Whitepaper

Detection & Deletion: DuplicateDuster

A technical reference describing exactly how DuplicateDuster finds duplicates and what its secure-delete option does and does not guarantee.

01

Executive summary

DuplicateDuster is a desktop application (Electron, with a Node.js worker-thread backend) that identifies exact duplicate files by content hash and optionally removes them with a multi-pass secure overwrite. It performs no network communication during scanning, hashing or deletion.

This document is intentionally precise about the boundary of the detection method: it matches identical content only, and does not attempt similarity, perceptual, or fuzzy matching of any kind.

02

Detection method

Duplicate detection is based entirely on SHA-256 content hashing. Each file in the scan scope is read and hashed; files producing an identical digest are grouped as confirmed duplicates. Because SHA-256 collisions are computationally infeasible to construct, a hash match is treated as proof of byte-for-byte identity — there is no probabilistic scoring and no tunable similarity threshold.

This has a direct consequence: a file that has been re-saved, re-encoded, cropped, or edited in any way — even by a single byte — will not match its original. DuplicateDuster does not implement filename similarity matching, perceptual hashing, or any form of fuzzy or 'near-duplicate' detection.

03

Scanning architecture

File enumeration is recursive from the selected root path(s). Hashing is distributed across Node.js worker threads, parallelising I/O and CPU-bound hash computation across available cores rather than processing files sequentially. A scan is read-only with respect to the file system: no file is modified, moved, or removed during enumeration or hashing.

04

Symlink handling

The scanner distinguishes symbolic links from regular files during traversal (using lstat rather than stat where appropriate), so a symlink is not mistakenly treated as if it were a duplicate of its target's content in a way that could lead to an unintended deletion.

05

Review and deletion workflow

Once hashing completes, files are presented grouped by matching hash. The interface always preserves a default 'keep' selection — at least one file per group is retained, and no deletion occurs without explicit user confirmation per the configuration in use.

06

Secure deletion implementation

When secure deletion is selected, DuplicateDuster performs a three-pass overwrite of the file's data before unlinking it: a pass of 0xFF bytes, a pass of 0x00 bytes, and a pass of cryptographically random bytes. The filename is also randomised and the file's timestamps are reset prior to removal, reducing the metadata trail left behind.

This is explicitly not represented as an implementation of the DoD 5220.22-M standard, which specifies a different, certified procedure. Organisations with a compliance requirement for that specific certification should treat this feature as a strong general-purpose overwrite, not a certified equivalent, and verify independently if certification is required.

07

Limitations on solid-state storage

Overwrite-based secure deletion was designed for the physical behaviour of magnetic storage, where overwriting a sector reliably destroys the previous data. On solid-state drives, wear-levelling firmware can relocate data to different physical cells, and TRIM can mark blocks for erasure independently of an application-level overwrite. As a result, an overwrite pass on an SSD provides a weaker guarantee than on a traditional hard disk. For SSD-resident sensitive data, full-disk or file-system-level encryption is a stronger control than file-level secure delete.

08

Data handling and network behaviour

No file name, hash, path, or content is transmitted off the host machine at any point in the scan, review, or deletion workflow. The application performs no network calls during these operations, and is fully usable with networking disabled.

Have a specific compliance question?

If your environment has a specific secure-erase certification requirement, talk to us before relying on this feature to satisfy it.

Talk to the team that actually builds the software.

Pilot deployments, volume licensing, product demos, security questionnaires — all handled by engineers and product leads, not a routing layer. We respond within one business day.

Schedule a discovery call
Half-hour walkthrough with someone who built the product — no sales script.
Run a pilot deployment
Full-feature evaluation with guided install, configured for your environment.
Email us directly
sales@royalsoftworks.com — we respond within one business day.

Send us a message

Leave your details and we'll follow up within one business day.