Since FDE encrypts unused disk space and all the disks space in general,
this would make the use of wipe-tools like open source Eraser in theory
no longer essential, but this wont keep anyone who has stolen your
pre-boot password (or forcing it out of you) from restoring any of your
previously deleted files which where not wiped. Ive tested it myself by
first fully encrypting my disk and then normally delete some random
files, then I checked the amount of restorable files, changed the
pre-boot password, rebooted and checked again for restorable files and
counted the files again and the numbers matched exactly, confirming this
simple theory.

So with a security and privacy prospective in mind, this solution is no
longer as attractive as it first seemed, if you want to make sure your
files are gone, a ++ solution would be a better idea but....

My question is: Can one still remain using Eraser or likewise tools in
conjunction with Full Disk Encryption without having as a consequence,
data corruption due to the wiping of unused disk space and or file's in
general.

Ive done allot of direct searches on multiple security and privacy
related forums like this one, without ever posting the direct question
myself, because my credo when it comes to Internet information gathering
is, don't post before you search, because it is irritating when forums
are flooded by the same questions over and over that are already
answered. This time I didn't came up with right answer to mine. Probably
because text that has anything to do with these sort of peculiar
subjects get removed or mysteriously vanish from web pages (not all),
including google's cache, or when using particular search terms the
results are deliberately made hard to find via search engines.

consider this:

its easy to dig up several revisions of previously deleted files, hence encrypting your drive without wiping it first is useless since the unencpryted material is freely available. i usually generate blocks of 2gb openssl tables and write them randomly to disk, it works fine and the entropy is good enough.

wiping from outside the encryption is useless, since the files are already heavily encrypted (i presume?) and wiping outside can possibly wreak havoc.

if you're dead set on wiping your files, it would have to be inside the crypto...

I was talking about wiping files with tools like Eraser from inside the already Fully Encrypted Disk's operating system, and the possible consequences to file integrity and damage when using both. If it is possibility to use both without having this problem scenario, please reply. :)

Because.

Rephrasing : "Since FDE encrypts unused disk space and all the disks space in general,
this would make the use of wipe-tools like open source Eraser in theory
no longer essential, but this wont keep anyone who has stolen your
pre-boot password (or forcing it out of you) from restoring any of your
previously deleted files which where not wiped. Ive tested it myself by
first fully encrypting my disk and then normally delete some random
files, then I checked the amount of restorable files, changed the
pre-boot password, rebooted and checked again for restorable files and
counted the files again and the numbers matched exactly, confirming this
simple theory."

well, running your disks in a crypto loop isn't supposed to help against recovering data if they have the correct key.

so now, you'd have to wipe.

the purpose of a loop is that without the key, the assailant can't access your files in case of you loosing your laptop, or similar scenario.

as long as you wipe inside the loop, i forsee no problems.

{QUOTE-> well, running your disks in a crypto loop isn't supposed to help against recovering data if they have the correct key.

so now, you'd have to wipe.

the purpose of a loop is that without the key, the assailant can't access your files in case of you loosing your laptop, or similar scenario.

as long as you wipe inside the loop, i forsee no problems. <-QUOTE}

I understand I have to wipe and what Cryptoloop is used for years before I started this topic, but it seems that you presume that when I'm talking about wiping unused disk space or individual files, I mean wiping the whole disk without leaving any file, or an operating system running. This is not the case! I would like to know if the use of tools like Eraser whilst having the disk fully encrypted remains to be possible without causing any damage of individual files or the overall file- systems integrity on the present encrypted disk. To put it simple, are they compatible together? Yes or no and why.

I've used Eraser with WDE for a while with great success. No flaws yet.

The operating system doesn't know the disk is encrypted and neither does the filesystem. Those things act transparently. Considering there are entirely independent actions, there shouldn't be any reason you can't wipe the files out. One must also assume that files deleted even under WDE are still as recoverable according to the way you deleted them. So if you normally just wipe it from the file table like a normal delete, and encrypt that, decrypted it is just as recoverable until the freespace is over-written. If you wipe it, and it is encrypted, and decrypted, it is assuredly lost. Just consider them independent events and the conclusion is obvious: if someone has your pre-boot password, they can decrypt the drive and try to do recovery against the "unused" (but previously encrypted) diskspace.

So? Use eraser on sensitive files, and to a freespace erase periodically.

{QUOTE-> this would make the use of wipe-tools like open source Eraser in theory
no longer essential, but this wont keep anyone who has stolen your
pre-boot password (or forcing it out of you) from restoring any of your
previously deleted files which where not wiped. Ive tested it myself by
first fully encrypting my disk and then normally delete some random
files, then I checked the amount of restorable files, changed the
pre-boot password, rebooted and checked again for restorable files <-QUOTE}
I am awaiting the new truecrypt... they announced january 2008.
Beside why wiping? Shift/Move all your files from one hd to another. So you don´t need to wipe in case you want to sell your harddisk.

Re:XeroBank

I knew all this before I started the topic, The only reason for it was to get reassurance that when you erase the "unused disk space" and I mean particularly the unused space with a tool like Eraser on a FDE, it wont effect anything. I count this as a No, thank you for the clarification of things.

P.S With Eraser I don't use the wipe "first and last 2k" with huge files or any, because it seems to effect my file system in a way that is becomes corrupt on the long run. Maybe because bad sector repair tools try to recover them or sees them as bad sector files. So its not directly Erasers fault.

{QUOTE-> I am awaiting the new truecrypt... they announced january 2008.
Beside why wiping? Shift/Move all your files from one hd to another. So you don´t need to wipe in case you want to sell your harddisk. <-QUOTE}

Shif/move of unused space? Id rather use DBAN.

{QUOTE-> Re:XeroBank
P.S With Eraser I don't use the wipe "first and last 2k" with huge files or any, because it seems to effect my file system in a way that is becomes corrupt on the long run. <-QUOTE}

Yes, my vote counts as a "No". And I use frequent pseudo-random data wipes of clear space.

{QUOTE-> Yes, my vote counts as a "No". And I use frequent pseudo-random data wipes of clear space. <-QUOTE}



Yes, I always used 1pass for unused space on systems who didn't use FDE regularly, but now I'm sure I can do it on the FDE ones also. And about 33passes pseudo-random for really privacy sensitive preselected files. (vote :) )

but if you understand what a cryptographic looping file system is, why do you keep asking the same questions :blink:

as i've tried to explain, and as xerobank also said, the loaded operating system has no clue that anything odd is going on, it's transparently handeled.
you can wipe, format, move, do whatever you want and it will react exactly the same as if it was a completely normal installataion (albeit a little bit slower)

{QUOTE-> but if you understand what a cryptographic looping file system is, why do you keep asking the same questions :blink:

as i've tried to explain, and as xerobank also said, the loaded operating system has no clue that anything odd is going on, it's transparently handeled.
you can wipe, format, move, do whatever you want and it will react exactly the same as if it was a completely normal installataion (albeit a little bit slower) <-QUOTE}


First Don't blame me for you not fully understanding what this topic was all about!

I didn't ask the same questions, but had to rephrase everything that you did not get. I did not receive straight answers from you, on the thing I was specifically referring to . Xerobank was able to give relevant answers because he seemed to understand what I meant. You were talking about definitions and other off-topic things. Maybe next time, reading more carefully and not jumping to conclusions, wont give this sort of miscommunication. :-\

*shrugs*
i do apologize for being unclear. i tend to give specific answers to specific questions. not necessarily good answers, just correct answers :ouch:

{QUOTE-> but if you understand what a cryptographic looping file system is, why do you keep asking the same questions

as i've tried to explain, and as xerobank also said, the loaded operating system has no clue that anything odd is going on, it's transparently handeled.
you can wipe, format, move, do whatever you want and it will react exactly the same as if it was a completely normal installataion (albeit a little bit slower) <-QUOTE}Sounds good hopefully truecrypt 5 will prove that.

Im comparison to the freeware utility RESTORATION of which many of you are surely already familiar with, does the same apply?

And to draw an opinion, in your estimation is RESTORATION's "Delete Completely" just as effective as ERASER's wipe free space or no, and if not please point out those specific differences.

Great topic and discussions, thanks

EASTER

{QUOTE-> And to draw an opinion, in your estimation is RESTORATION's "Delete Completely" just as effective as ERASER's wipe free space or no, and if not please point out those specific differences. <-QUOTE}Focusing on the wipe feature, operationally the difference really just seems to reside in the wipe methods applied by the two programs (random numbers then zeroes for Restoration, a number of defined protocols for Eraser). For current technology drives, if you're a government body with access to very significant resources, you might to able to pull out a difference, but even there it would be a shot in the dark. For anything less than recovery of some else's closely guarded state secrets, forget it. The end results are the same.

There are other reasons for using one of these applications or a commercial package. However, that has to do with other features.

Blue

at a first quick looksie i couldn't find what algorithms 'restoration' uses, but 'eraser' on the other hand uses the gutmann theory for erasing and that's pretty good in my book.

{QUOTE-> at a first quick looksie i couldn't find what algorithms 'restoration' uses, <-QUOTE}I saw reference, attributed to the program author, to a description where he specifically mentioned "random numbers then zeroes" and that's a detailed as it gets. The zeroes I can confirm. The random numbers I assume, but are not needed.
{QUOTE-> but 'eraser' on the other hand uses the gutmann theory for erasing and that's pretty good in my book. <-QUOTE}With current technology drives, it has no absolutely downsides aside from time spent on the process. However, it is overkill with respect to wiping the disk. It made some sense when the technology involved MFM/RLL encoded disks. That's no longer the case. It's not bad, it's just not required.

Blue

i seem to remember somebody managing to resture up to 7 random layers of a hard drive, due to magnetic residue on the actual platters.

obviously, this is really not needed for home users, and the tools that might be able to really dig deep aren't freely available. i agree it's overkill, but i still like having the capability. :)

{QUOTE-> i seem to remember somebody managing to resture up to 7 random layers of a hard drive, due to magnetic residue on the actual platters. <-QUOTE}Not with current drive technology. People speculate that magnetic force microscopy or similar technology could work, but there are severe throughput issues even if the mechanics to perform it were readily available. For a reasonable discussion from an industry perspective, see here (http://www.actionfront.com/ts_dataremoval.aspx#Overwriting)

Blue

Thanks BlueZannetti for the input.

So it seems BOTH programs function somewhat similarily in some respects, difference being ERASER is been fashioned to be multi-equipped with additional wipe methods intended strickly for wiping purposes whereas RESTORATION doubles as a file recovery program of sorts to attempt restoring of still recoverable files on disk, as well as overwriting files/clusters from already deleted material still identifiable as well as removing/changing references to the same of file name records.

RESTORATION then can be said to be single dimensional in that respect to it's DELETE COMPLETELY method as opposed to ERASER'S several forms in which to select from.

My purpose to this is always been performance GAIN with this routine, and contrary perhaps to popular belief, i certainly notice a snappier increase in responses all across the board after every complete run although occasionally LENGTHY process.

Of course, that is but a brief short-lived measurable gain in that respect since accumalation of files begin yet again in earnest due to Windows own moving of files into that same delete area as well as user activity and any deleted/erased files also build up and add to it again. Is it at all practical to task disk activity repeatly like this on a daily or weekly basis this way? Maybe not. But depends on just how durable the hard drive componants can withstand this repeated wiping technique.

{QUOTE-> My purpose to this is always been performance GAIN with this routine, and contrary perhaps to popular belief, i certainly notice a snappier increase in responses all across the board after every complete run although occasionally LENGTHY process. <-QUOTE}
I'm curious about how you can obtain a noticeable performance increase merely by wiping the freespace, which is what I assume you are mainly doing. What is your protocol? Are you wiping the cluster tips? Do you follow the wipe with a defrag? Can the performance increase be measured?

{QUOTE-> i seem to remember somebody managing to resture up to 7 random layers of a hard drive, due to magnetic residue on the actual platters.

obviously, this is really not needed for home users, and the tools that might be able to really dig deep aren't freely available. i agree it's overkill, but i still like having the capability. :) <-QUOTE}

ethernal, Just to save you some time (35 passes takes a while!), even Gutmann himself says that with modern drives that his 35-pass method is no better than a few random passes.

Epilogue to Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann

"In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do."
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

funny how people quote me without reading what i said. i'm not saying you should use it, i'm saying "i like to have the capability". that does NOT automatically mean i use it all the time.

7 pass random data is more than enough for anyone.

{QUOTE-> 7 pass random data is more than enough for anyone. <-QUOTE}The underlying question is whether 1 pass is enough. Are there any cleanly documented cases, using modern capacity and encoded drives, in which once overwritten data has been restored?

Blue

{QUOTE-> The underlying question is whether 1 pass is enough. Are there any cleanly documented cases, using modern capacity and encoded drives, in which once overwritten data has been restored?

Blue <-QUOTE}

I agree completely, Blue. The answer - I believe - is no.

{QUOTE-> I'm curious about how you can obtain a noticeable performance increase merely by wiping the freespace, which is what I assume you are mainly doing. What is your protocol? Are you wiping the cluster tips? Do you follow the wipe with a defrag? Can the performance increase be measured? <-QUOTE}

You're not alone and i wish we had a disk expert who could explain it with precise details why, but again, every time a simple wipe is finished the system responds to that with enough pep that i make it a regular routine. And yes of course, defrag also contributes to this. But can the performance incresed be measured? Only one defrag app i have tried seems to indicate this by employing as one of it's features a percentage % display. But like you, i also would envy a more devisive answer by some other form of measuring (app maybe?)

Still, i like & enjoy those gains even though i can only speculate that somehow, maybe in similar fashion as after running a full D-Ban or HDDERASE, enough clutter as i call so-called delete material on disk, it creates a repeated even pattern that helps the Windows system itself ignore stumbling over readable data, no matter how tiny, thereby eliminating hesitation which affects of course performance or speed.

I told you, i'm only speculating here on that, but my end results of that routine remain real.

Any extra info at the link below?
{QUOTE-> Every few months, a slow news day leads to somebody, somewhere, buying an old PC, hard drive, or flash memory card off ebay, and then writing a story about how they were able to restore all the files that the previous owner had tried to erase prior to selling.

If you want to sell hardware and you're not sure how some people can recover data from supposedly-erased hard drives, this article is for you.

I'm going to use this diagram to explain the whole thing: It represents data stored on a PC filesystem, such as a hard drive or Flash memory such as you get in digital cameras. It's hugely reduced in size (even a floppy disk would be more than 2000 times bigger than this!) to simplify the explanations, but it's good enough to illustrate the principles: <-QUOTE}
Why Deleting Just isn't enough (http://geekblog.oneandoneis2.org/index.php?blog=6&title=why_deleting_just_isn_t_enough&page=1&more=1&c=1&tb=1&pb=1&disp=single)

{QUOTE-> Any extra info at the link below?

Why Deleting Just isn't enough (http://geekblog.oneandoneis2.org/index.php?blog=6&title=why_deleting_just_isn_t_enough&page=1&more=1&c=1&tb=1&pb=1&disp=single) <-QUOTE}
Good article Franklin, I thought this bit was particularly worth bearing in mind.
{QUOTE-> Because Windows locks the files that it is currently using, and all OSes tend to write to the disk from time to time, you can't do this from within a normal OS. <-QUOTE}

{QUOTE-> Any extra info at the link below?

Why Deleting Just isn't enough (http://geekblog.oneandoneis2.org/index.php?blog=6&title=why_deleting_just_isn_t_enough&page=1&more=1&c=1&tb=1&pb=1&disp=single) <-QUOTE}

Basically, all that says is 'deleting' isn't enough. You have to 'wipe' or 'shred' or 'erase' (pick your favorite term) a file. Most everbody here knows this, I do believe. There is always discussion concerning this. Deleting is never enough. Wiping with ERASER achieves exactly what the article says is the goal.