Portable Firefox and a Recuva test

[caspian]

I installed Firefox on a USB drive, and also in a TrueCrypt folder on my desktop. I searched for a bunch of images and then ran Recuva. Not one image showed.

For anyone who missed my earlier posts regarding browsing tracks that are left behind while using Sandboxie and Returnil, I performed the same tests as above and Recuva recovered all or most of the images.

So simply using a portable browser on a USB stick or in a TrueCrypt folder seems to do the trick. But I would assume that using Returnil and/or Sandboxie would provide the additional benefit of preventing the OS from creating copies and records of everything.

I hope the new XB Browser works out because if it does, running it from a USB sticks should provide the best privacy ever.

[culla]

portable firefox is the way to go its my default and only browser

[caspian]

Quote:

Originally Posted by culla

portable firefox is the way to go its my default and only browser

It has now become mine as well. I have it in a TrueCrypt folder on my desktop and on a USB stick. I also use Returnil and Sandboxie. So while Returnil is active, I open the truecrypt folder and right click Firefox and open it with Sandboxie. That seems like a pretty good setup that is simple and easy to do. I want something that is easy to do. If it is too time consuming or difficult I'll just skip it. But this is so simple. And as far as I can tell it works very well for privacy.

[Dregg Heda]

So if I use portable firefox absolutely no traces would be left on the computer? Is there portable firefox for mac? Will history, preferences, cookies, etc be saved on the usb stick? Thanks.

[raspb3rry]

Quote:

Originally Posted by Dregg Heda

So if I use portable firefox absolutely no traces would be left on the computer? Is there portable firefox for mac? Will history, preferences, cookies, etc be saved on the usb stick? Thanks.

Well, the DNS-cache and possibly the storage of SSL-certificates would reveal the majority of your net-activity anyway.

Your ISP would now every site you've visisted, unless you use a VPN or TOR. In case of a VPN, the VPN would then know every site you've visited.

[Dregg Heda]

Im mostly interested in situations where im using the computers at school/work and I dont want to leave any information particularly pertaining to my e-mail account. Off course if theres a key/screen logger around then im probably screwed no matter what.

Quote:

Originally Posted by caspian

For anyone who missed my earlier posts regarding browsing tracks that are left behind while using Sandboxie and Returnil, I performed the same tests as above and Recuva recovered all or most of the images.
...
But I would assume that using Returnil and/or Sandboxie would provide the additional benefit of preventing the OS from creating copies and records of everything.

No surprises there. Harddrive forensics is no adversary model they protect against. Disk encryption is the only sensible answer. Wiping disk space after writing sensitive data is bad practice considering journaling FS, defragmentation, page file, slack space, small files in the MFT and so on.
They won't yield any additional benefit from that point of view. Though it's still a good idea to use them. You don't want a vulnerability to write outside the encrypted container or worse compromise the system.

[caspian]

Quote:

Originally Posted by katio

No surprises there. Harddrive forensics is no adversary model they protect against. Disk encryption is the only sensible answer. Wiping disk space after writing sensitive data is bad practice considering journaling FS, defragmentation, page file, slack space, small files in the MFT and so on.
They won't yield any additional benefit from that point of view. Though it's still a good idea to use them. You don't want a vulnerability to write outside the encrypted container or worse compromise the system.

I understand that disk encryption is the answer. But you think that using a product like R-wipe is ineffective? They claim that it wipes page file, MFT, and slack space.

I looked up journaling FS. I was under the impression that Returnil would prevent copies of activity or logs from being collected.

[caspian]

Quote:

Originally Posted by Dregg Heda

Im mostly interested in situations where im using the computers at school/work and I dont want to leave any information particularly pertaining to my e-mail account. Off course if theres a key/screen logger around then im probably screwed no matter what.

If you run portable firefox from a truecrypt folder on a USB stick I would think that there would be no records left on the computer. But you would also have to run a VPN to prevent the records of websites visited. You can run Xerobank from a USB stick and maybe Cryptohippie too.

Quote:

Originally Posted by caspian

I understand that disk encryption is the answer. But you think that using a product like R-wipe is ineffective? They claim that it wipes page file, MFT, and slack space.

No, I wouldn't say that as I haven't used and tested it. In any case it's tedious and it's likely something will be missed either by software limitation (e.g. I doubt it can wipe slack space of files in use) or by user error (like forgetting to run a full wipe which probably takes ages).

Quote:

I looked up journaling FS. I was under the impression that Returnil would prevent copies of activity or logs from being collected.

It can't prevent NTFS from doing journaling. As far as I understand it won't prevent the fact that data is being written onto the disk, it will only redirect all writes to a cache area which makes it easy to discard and wipe all changes. Therefore together with something like r-wipe it offers something against hdd forensics.

However I don't quite understand what scenario this or any "after the fact" wiping is actually useful for. If you worry about forensics you deal with sensitive files, you got to store them securely and that usually involves encryption. So why not encrypt everything and stop worrying?

[Judge Dee]

Quote:

Originally Posted by Dregg Heda

Is there portable firefox for mac? .

http://www.freesmug.org/portableapps:firefox

[Dregg Heda]

Quote:

Originally Posted by caspian

If you run portable firefox from a truecrypt folder on a USB stick I would think that there would be no records left on the computer. But you would also have to run a VPN to prevent the records of websites visited. You can run Xerobank from a USB stick and maybe Cryptohippie too.

I will assume that this still wont protect me from key/screen loggers?

[caspian]

Quote:

Originally Posted by katio

you got to store them securely and that usually involves encryption. So why not encrypt everything and stop worrying?

You are right? Why not just encrypt everything? I am ready to lear how to do this. I will go over and read TrueCrypt's tutorials. Thanks

[caspian]

Quote:

Originally Posted by Dregg Heda

I will assume that this still wont protect me from key/screen loggers?

No because all of that will be sent through the VPN just like everything else. If you reinstall your operating system and do all of the updates and install everything exactly the way you want it, you can install Returnil and you won't have to worry about keyloggers. The paid version of Returnil also has an antiexectable feature that will prevent any program from running that you did not install. And you can also use Sandboxie (your browser sandboxed) while Returnil is enabled. So if you reinstall and start fresh and use Returnil and Sandboxie, you won't have to worry about keyloggers.