Local-first & open source

Old Windows drive?
New Mac?
Open it safely.

Import what matters. Encrypt everything into a vault you can use anywhere. No cloud. No tracking. Your files, under your control.

Download CLI See how it works
terminal 
$ fordan scan /dev/disk2
✓ Mounted read-only (NTFS, 931 GiB)
  Source checksum: blake3:a7f3…

$ fordan import /dev/disk2 --select "Documents/**,Photos/**" --vault ~/my-vault
Importing 4 812 files…
✓ Import complete. Source disk: untouched.

$ fordan encrypt ~/my-vault
Encrypting with ChaCha20-Poly1305…
✓ Vault sealed. Carry it anywhere.
Read-only source access
ChaCha20-Poly1305 encryption
BLAKE3 integrity checks
Zero network calls

How it works

Four steps. All local. Source disk never written to.

  1. 01

    Scan

    Fordan mounts your NTFS or FAT32 drive in strict read-only mode, walks the directory tree, and checksums every file. The source disk is never touched again.

  2. 02

    Browse & Select

    Use the interactive file browser or glob patterns to pick exactly what you want. Documents, photos, old projects — you decide what comes with you.

  3. 03

    Import

    Selected files are copied into a local vault. Before and after checksums confirm the source is byte-for-byte unchanged. Nothing is moved or deleted.

  4. 04

    Encrypt & Carry

    The vault is sealed with ChaCha20-Poly1305, keys derived with Argon2. One portable directory. Opens on Mac, Linux, and Windows — no special software to install on the destination.

Built for trust, not convenience

Every design decision puts your data's safety first.

Truly read-only

The source volume handle has no write API. The type system makes it structurally impossible to accidentally write to your old drive — not just by convention.

Vetted crypto only

No homebrew ciphers. Fordan uses audited RustCrypto crates: ChaCha20-Poly1305 or AES-GCM for encryption, Argon2 for key derivation, BLAKE3 for hashing.

Portable vault format

The vault is a self-contained directory with a versioned, documented binary format. No OS-specific quirks. Move it to any machine and it just opens.

Tamper-evident

Every encrypted artifact in the vault carries an AEAD authentication tag. The verify command re-checks every tag — a vault that cannot be fully verified is treated as corrupt.

Zero telemetry

The core library and CLI have zero network calls. No analytics beacons, no update checks, no phoning home. Your file names and metadata never leave your machine.

Integrity first

Import records source checksums and verifies them post-copy. Recover decrypts and compares every artifact against its stored hash. Byte-for-byte fidelity is the acceptance gate.

Ready to rescue your drive?

Fordan is open source, free, and built to stay that way.

Download CLI View on GitHub