We all value our file and free space erasers. But how well are they working?

Here is a link to a program called "File Recovery" from LC-Tech (forensics stuff).
http://www.lc-tech.com/filerecovery.asp
There is an unlimited demo for the program, no time limit at all. However, it can only find the files and not undelete them in the demo. But again, you can use the program all you want to do a drive/folder search, which is perfect for testing how well your wiping program of choice is working. I use Sami Tolvanen's Eraser and always end up with a blank screen in my tests with this product. But, I tried this new "Internet Sweeper" program and EVERYTHING it "swept" from my temp internet cache came up with enough of it unwiped that it was all rated as *"good" in prospects for recovery.

Here's the best way to test:

1. Surf for a while and pick up some cookies, fill up the cache with enough gif's and all. News sites are good, like CNN.
2. Run "File Recovery" and select "Open"
A: Find the drive your cookies and cache is on.
C: Change the radio button to search specified directories. Select Windows/Temporary Internet Files (or wherever your cache resides) and check the box for subfolders.
D. *Uncheck the "include zero byte" files. (you will only see unwiped files this way.)
E. Run "File Recovery"
F. It's that simple!
G. Do the same for the cookies.

Did your wiping program measure up?

"File Recovery" is the best for this. It is an excellent tool. Run these same tests with UNDELETE from Norton or several others and they'll show the data as gone. Run "File Recovery" and - surprise!

I hope several will actually do this and post the results. "Internet Sweeper" failed badly, as did two different products I have from Access Data: "SecureClean" and "CleanDrive."

"Eraser" (Gutmann's 35-pass) and "Window Washer" (set at 10 wipes) passed easily. I know there are many other programs in use and I would be interested to see some good, honest results after a good wipe and then being subjected to "File Recovery." You may be surprised. Example: I have a copy of Evidence Eliminator (I know, I hate the company, too.) *Every file came up as an "excellent" candidate for recovery - that's after their "defeat forensics" wipe. What a joke! Of course we all knew EE was a joke if you've read the massive material at Radsoft's *"EE Documents"
http://www.radsoft.net/resources/software/reviews/ee/
or
"The EE Files"
http://badtux.org/eesucks/

Hope to see some results. This could be interesting and helpful. Oh! If your wiper allows you to select the number of wipes, be sure and max it out for the ultimate test.

John (working late in the mad scientist's laboratory) *:)

John, two questions:

What actual data have you managed to recover after using "failing" wipers? *Is the claim that the data is recoverable actually and demonstrably true?

Have you tested FileVac? *(Personal interest here, since I bought a license.)

Gross thanks.

John,

Worthwhile post indeed!

regards.

paul

VERY GOOD question, Checkout. I should have mentioned you can undelete files up to 10K in the original post (and test it that way), but I'm glad I didn't! I just downloaded the latest version (didn't know they had a version later than mine) of "File Recovery" and it let me undelete whatever I wanted. Go ahead and hit the "undelete" and define a path and it WILL recover the file. I just tried 5 gif's and jpg's that were supposedly "wiped" by "Internet Sweeper" and all came up fine in my graphics program. Scary. let me know what happens with yours.

Paul, Thank you for the comment. I have had an eye-opening evening!

John (still awake and working in the mad scientist's laboratory....my computer)

Check: You asked about FileVac and I didn't answer. I'm sorry, I don't have the program.

How's that for rule #7? *:)
I'm trying!

John

-{ Quote: "Check: You asked about FileVac and I didn't answer. I'm sorry, I don't have the program.

How's that for rule #7? *:)
I'm trying!

John" }-
I wish I had a copy of S&W here so I could print the rules in Ten Forward!

More seriously, I hope Isman will take all this constructively and offer some thoughts in his own section. *It's an important, nay critical, feature.

-{ Quote: "More seriously, I hope Isman will take all this constructively and offer some thoughts in his own section. *It's an important, nay critical, feature. " }-

:-[
Geesh....I honestly didn't know I was hitting so close to home. I rarely go up above the privacy stuff and Ten Forward. I had no idea the official Internet Sweeper Forum is now located here on Wilders. I saw Internet Sweeper in today's issue of LockerGnome's Windows Daily...it's the second download listed after Chris' letter.
http://www.lockergnome.com/issues/daily.html

Well, that's what happened, so I guess there's no use feeling embarrased about it. Maybe it's something that just needs some fine tuning.
:-/
John

I wonder if the problem with failing wipers is that they fail to write through cache, and consequently wiping memory instead of disk. *There again, I would have thought that was too obvious....

Now, of course, I'm worried that FileVac might not be working, but I don't want to buy a recovery utility just to test it - I would only do that if I was testing/comparing a range of products.

What's your recommendation for a free wiper to augment FileVac? *(Just in case! *I hope somebody else can confirm FileVac and IEClean's performance independantly here!)

Hey! *500+ posts and still only four stars!

This is an important retraction of sorts.

After communicating with Brett Emery he told me that the default setting for "Internet Sweeper" is a simple "empty" of the files and NOT a wipe. You have to go to "Other options" and then CHECK the "wipe" function. He told me it is just a one-pass wipe, so I don't understand why it is not the default. I asked him this and he said because thousands of files would take forever to wipe if it was the default and would take a long time. Actually, I just filled my cache up with over 2000 items and it did it's one-pass thing in less than 20 seconds. Also, most all people using a tool like this would not allow their cache to become that packed out before running the program. Anyway, at one-pass it wouldn't take long at all. If you need more protection than a one-pass wipe -- you might look elsewhere. If one-pass is OK for your needs "Internet Sweeper" seems to do the job and do it well.

Thanks to Brett for getting back to me in a very timely fashion. He was also friendly in his communication.

It all comes down to the old "Who do you need to protect yourself from? The kid sister, the nosy neighbor with some computer skills or "BIG BROTHER"??? For the first two, one-pass is fine. For the third - no way.

John

There's a problem with many - maybe even most - products. *It's the nature of software development.

Developers, with rare exceptions, fail to consider ergonomics, usability and perception when realising their ideas. *Usability is the worst offender - developers, like any other human beings, make the assumption that users will instinctively understand how to use a program. *It's almost impossible for a developer to look at their own code as if they had never seen it before and didn't understand. *Consequently they write documentation and interfaces according to their own understanding, not that of the users.

Ergonomics are sacrificed by placing safe defaults instead of sensible defaults, by using obtuse labels in documentation and config files. *Should I set or reset the SchwampThrobble Indicator? *Huh? *Whassat? *Again, entirely understandable that a developer could fail to realise that his terms of reference aren't commonly shared.

Naively, users (bless 'em) often read into the program's functionality what they'd like it to do rather than what it actually does. *In the case of IS, I think I too would assume it to do a DoD wipe at the very least - am I getting protection or semi-protection? *Am I defending myself against a knowledgeable user or the sales guy at the next desk?

Developers need to learn the hard lesson that software must be written backwards from the interface, not write code and shoe-horn an interface onto it. *That the problem must first be understood and the interface for solving it developed with the people who are experiencing the problem before a single line of code is laid down.

In this industry, very often a cottage industry, developers are solving problems that they have experienced, and then selling or giving away their results. *However, they're repeatedly making the same mistake of writing code primarily for themselves, not for others, and will always fall into the trap of short cuts, insufficient error handling, and lack of documentation.

And there's another Golden Rule: *nobody who writes code should ever be allowed to test it themselves. *It is human nature to test one's own code for success instead of failure.

[hr]
Edit for typos and clarity
[hr]
If anyone's listening, I'm willing to discuss design and testing commissions.... * :)

-{ Quote: "VERY GOOD question, Checkout. I should have mentioned you can undelete files up to 10K in the original post (and test it that way), but I'm glad I didn't! I just downloaded the latest version (didn't know they had a version later than mine) of "File Recovery" and it let me undelete whatever I wanted. Go ahead and hit the "undelete" and define a path and it WILL recover the file. I just tried 5 gif's and jpg's that were supposedly "wiped" by "Internet Sweeper" and all came up fine in my graphics program. Scary. let me know what happens with yours.

Paul, Thank you for the comment. I have had an eye-opening evening!

John (still awake and working in the mad scientist's laboratory....my computer)" }-
:)


I wonder how well it will recover a stego'd .gif? Take one from my site and try it out, email me the recovered file and I will check (if you don't want to go to the trouble of learning/breaking the stego).....

This one is in Round 2 of my wargames, use it, then email me the recovered .gif:
http://www.internetwarzone.org/images/reddawn.gif


--
Colonel Flagg
colonel_flagg@internetwarzone.org

************************************
* * * steganography technology *embeds a secret message into a user selected image file * * * *

*************************************


* * * CF

* * * have you any particular reason for thinking that it could not be wiped.......just wondering.?


* * * * * * * * * * * * * * *snowman

* *Col F

* * oh I forgot to mention.....your webpage wont show on my computer.......



* * * * * * * * * * * * snowman

* *Steganography is one of the lesser known *forms of cryptography (encryption) *The technique is relatively fragile. * one example of its use is "watermarking" trademarks\copyrights...... hidden messages in e mail, etc

* *jpeg *bmp gif *images ........wipe\recovery should apply. *


* * * * * * * * * * * * snowman

I'm not at all happy with the idea of steganography. *I doubt if any serious forensic technician would be fooled for very long - inappropriate image sizes would be a dead giveaway. *Anyone who keeps sensitive data stegoed on their machine is ultimately vulnerable to new and upcoming audit tools.

So why keep all the data on a local disk? *It's so much more secure to distribute the data and keys separately. *For example, let's say we've got a picture (a) of my favourite dog. *Also, a picture of a daisy (b) and both pictures are the same size.

All we have to do it eXclusive OR (a) and (b) to produce a new object (c). *We can now delete sensitive picture (a) completely, because we can recover it by XORing (b) and (c). *If we then move (c) to somewhere remote, say a freebie website, then all a forensic technician would find is a picture of a daisy (b). *All anyone at the freebie website would find is a file of seeming garbage (c). *Only you, knowing that (b) and (c) are related, could ever recover the puppy (a).

Simple logic, this, and it works for any object - text, executable, image, whatever. *What's the big deal with steganography? * :-/

-{ Quote: "What's the big deal with steganography? " }-

ask a steganosaurus.

snicker.

* * * Checkout

* * * *thats what I was wondering..."whats the big deal with steganography" * * *Even the color of the image used can effect it........

* * * *personally I don't download anything from unknown sources.....safe computing I think its called.

* * * *no offense intended ......Colonel.

* * * * * * * * * * * * * * * * *snowman

-{ Quote: "

* * * Checkout

* * * *thats what I was wondering..."whats the big deal with steganography" * * *Even the color of the image used can effect it........

* * * *personally I don't download anything from unknown sources.....safe computing I think its called.

* * * *no offense intended ......Colonel.

* * * * * * * * * * * * * * * * *snowman" }-


Gonna answer all questions in this post:


Steganography \Steg`a*nog"ra*phy\, n. [Gr. ? covered (fr. ? tocover closely) + -graphy.] The art of writing in cipher,
or in characters which are not intelligible except to
persons who have the key; cryptography.


Snowman:

> have you any particular reason for thinking that it could not be wiped.......just wondering.?

Well, honestly, no.... just a thought. I have heard of new audio files with stego data inside, when played and monitored with a spectrum analyzer, they will display say a "smiley face". When transfered/encoded to say an mp3 file, the smiley face disappears....

just kinda wondering if the same thing may occur.

as for my webpage not showing... works fine for me on Linux/KDE 2.+/Konqueror, Mozilla, Netscape.... XP/2k IE 6.0, Opera, Netscape, Mozilla. Maybe it's a DNS issue. Try it again... Your DNS servers may have grabbed the IP's.


Everyone else:

Steganography, used as a personal encryption method, while it has a small niche isn't truly efficient. The most effective way to use steganography would be to simply tell someone to monitor a certain site for a certain pic... say you are a reporter for the BBC, you are also an espionage agent for Country "X". You pass info through your website articles. Every once in awhile, you add a pic to your article. You simply add the stego material to the pic and pass it to your operatives or whatnot. (Just an example of course).


--
Colonel Flagg
colonel_flagg@internetwarzone.org

-{ Quote: "You simply add the stego material to the pic and pass it to your operatives or whatnot" }-

what is a "whatnot"? Are they dangerous? Can they "stego" me back?

Lego-my-stego!

-{ Quote: "

what is a "whatnot"? Are they dangerous? Can they "stego" me back?

Lego-my-stego!" }-
You've lost the plot, Uni. *A Stego is a small plastic brick which fits onto other small plastic bricks, but hollow so you can hide a small message inside each one. *In Denmark there's a place called Stegoland where lots and lots of stegos are built into actual working motor cars and artificial women for the long journeys and cold nights. *A Whatnot is when you get given a huge box of stegos and you wonder what you're going to do with them. *Now you know what to do and whatnot to do.

The thing you need to bear in mind about women made of stegos (whether you construct them yourself or buy them ready made) is that the secret message inside all of them is the same: *"Well, if you don't know, I'm not going to tell you" which has defeated all attempts to decode, even by the FBI and Disney.

You are better off standing still (as still as possible) and using stegos to armour yourself. *You can become a superhero that way (the colours are just right). *Don't make any sudden movements. *The entire population of Canada is known to do this once a year, on National Canadian Stego Day.

Firewalls are easy to construct, although stegos melt if they get too hot. *Kerio Personal Firewall is yellow, while Zone Alarm is that horrid green. *TDS (yes, stegos can be formed into anti-trojans too) are a combination of all four colours because DCS approaches each trojan from all possible angles, and BOclean is permanently set on red. *Evidence Eliminator just falls apart when you try to use it, so beware.

When at last all your stegos are worn and tired, recycle them - perhaps a nice crunchy red wine is your choice?

Stegos are our friends. *They're the choice of the nineties. *In Sweden they have to have their headlights permanently on, by law. *You know it makes sense.

:)

;D

Wow, what an eye opener, luv2bsecure. *I downloaded a demo copy of "File Recovery 98" by LC Tech and applied it to some files deleted by Windows, of course we know those files were recoverable. *I also applied File Recovery 98 to some files wiped by a program called "Mutilate File Wiper" by Craig xx. *Ooops, they were easily recovered. *I wiped same files with Sami Tovenson's "File Eraser" v 5.3. *Could never recover the files erased by Sami's File Eraser. *If recovery is possible, I could never find a way. *I am really happy that File Recovery 98 is available for testing purposes. *It is so nice to see for myself if some of the wild claims put forth by some of these vendors really hold up.
Btw, I do have a 30 day fully working demo copy of "Evidence Eliminator." *Didn't cost me a dime. *After all I have heard about this product, nope, not going to buy it. *I have yet to try File Recovery 98 on files deleted by EE. *My gut feeling is this will be a big disappoinment. *BTW, EE, as far as I can determine to this point, has neither harmed my machine nor deleted anything I didn't call for to be deleted. *So, I can't complain there.

Can anyone else suggest any other bulletproof file erasers out there, things really that WORK and render files unrecoverable? *NOT the hype and BS that some vendors are selling us.

Thanks lub2bsecure for a very informative post

GrayD - Welcome to the forum!

You can try NecroFile, from here: http://www.necrocosm.com/nfinfo.htm . Pete

Hi Gray!

Disk Wipers. Bring this topic up and you'll get a hundred opinions.

To be honest, I know nothing about the one mentioned by Pete, Necrofile. I went to the website and there is no mention anywhere of the method(s) used. It sounds interesting because of the claimed speed, but honestly without understanding the method it's hard to recommend. I wouldn't trust but just a few programs available among the hundreds available. Sami Tolvanen's ERASER is at the top of the list and is cited year after year by attendees of ISSA conferences as the "Disk Wiper of Choice." ISSA, by the way, is The Information Systems Security Association. I have only been to two of their conferences, both focusing on encryption. But our department chairman attends practically all of them and says it's always a topic that always comes up (like it did when I have been) and Sami's ERASER is always the one most often mentioned.

For one thing, Sami Tolvanen is a genius. He has been a programming pro in Finland since he was about 20. He studied at the prestigious Tampere University of Technology and is now a 25 year old genius. There is no question about his credentials and the respect he has.

The 35-pass Gutmann method is recognized as the most secure erasing option available. The 7-Pass and 3-Pass DOD methods are based on standards outlined in the Department of Defense Manual 5220.22 M . You can feel secure with these methods. The Gutmann is in a class by itself though. The data area (or freespace) is overwritten 35 times. This method uses psuedorandom data to overwrite the drive and then overwrites the drive based on the different and unique encoding algorithms used by various hard drive manufacturers, RLL (Run Length Limited), PRML (Partial Response, w/maximum-likelihood), and *MFM (Modified Frequency Modulation).

With ERASER you can select any of the above methods. Sami is no longer associated with his own program. He has given it up and moved on to other things. With the GNU General Public License, the program source code will continue to be available and developers can continue to improve it. The new maintainer of ERASER is a neat guy named Garret Trant. He has the new ERASER website up and running now at *

http://www.heidi.ie/eraser/

This is probably MUCH more than you wanted to know, but encryption and data privacy is my passion. I know little else about computers beyond the basics, but I can talk encryption and privacy all day. I am at UCSD in San Diego. If you would like further information on anything I have mentioned, feel free to write me!

John
Luv2BSecure

I just finished the above post and it didn't take long to get an email mentioning that ERASER was reviewed in PC Magazine just last week
http://www.pcmag.com/article/0,2997,s=1647&a=26631,00.asp

John

* * I've been using Eraser 5.3 for some time now.
Recently I tried another file wipe utility called "Clean Disk Security". It has a few more options than Eraser, that I like. Clean Disk also lets you view deleted files as well. So, after I wiped some files (DoD 7 pass) with Eraser , I ran Clean Disk's "view" tab which lets you take a peek into your HD and shows all files and directories, and deleted files. Clean disk also has a small undelete option which lets you view "deleted files"
* Ok, so after wiping some files with Eraser, I than went to Clean Disk and it's "view" option and I found the directory/name *of the "wiped Eraser" file, but the file itself was wiped and unrecoverable. Than I used Clean Disk's "erase names of all deleted files tab" to get rid of the file name.
I like Eraser, but why did it leave behind the "file names" of wiped files ?
*Any comments on Clean Disk Security ?
* * * regards, * *
* * * * * * * * * *bill * ;)

John - If you have any spare time this weekend, could you put NecroFile through it's paces and then try to do recoveries of anything that's been deleted?

The results might be interesting.

I'm sure you read in the readme that the suggested method to ensure best results was to (a) close all running programs (b) do a ScanDisk (c) run Necrofile (d) re-start and run ScanDisk and DD.

Time-consuming, but it sounds pretty thorough.

Is the method that important if the files DO wind up being non-recoverable? Pete

Has anyone here tried the file recovery after runninb BCWipe?
I wiped my drive with only one pass, and attempted to recover cache/cookies. All gone, not even a cookie crumb.

Just thought I'd let you know.

Cheers,
John

John - Thanks for the info! Anyone interested can get a copy of BCWipe from http://www.jetico.com/home.htm .

Note: This is NOT freeware, BTW.

L2BS - I got kind of tickled when I read this article:
http://online.securityfocus.com/news/459 , the lead paragraph of which was this:

"Meticulous notes recovered from his computer allegedly link the accused eBay hacker to intrusions at over one hundred universities and companies. Heckenkamp's family says he's the victim of a frame-up. A detailed personal log of computer intrusions recovered from the deleted file space on Jerome Heckenkamp's Linux box will serve as Exhibit A in the federal government's case against the accused super-hacker, according to newly-filed documents in the case." (Emphasis mine - Pete)

Here you have a hot-shot hacker who was apparently nailed due to the fact that (reading that particular sentence, anyway) he ONLY 'deleted' the log - he didn't even bother to TRY to erase it! (Lack of time when they kicked in the door, I wonder? Although it did state further down that he'd also burned a copy of the log to a CD - if time for that, why not time to 'erase'?).

Couple of VERY important lessons to be gleaned from that - NEVER keep anything on the computer that can come back to BITE you to start with! If, for some reason, you HAVE to, then for goodness sake set up your 'eraser' program to run as a scheduled task - DAILY!

I've gotta wonder how many people haven't ever even THOUGHT of turning OFF 'logging' in any and all IM programs they use - how many people don't even KNOW whether all their email is being copied either to their 'OutBox' or 'Drafts' folder (in plain text), simply because they've never thought to check/change the settings - how many realize that back-ups are made that are easily accessible to everything that passes through your email program, and how to find and empty them.

The WRONG time to be finding out about this kind of stuff is when someone sticks a hard copy of it in your face while asking you "You mean, you don't recognize THIS?"

Definitely something to ponder, people. Pete

Just wanted to say that I think this site is one of the finest in its field. I only discovered it a few days ago, and I am very impressed with it. Downloaded the VisualZone report utility for my Zone Alarm and all I can say is that I'm blown away by the reporting capabilities of this little add-on. Thanks a million!

One last note - I downloaded File Recovery demo for Windows, to test the capabilities of the BCWipe software. Now that it is all done with, how do I get rid of the File Recovery demo? There doesn't seem to be an uninstall utility, and the program doesn't show up in the Add/Remove section of my Control Panel.

Thanx in advance,
John :)

John - From the fileRecovery Readme:

"For the best possible results, extract the Recover.exe file,
the Filerecovery.chm file and License Agreement from the ZIP file to a
formatted floppy disk. Execute the Recover.exe from the floppy and choose
the proper work drive."

and

"DO NOT install Filerecovery for Windows® on the drive you want to recover
files from. By installing Filerecovery for Windows® on the work drive, you
run the risk of overwriting the data you want to recover."

I think you can simply delete the folder and then run jv16PowerTools or something similar to find and delte any remnants. Pete

Unforatunately the problem with saving anything to a magnetic disk leaves an image of itself for a long time to come. *Perhaps some programs on the market can recover them, but in the end.. even if a disk is burned, it can be sent to he best labs in the world for data recovery, all thanks to the image the original file left on the magnetic disk.

The only sure fire way to be certain something is off the disk, is to never put anything on it.

Outside of that, I've used Eraser for a while a year or two ago. *Excellent program.

Man I tell you guys must be physic ;)
I been doing alot of thinking lately on the file wiping stuff
too. In fact we have a company right here in Minnesota
that does that kind of recovery for the government.
Ontrac Data. I am sure you heard of them.
They been doing the recovery off the Terrorists drives;)
I beta tested Executive Softwares UNDELETE a few years ago and it worked pretty dang good.
It only works on Win NT,2000 and XP systems though.
Can you do your wipe and try it out to see how well it fairs?
I still have the program laying around ;)
AS far as deleting info on the hard disk not possible because it was stored magnetictly?
Wouldn't a huge electromagnet work ? ;)
I think it might.
Data recovery uses off trac and magnetic residence ;)
They also try various reconstructions by reversing the data bit logic levels.
The best programs would do all of the above just as the best protection software would do all in one package.

controler

controler - While someone may be able to help you out with that, please remember that they may not be willing to do so publicly - and you're not registered, so there's no way for them to contact you (hence, you may see no response at all).

Just something to think about. Pete

Hi

I registered along time ago, I just can't remember
my password. It was the default one the forum gave me
I have been to lazy to reregister. Can you pull that info back up or do I need to reregister?

Thanks *8)

controler - When you click the 'Login' button, you can either click on the 'Forgot Password' link, then type in the username you used to register and 'Send' or 'Enter' it (and it'll remail you your password or you can simply re-register (I tried inputting your 'controler' nic so it would automatically email you the password, but it wouldn't buy it on my end, said that that username didn't exist).

That's good, in a way, because that nic's still available - if you get the same message i did when you try to do the 'Forgot password' stuff, just re-register. HTH Pete

A LOT of discussion on this topic since I last posted just a few days ago! That's great! These topics help my blood circulate!!!

There's several things I wanted to mention and comment on, so forgive me for a possibly long post as I hit a little on many of the posts. One quick thing was way early in the thread when the subject of steganography came up I noticed a lot of negative comments on stego. I wasn't posting much then (didn't have time when the subject was being discussed) but this deserves more discussion maybe in a thread of its own. Steganography is an incredible and not to be dismissed piece of the arsenal in the fight for privacy and security. There are answers to all of the points mentioned as reasons for not being too serious about it. To be honest, a lot of what was being written was how I felt not that long ago. A lot has changed though. For now, I would suggest you go to http://www.camouflagesoftware.co.uk/ and play around with this VERY simple stego program. If you want to know it's safe and ok to experiment with, read this from the Sans Institute *http://rr.sans.org/encryption/camo.php

Ok, first to Pete - Was that not something else about the hacker not wiping his disk???? You wonder how somebody capable of all the other he is accused of didn't have the brains to remember the fundamentals. Why is it so often the fundamentals are forgotten and that's what causes so many security-related problems? My main drive with OS is in a very small partition, as is my data. The freespace of two very small partitions can be wiped, even with Gutmann in a short time. Using DOD 7-pass is a snap on small partitions. Remember, with Gutmann, it is the METHOD, not the number of wipes (the 35-wipes is, in reality, never needed), so it can be wiped just as quickly as a DOD method. Many people question me on this, but they only need to read Gutmann himself. In a recently added epilogue to his revolutionary paper, this is what he says to those who never took the time to read the original paper:

"In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all type of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any moderm PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."
-- from Epilogue to Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Many also don't know, and it's fascinating material, that Peter Gutmann wrote a follow-up to his "Secure Deletion of Data from Magnetic and Solid-State Memory" *in 2001. *It is called, "Data Remanence in Semiconductor Devices", and if you are interested it can be found here in .pdf *http://www.cryptoapps.com/~peter/usenix01.pdf


To eyespy: I am so glad you mentioned "Clean Disk Security." Now, there's another can't-go-wrong program. It is excellent and I wouldn't hesitate for a minute in using it. You are right about it having a few other features that are actually very important features. The most important, I think, is the excellent interface which allows a box to check for wiping the Windows swap file. For those who haven't used the program, it allows you to check that as an option and when finished with its other duties, will go to DOS and take care of the swap file. It's not that "clean the swap-file from Windows" baloney that some "wipers' claim.

You are 100% correct about Sami's ERASER. As good as it is, the filename thing COULD be a problem, but only if you weren't cleaning the freespace daily. Filename erasure from the directory structure is fully supported in the freespace wipe. If you haven't noticed, the filenames aren't just re-named or whatever after a freespace wipe, they are, as they should be, GONE. However, if you wipe just one file while working in Windows the filename remains. I should qualify this. *That's the last I know. I did not do the 5.3 upgrade and still use 5.2. In fact, 5.4 was just released less than a month ago and I haven't had a chance to look at it. I actually would be VERY surprised if 5.4 didn't correct the problem. ERASER, as I mentioned in another post is now a GNU GPL program and if it isn't fixed yet, it will be soon! The source is right there on the site and if you have programming skills, there you go! ERASER being GNU can only improve it. But, back to "Clean Disk Security," Kevin Solway is a genius in his own way. The guy is probably late thirties, early forties, lives in Australia and is a philosopher!! CDS is only one of several useful security programs from him by the way. You know, if you use CDS a lot maybe you can answer a question for me. I could never figure out how to use it without having to always answer yea or ney to "Are you sure you want to...." at every new task. With all the features, I would like to hit start and let it just do its thing. In the later versions was that ever changed? That was my ONLY problem with it. But, it's a great piece of software and is a truly secure and profesional wiper versus all the schlock that says its "erasing" while making coffee or something else because they sure aren't erasing any files securely.

To John: Welcome! Great name ;) * BC Wipe is another good product. I only dislike it not supporting a Gutmann wipe. But, its DOD 7-pass is true-blue and another professional, solid wiper. Couldn't expect less from Jetico, another great company with Tampere graduates and headquarted in Tampere, Finland.
http://www.jetico.com These people have to be the nicest, most friendly software makers on the planet as well. BESTCRYPT is, in my opinion, the best encryption program on the market. The problem is the price in US dollars. I think it's $80 or so. But, these people know their stuff there's no question about that. You also asked about uninstalling "File Recovery 98"....

"File Recovery 98" from LC Tech is a single executable file. Just delete (or erase!) the file. There's no other traces of it anywhere. There's no installation, except to run it. So, there's no uninstall. Pete is absolutely correct in stressing not to run it from the same disk. It still works, but there are indeed risks of the program itself deleting material you are actually wanting to recover! I run it from a "misc" partition on my drive that has no installed programs and run it from there. When it says don't run it from the same drive, remember that means if your drive is one big giant single partition. Partition your drive and it recognizes your logical drives as totally separate drives and you can run it fine that way.

Finally, I agree, yet disagree, with the post about the magnetic image on the disk and the implied theory that it doesn't matter what you do that some lab somewhere can get the image. That part is just not correct. This, again, is where Gutmann and his method, as described in his papers come in. It is this very issue that makes his method so important. I can only refer you back to his papers (linked above). The part I agree with, is that if you want to be 100% certain nothing could ever, by any means, be pulled up then don't put it on the drive in the first place. But then we all go back to what Pete and I were talking about the other day - are we protecting stuff from the kid sister or are we protecting it from three-letter agencies? (Which these days, I question whether the kid sister may be the tougher adversary!)

Sorry for the long post. But, there was a lot to respond to. Like I said, I LOVE THIS TOPIC!

John
Luv2bSecure

* * * *John, you certainly do like the "file wipe" topic !! LOL
And you are well informed on the subject as well.
*As for CDS, I love it. One thing I'd like to see in CDS though...a shell extension that would allow a right click on files and erase, like Eraser has.
*Also, if I run "wipe unused space" in the Eraser proggie, it should also wipe deleted file names and directories ?
*Great post and keep em' coming !!

* * * * * * * * * * regards, * *
* * * * * * * * * * * * * * * * *bill * :)

<As for CDS, I love it. One thing I'd like to see in CDS though...a shell extension that would allow a right click on files and erase, like Eraser has. >
*OOPS !! *My apologies.....CDS DOES have the "shell extension" for erasing files !!
* ARGHH...where's my coffee ??
* * * * * * *
* * * * * * * * * * * regards,
* * * * * * * * * * * * * * * * * bill * :o
* * * * * * * * * * * * * * * * * *

Isn't the file shredder that comes with Spybot SD
anygood?

I think he will be adding the option to delete the intire folder too and not just the files inside the folder.

This program is taking over Ad-Aware I am thinking ;)

Ok at your advise I tried filerecovery
It does not find any deleted files and the help file does not work at all.
I am not impressed

I am using Windows XP home addition at present.

controler

FileRecovery:

I got the help file by just clicking on the file in the folder
not in the program. Notice running rpogram during current windows session for best results. Not to be rood but this program really sucks. Even the help file needs grammer fixes.


here is their adviseNTFS Problems and Solutions
Filerecovery for Windows® will not work for NTFS drives that are compressed or encrypted. It will not be able to undelete files those were compressed or encrypted. It has been seen that the file system driver in the case of NTFS drives tries to optimize the space used by the MFT by resizing it during each time the system is switched on. Once the MFT has been resized (if downsized), it is not possible to recover all the deleted entries. For best results, it is advisable to run Filerecovery for Windows® in the same session the files were deleted.

Controler: I really don't know what to tell you. I know I have never tried using it on WinXP. I went to the site to see if I could learn anything there, but could not.

I do know that several have commented on how useful a tool FILE RECOVERY is (even in its unregistered mode) as a way to see what is being wiped, what is not, and with hundreds of so-called "wipers" on the net it serves a valuable purpose. I'm sorry you have had troubles with it. I know how you feel, I remember how frustrated I was when I was trying to get certain software to work with XP.

John
Luv2BSecure

Hi LUV2BS

And congrats on your new position here :)

Did you get a chance to take a look at the file wiper included in Spybot S&B ?

The only option it gives to wip anynumber of times.
I like the option to drag & drop the files or whole folder as of this week into the shredder ;)
http://patrick.kolla.de/spybotsd.html

Yes John, your experience will be appriciated here. I use SBS&D and wondered how it did at file wiping. I'll be happy if I could count on it and not have to get another solution.

I must report at this time, Filerecovery will not work on my Windows XP home laptop.

There are some issues still being worked out.

I figured out today that one of the files that go to Microsoft when you send the error file for their
tracking, is created in the temp folder and deleted right away after either sending or not sending.
I had to copy the file out of the temp folder and sabe else where to send to Dave from the filerecovery site;)
MS names the file accompat.txt
I am happy Spybot added the complete folder to the shreed option but after using clean disk, the folder still shows and I used 35 wipes too. I am still messing with it though.

QuickWiper from http://www.aks-labs.com/ passed the FR test.

luv2bsecure: I'm curious about your sig's "Privacy is a right". While I wish that were true, I'm not aware of any law that grants privacy as a general and specific right. What have I missed?

Hey, Jerry! Welcome to the forum!

"Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

"Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."

(If privacy isn't actually a legal right either in the Constitution or the Bill of Rights, you can rest assured that we're working on making it one! ).

Thanks for the link to QW! Pete

WELCOME JERRY!

Privacy advocates, like myself, like to say the guarantees come more in the way of procedures rather than substance. The perfect examples were already posted by Pete. He laid it out very well.

Privacy "rights" are usually interpretations of procedural and constitutional law. Most privacy advocates tend to be wary of giving up individual rights in the name of communal rights. Our example here would obviously be what is more important, feeling secure at whatever cost to personal freedoms, or being free and accepting the risks that come as a free people? Granted, there are many things that can make us insecure after 9-11. But we have lived with the threat of world obliteration since the early fifties (now eased of course since '89, but still, this isn't the first "threat to our security.") We meet with the same insecurity each day we pass through a busy intersection or round a dangerous bend in the hills.

I write this in case you are skeptical - couldn't really tell in your post. There ARE state laws in various states that offer sovereignty to the individual in many matters of personal activity (ie: Internet usage, etc).

As far as true constitutional protections, Pete already nailed it.

Again - welcome!

John
Luv2BSecure

Sorry, Unicron...I haven't a clue as to how I missed your post and question. I was looking back for something else and saw your post. I went into SBS&D and I might be blind as a bat and dumber than dumb, but for the life of me, I cannot find a file wipe in the program. I gave up. WHERE is it ???? I have been using it for it's start-up scan, but not much more and as I said, I can't find any file wiper. If you are going to tell me it's the big eraser right there on page one I am going to go hide. * ::)

John
Luv2BSecure

John - On the main screen of IS, do you have 'Show more Options' check-marked? Pete

Well, maybe you haven't seen the file shredder because it is only available in the latest betas, not in the public 0.95 :D

The latest betas have an Outlook style toolbar to the left, and under section Tools there is the 'Secure Shredder'.

Any feedback on it is appreciated :)

My apologies - I'm thinking you were asking about IS and you were talking about SBS&D!

Will brain-death make it as an excuse? *;D *Pete

Pete: I think brain-death is a great excuse! If that's what has happened, remember you can only use that particular excuse once! *:)

John
Luv2BSecure

Pepi - (Is it Patrick?)...

I just went to the site and the download is only for the public 0.95. How can I get the beta with the shredder? By the way, you are doing a superb job with SBS&D. I run it at startup and after any session where I've been surfing for a great length of time. Kudos all the way.

John
Luv2BSecure.........Well, no need to reply. I just needed to read the next post where you directed us to the forum with the beta link - thanks!

http://patrick.kolla.de/software/files/spybotsd.preview.zip is the location of the latest beta, John. Pete

John - Its not that I'm skeptical. Your statement seems so positive I was hoping I had missed release 2.0 of the Bill of Rights. ;D

Release 2.0 sounds like it might not be a bad idea!

(Although actually all you'd have to do is re-release v1.0 and make the appropriate people read it with the best interests of American people in mind). Pete