What remains

[ExHelot]

I'm new to truCrypt and security issues in general. I have a question that I hope someone can help with.

Scenario: I write a document on MS Word, then place it in a truCrypt folder.
The document is encrypted.
What remains of the document that can be accessed on my PC?
How do I eliminate the 'leftovers'.

[PaulyDefran]

Never trust Windows (and to be honest, there is a lot of logging that goes on with Ubuntu too. It can be turned off, but it isn't an easy process...or wasn't for me). You would have to run regular free space/slack/MFT wipes to *try* to be sure. I have to say, BCWipe v5, while not free, has some nice features. One is called 'Transparent Wiping' where it wipes every file in real time when it is deleted, moved, cut and pasted, etc...by either you, or the OS. If you can't run (like one should) a TrueCrypt encrypted OS (regular or hidden), or Linux in an encrypted LVM...I think it's the next best thing.

PD

[popcorn]

Is there any free alternatives to BCWipe ? or more specifically a free ap that has 'Transparent Wiping"? at present I have to drop all docs etc in to file shredder, does the job but soon becomes a chore
Also on the subject of regular free space wipes can you recommend any free, quick and effective apps ? and does wiping free space frequently have a detrimental effect on the HDD ?

[PaulyDefran]

Nothing I know of that does the Transparent thing. Eraser is the free standard that everyone seems to like. v6 is a little heavy, to me (100 Megs of RAM after running for a few days, on my boxes) but 5.8.8 is out there. CCleaner and Bleachbit can do free space too, and there are a ton of others (none do the Transparent thing that BC Wipe has). As far as hard drives, spinning disks should be fine...SSD's may wear quicker, but I currently have 9 years of estimated life (using SSDLife) on mine. If it jumps to 1 or 2, I'll worry then.

PD

[popcorn]

I found same thing with Eraser, at present I alternate between CCleaner and File Shredder with the later been quite a lot faster.
I have found BCWipe v 4.01.5 on TPB looking forward to testing the "transparent" clean

[syncmaster913n]

Quote:

Originally Posted by ExHelot

How do I eliminate the 'leftovers'.

The best thing you can do is encrypt the whole drive, in addition to using the container.

[TheWindBringeth]

Quote:

Originally Posted by ExHelot

How do I eliminate the 'leftovers'.

First you have to identify what those 'leftovers' are. You'd want to know things like:

- Did the application or OS create temporary files (elsewhere)?
- Did the application or OS create backups (elsewhere)?
- Did the application or OS add the document to a recently used list and how/where is that recently used list stored?
- Did the application or OS index the document contents for searching purposes, saving that information (elsewhere)?
- Did the application save the document in some other form for some reason, for example as a template?
- Did the OS write document related data to persistent storage for hibernate or paging purposes? Edit: Or system level backup/restore?
- Any other document related data left about in the registry?
- Did any other applications or drivers cause information about the document to be stored elsewhere (AV program logging, printer spooling, whatever)
- Did the OS filesystem create lingering data, perhaps for example as part of its journaling or logging process?
- Was any document related data written to sectors, clusters, that were later unallocated and thus now exist in unallocated storage space or in file slack space?
- Etc

The answers would depend on which specific application (you mentioned one, but are there others?), how your specific OS is operating, and what you are already doing in terms of trying to address such issues. Given the complexities and unknowns, I do think a whole disk encryption approach is worth considering.

[hugsy]

Use Live CD, doesn't matter if windows or linux, what ever works for you. That way nothing will be left behind, no need to wipe anything, no need to do HDDEncryption etc...
To save your personal files, use usb key and store encrypted files on it, or store container on it. Encryption/decryption/viewing will take place on LIVE OS.
I suggest you use some open source / well known program for that, maybe gpg, truecrypt, luks; all with AES 256 and strong pass

[ExHelot]

Thanks to all. You've given me some excellent information. I hope someday I'll be familiar enough with the issues to return the favor for others.

[caspian]

Quote:

Originally Posted by hugsy

Use Live CD, doesn't matter if windows or linux, what ever works for you. That way nothing will be left behind, no need to wipe anything, no need to do HDDEncryption etc...
To save your personal files, use usb key and store encrypted files on it, or store container on it. Encryption/decryption/viewing will take place on LIVE OS.
I suggest you use some open source / well known program for that, maybe gpg, truecrypt, luks; all with AES 256 and strong pass

So if you have Windows as your OS and then run a live CD, Windows will not keep any logs?

[hugsy]

Quote:

Originally Posted by caspian

So if you have Windows as your OS and then run a live CD, Windows will not keep any logs?

Windows on HD wont keep anything because it wont be in use. Windows as live cd can keep any log it wants, but as soon as you shut it down, everything will be lost, since it runs from RAM.
But i think you know that

[mirimir]

And, if you're really paranoid, you can disconnect power and data cables to hard drives.

But then there's the BIOS

[caspian]

Quote:

Originally Posted by hugsy

Windows on HD wont keep anything because it wont be in use. Windows as live cd can keep any log it wants, but as soon as you shut it down, everything will be lost, since it runs from RAM.
But i think you know that

No I didn't know that it relied completely on RAM. And I haven't tried one yet. Thanks for explaining that. I 6G of RAM on my desktop right now but maybe I should add some more.

[caspian]

Quote:

Originally Posted by mirimir

And, if you're really paranoid, you can disconnect power and data cables to hard drives.

But then there's the BIOS

What kind of personal information is stored in the BIOS? I have wondered about Lojac. I have read that it is in the BIOS. But supposedly it cannot be used unless the owner installs it.

[LockBox]

MakeUseOf is one of my favorite sites. So practical.

http://www.makeuseof.com/tag/how-to-...ndows-live-cd/

[mirimir]

Quote:

Originally Posted by caspian

What kind of personal information is stored in the BIOS? I have wondered about Lojac. I have read that it is in the BIOS. But supposedly it cannot be used unless the owner installs it.

Typically, BIOS store manufacturer, product name or SKU, version, serial number and asset tag. There's also stuff that you can't readily see, such as flags for OEM Windows crippleware. Malware could write other data, but I doubt that there's much free space.

[TheWindBringeth]

Is anyone up on Trusted Platform storage capabilities? I'm inclined to think the TPM chip has its own separate non-volatile storage for keys and whatever. I recall reading that the OS and also applications (password managers being an example) can use the TPM to store information securely, but I'm not sure whether that includes the ability to physically store information within such a separate device.