadMan's Handle, which is made up of three functional components:
- The challenge system.
- The “panic button”.
- The configuration utility.
The challenge system
When your machine is booted up, a challenge can be presented either immediately or after log on (this is a configuration option, based on your security policy). This challenge is user-selectable, but gives no real indication what it is for. For example, it may be a screen apparently giving a project status, and asking for a keycode to download latest update.
If the Cancel button is pressed (the most likely event if the notebook has been stolen) or if the OK button is pressed with the wrong code or password, and if the number of allowed attempts has been exceeded, then DeadMan's Handle swings into action, silently implementing the secure file deletion system that wipes all the nominated files to a user-specified level of thoroughness.
During the challenge process the desktop is locked out, so the challenge screen has to be dealt with. The deletion process is silent and rapid, and culminates with the removal of DeadMan's Handle itself: no traces are left on the system. The notebook still functions, but ostensibly with nothing interesting on it. The loss of your information has been foiled.
The panic button
The panic button is a small icon on the system tray. Clicking on it calls up the "panic button": push it, and the system will go straight into delete mode, as though the challenge had been failed. This is provided as a quick cleanup service for high-risk situations (or even if you feel like clearing all your confidential information from the machine for general reasons).
The configuration utility
This allows configuration of almost all of the DeadMan's Handle system:
- Enable or disable the challenge or panic button.
- Set a user-selectable number of attempts.
- Define user prompts and pass/fail warnings.
- Configure and set up keycodes and passwords.
- Select different challenge screens.
- Select level of secure file deletion (five levels are provided, from straight delete to total file shredding).
- Select the files and folders that are confidential.
- Configure immediate presentation of the challenge, or after log on.
- Enable swap file cleardown.
- Select the appearance (skin) of the utility.
We also provide help and extra information, including laptop security suggestions, to let you configure the system to meet your needs.
Secure File Deletion Process
For any security level above the most basic, DeadMan's Handle completely overwrites the files, using random numbers and bit patterns according to the selected level. The secure file deletion process, described further in the documents held at the link, can be tailored to your exact requirements. It also randomizes the time stamps, alters the file names and truncates them to zero length, undermining all attempts to recover them. DeadMan's Handle will always maximise its attempts to makes the files irrecoverable (although some capabilities are limited on earlier operating systems).
