Remote-triggered, auto-selected, NIST-compliant. Per-drive, per-serial, per-certificate.
reCore handles data destruction at the individual drive level. The wipe engine detects each drive's hardware capabilities, selects the fastest compliant method, falls back automatically if a command is rejected, streams real-time progress to the dashboard, and generates tamper-proof certificates -- all without requiring technician expertise.
Live DrivesRemote
| Drive | Size | Status | Actions | |
|---|---|---|---|---|
SAMSUNG MZVLB512HBJQ 0025_3884_0100_4413 | 477 GB | Pending | ||
TOSHIBA KSG60ZMV256G 88VB837AK5SP | 238 GB | Pending | ||
WD Blue SN550 NVMe SSD 2045_3884_0100_9921 | 1 TB | Pending | ||
Crucial MX500 SATA SSD CT1000MX500SSD1 | 1 TB | Pending | ||
Seagate BarraCuda HDD ST2000DM008 | 2 TB | Pending | ||
Kingston A2000 NVMe 50026B7684A1C2D3 | 500 GB | Pending |
Remote wipe from the dashboard
Admins trigger wipes directly from the web dashboard. Select any connected device, pick a method (or let the system auto-select), and click Start Wipe. The command reaches the client device instantly -- no physical access, no walking to the bench, no USB keys.
Need to wipe an entire intake batch at once? The bulk wipe system handles hundreds of drives in parallel with real-time progress tracking. Monitor every drive from a single screen. Operations that would take a team of technicians hours of manual work become a single button click.
Smart auto-select engine
Before any wipe begins, the system automatically detects what each drive supports. It identifies the drive type, interface, encryption capabilities, and available erase commands -- then picks the fastest NIST-compliant method for that specific drive. No configuration, no guesswork.
A modern NVMe SSD with crypto erase support? Done in seconds. An older SATA drive with limited firmware options? The engine adapts and selects the best available approach. If the preferred method isn't supported by the hardware, it falls back to the next best option automatically and tells you why. Your technicians never need to know the difference between drive types -- the system handles it.
Automatic fallback priority
If any method is rejected by the hardware, the engine automatically tries the next option. Zero manual intervention -- the wipe always completes.
Per-drive serial tracking
A modern laptop might contain a single NVMe SSD. A workstation might have three. A server could have twelve. Most wipe tools track erasure at the device level, which means a "completed" wipe on a multi-drive machine doesn't tell you which drives were actually wiped, or whether all of them were.
reCore tracks every wipe by the physical drive's firmware serial number. A laptop with two SSDs generates two separate wipe records, each containing the drive's make, model, serial, capacity, interface type, SMART health data, the method used, start/end timestamps, operator identity, and verification results. If one drive fails verification, you know exactly which one -- and the other drive's record remains valid.
Drives are tracked across devices. If a physical SSD is moved from one machine to another, its entire wipe history follows it -- because the tracking is tied to the drive serial, not the machine.
Seven erasure methods
The right method depends on the drive technology, security classification, and turnaround requirements. reCore implements all seven methods as actual executable operations -- not abstractions over a single overwrite routine.
Single-pass zero fill across all user-addressable storage locations. The fastest software approach, appropriate for devices being redeployed within the same security environment.
Firmware-level command that triggers the drive controller's built-in erase routine. Bypasses software entirely. Typically completes in 2-5 minutes regardless of drive capacity.
Extended firmware erase that covers remapped sectors, HPA, and DCO areas that standard secure erase may miss. Maximum SATA drive coverage.
Sends Format NVM command with Secure Erase Setting=1. The NVMe controller rewrites all user data blocks. Completes in 2-4 minutes on most drives.
Format NVM with SES=2. Destroys the media encryption key on self-encrypting drives. All data becomes permanently unrecoverable in under 10 seconds without writing a single byte.
Controller-level Sanitize command with Crypto Erase action. Unlike Format, Sanitize cannot be interrupted and provides stronger guarantees for regulated environments.
Controller-level Sanitize with Block Erase. Overwrites all internal media blocks including those not user-addressable. The most thorough NVMe sanitization available.
Automatic drive intelligence
Every drive is different. reCore interrogates each one before wiping to build a complete capability profile -- so you never have to.
NVMe drive profiling
Automatically detects supported erase commands, sanitize modes, and format capabilities on NVMe storage. Selects the optimal method in milliseconds.
SATA drive profiling
Identifies secure erase support, enhanced erase, and whether the BIOS has locked the drive's security features. Adapts the wipe strategy accordingly.
Crash-safe operation
The engine validates every command against the drive's actual interface before execution. Incompatible operations are blocked before they can cause issues.
Encryption-aware
Detects self-encrypting drives and unlocks instant cryptographic erase where available -- destroying the encryption key instead of overwriting data.
Real-time progress and resilience
Every wipe streams live progress to the dashboard in real time. You see actual write speed in MB/s, estimated time remaining based on current throughput, and pass-by-pass tracking for multi-pass methods. No refreshing, no polling -- updates arrive the instant they happen.
The wipe engine is optimized for maximum disk throughput so your drives finish as fast as the hardware allows. When it encounters a bad sector, it retries, logs the issue, and keeps going. The wipe never aborts on damaged hardware -- and the final report tells you exactly what happened.
Live speed and ETA
Real-time MB/s throughput and estimated completion time, streamed to the dashboard as it happens.
Bad sector resilience
Damaged sectors are retried, logged, and skipped. The wipe always completes -- even on failing hardware.
Cancel mid-operation
Stop a wipe mid-operation from the dashboard or client. Restart anytime.
Verification and integrity
After each wipe completes, the system reads back the drive to confirm that no recoverable data remains. The sampling rate adapts to the erasure method used. The result is hashed with SHA-256 to produce a fingerprint that can be independently verified at any future point.
Verification results, hashes, and timestamps are stored as part of the wipe record and cannot be modified after the fact. If verification fails, the record reflects the failure and the drive must be re-wiped before a certificate can be issued.
For audit scenarios, reCore includes standalone re-verification -- a read-only check that can confirm a previously wiped drive weeks or months later without re-wiping. Useful when an auditor needs to verify a drive's state independently.
Chain of custody and admin verification
Every wipe record captures the full chain of custody: which operator initiated the wipe (authenticated by PIN), which organization owns the device, the compliance standard applied, and a timestamped execution log from start to finish. This information flows directly into the certificate of destruction.
Completed wipes enter an admin verification queue in the dashboard. Administrators review the full wipe data, then approve or reject each record. The system enforces separation of duties in code -- the person who verifies the wipe cannot be the same person who performed it. This is a NIST SP 800-88 requirement and is enforced automatically, not left to organizational policy.
Certificate of destruction
Each verified wipe produces a PDF certificate containing:
Certificates can be downloaded individually or exported in bulk as a ZIP archive organized by batch, client, or date range -- ready for auditor handoff. Each PDF includes a SHA-256 integrity hash that can be verified against the database at any time to confirm the file has not been tampered with.
Cross-platform parity
The same wipe engine runs on Windows, Linux, and WinPE. It auto-detects the operating system, loads the right driver layer, and produces identical results regardless of platform. Same compliance records, same certificates, same audit trail.
A drive wiped from a WinPE boot image generates the exact same structured record as one wiped from a full Windows installation or a headless Linux server. Your auditors see one consistent format no matter how diverse your environment is.
Windows
Full support for Windows 10/11 and Server editions. Hardware-level erase commands and bare-metal writes.
Linux
Native support for all major distributions. Hardware commands and direct disk access for maximum throughput.
WinPE
Boot from USB or PXE into a minimal environment. No OS installation needed. Same engine, same compliance output.
Per-drive billing
Billing is tied to individual drive serials, not devices. A 12-drive server uses 12 credits. A laptop with two SSDs uses 2. Re-wiping an already-billed drive is free -- the system tracks which drive serials have been charged using idempotent billing records.
Only drives that pass verification are billed. A failed wipe does not consume credits. Within your plan's included operations, there is no per-drive charge. If you exceed your quota, overage pricing applies at your plan's published rate.