File Wiping

I just finished the above post and it didn't take long to get an email mentioning that ERASER was reviewed in PC Magazine just last week
http://www.pcmag.com/article/0,2997,s=1647&a=26631,00.asp

John

 

    I've been using Eraser 5.3 for some time now.
Recently I tried another file wipe utility called "Clean Disk Security". It has a few more options than Eraser, that I like. Clean Disk also lets you view deleted files as well. So, after I wiped some files (DoD 7 pass) with Eraser , I ran Clean Disk's "view" tab which lets you take a peek into your HD and shows all files and directories, and deleted files. Clean disk also has a small undelete option which lets you view "deleted files"
  Ok, so after wiping some files with Eraser, I than went to Clean Disk and it's "view" option and I found the directory/name  of the "wiped Eraser" file, but the file itself was wiped and unrecoverable. Than I used Clean Disk's "erase names of all deleted files tab" to get rid of the file name.
I like Eraser, but why did it leave behind the "file names" of wiped files ?
 Any comments on Clean Disk Security ?
      regards,    
                   bill  

 

John - If you have any spare time this weekend, could you put NecroFile through it's paces and then try to do recoveries of anything that's been deleted?

The results might be interesting.

I'm sure you read in the readme that the suggested method to ensure best results was to (a) close all running programs (b) do a ScanDisk (c) run Necrofile (d) re-start and run ScanDisk and DD.

Time-consuming, but it sounds pretty thorough.

Is the method that important if the files DO wind up being non-recoverable? Pete

 

Has anyone here tried the file recovery after runninb BCWipe?
I wiped my drive with only one pass, and attempted to recover cache/cookies. All gone, not even a cookie crumb.

Just thought I'd let you know.

Cheers,
John

 

John - Thanks for the info! Anyone interested can get a copy of BCWipe from http://www.jetico.com/home.htm .

Note: This is NOT freeware, BTW.

L2BS - I got kind of tickled when I read this article:
http://online.securityfocus.com/news/459 , the lead paragraph of which was this:

"Meticulous notes recovered from his computer allegedly link the accused eBay hacker to intrusions at over one hundred universities and companies. Heckenkamp's family says he's the victim of a frame-up. A detailed personal log of computer intrusions recovered from the deleted file space on Jerome Heckenkamp's Linux box will serve as Exhibit A in the federal government's case against the accused super-hacker, according to newly-filed documents in the case." (Emphasis mine - Pete)

Here you have a hot-shot hacker who was apparently nailed due to the fact that (reading that particular sentence, anyway) he ONLY 'deleted' the log - he didn't even bother to TRY to erase it! (Lack of time when they kicked in the door, I wonder? Although it did state further down that he'd also burned a copy of the log to a CD - if time for that, why not time to 'erase'?).

Couple of VERY important lessons to be gleaned from that - NEVER keep anything on the computer that can come back to BITE you to start with! If, for some reason, you HAVE to, then for goodness sake set up your 'eraser' program to run as a scheduled task - DAILY!

I've gotta wonder how many people haven't ever even THOUGHT of turning OFF 'logging' in any and all IM programs they use - how many people don't even KNOW whether all their email is being copied either to their 'OutBox' or 'Drafts' folder (in plain text), simply because they've never thought to check/change the settings - how many realize that back-ups are made that are easily accessible to everything that passes through your email program, and how to find and empty them.

The WRONG time to be finding out about this kind of stuff is when someone sticks a hard copy of it in your face while asking you "You mean, you don't recognize THIS?"

Definitely something to ponder, people. Pete

 

Just wanted to say that I think this site is one of the finest in its field. I only discovered it a few days ago, and I am very impressed with it. Downloaded the VisualZone report utility for my Zone Alarm and all I can say is that I'm blown away by the reporting capabilities of this little add-on. Thanks a million!

One last note - I downloaded File Recovery demo for Windows, to test the capabilities of the BCWipe software. Now that it is all done with, how do I get rid of the File Recovery demo? There doesn't seem to be an uninstall utility, and the program doesn't show up in the Add/Remove section of my Control Panel.

Thanx in advance,
John

 

John - From the fileRecovery Readme:

"For the best possible results, extract the Recover.exe file,
the Filerecovery.chm file and License Agreement from the ZIP file to a
formatted floppy disk. Execute the Recover.exe from the floppy and choose
the proper work drive."

and

"DO NOT install Filerecovery for Windows® on the drive you want to recover
files from. By installing Filerecovery for Windows® on the work drive, you
run the risk of overwriting the data you want to recover."

I think you can simply delete the folder and then run jv16PowerTools or something similar to find and delte any remnants. Pete

 

Unforatunately the problem with saving anything to a magnetic disk leaves an image of itself for a long time to come.  Perhaps some programs on the market can recover them, but in the end.. even if a disk is burned, it can be sent to he best labs in the world for data recovery, all thanks to the image the original file left on the magnetic disk.

The only sure fire way to be certain something is off the disk, is to never put anything on it.

Outside of that, I've used Eraser for a while a year or two ago.  Excellent program.

 

Man I tell you guys must be physic
I been doing alot of thinking lately on the file wiping stuff
too. In fact we have a company right here in Minnesota
that does that kind of recovery for the government.
Ontrac Data. I am sure you heard of them.
They been doing the recovery off the Terrorists drives
I beta tested Executive Softwares UNDELETE a few years ago and it worked pretty dang good.
It only works on Win NT,2000 and XP systems though.
Can you do your wipe and try it out to see how well it fairs?
I still have the program laying around
AS far as deleting info on the hard disk not possible because it was stored magnetictly?
Wouldn't a huge electromagnet work ?
I think it might.
Data recovery uses off trac and magnetic residence
They also try various reconstructions by reversing the data bit logic levels.
The best programs would do all of the above just as the best protection software would do all in one package.

[glow=red,5,300]controler[/glow]

 

controler - While someone may be able to help you out with that, please remember that they may not be willing to do so publicly - and you're not registered, so there's no way for them to contact you (hence, you may see no response at all).

Just something to think about. Pete

 

Hi

I registered along time ago, I just can't remember
my password. It was the default one the forum gave me
I have been to lazy to reregister. Can you pull that info back up or do I need to reregister?

Thanks  

 

controler - When you click the 'Login' button, you can either click on the 'Forgot Password' link, then type in the username you used to register and 'Send' or 'Enter' it (and it'll remail you your password or you can simply re-register (I tried inputting your 'controler' nic so it would automatically email you the password, but it wouldn't buy it on my end, said that that username didn't exist).

That's good, in a way, because that nic's still available - if you get the same message i did when you try to do the 'Forgot password' stuff, just re-register. HTH Pete

 

A LOT of discussion on this topic since I last posted just a few days ago! That's great! These topics help my blood circulate!!!

There's several things I wanted to mention and comment on, so forgive me for a possibly long post as I hit a little on many of the posts. One quick thing was way early in the thread when the subject of steganography came up I noticed a lot of negative comments on stego. I wasn't posting much then (didn't have time when the subject was being discussed) but this deserves more discussion maybe in a thread of its own. Steganography is an incredible and not to be dismissed piece of the arsenal in the fight for privacy and security. There are answers to all of the points mentioned as reasons for not being too serious about it. To be honest, a lot of what was being written was how I felt not that long ago. A lot has changed though. For now, I would suggest you go to http://www.camouflagesoftware.co.uk/ and play around with this VERY simple stego program. If you want to know it's safe and ok to experiment with, read this from the Sans Institute  http://rr.sans.org/encryption/camo.php

Ok, first to Pete - Was that not something else about the hacker not wiping his disk? You wonder how somebody capable of all the other he is accused of didn't have the brains to remember the fundamentals. Why is it so often the fundamentals are forgotten and that's what causes so many security-related problems? My main drive with OS is in a very small partition, as is my data. The freespace of two very small partitions can be wiped, even with Gutmann in a short time. Using DOD 7-pass is a snap on small partitions. Remember, with Gutmann, it is the METHOD, not the number of wipes (the 35-wipes is, in reality, never needed), so it can be wiped just as quickly as a DOD method. Many people question me on this, but they only need to read Gutmann himself. In a recently added epilogue to his revolutionary paper, this is what he says to those who never took the time to read the original paper:

"In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all type of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any moderm PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."
-- from Epilogue to Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Many also don't know, and it's fascinating material, that Peter Gutmann wrote a follow-up to his "Secure Deletion of Data from Magnetic and Solid-State Memory"  in 2001.  It is called, "Data Remanence in Semiconductor Devices", and if you are interested it can be found here in .pdf  http://www.cryptoapps.com/~peter/usenix01.pdf


To eyespy: I am so glad you mentioned "Clean Disk Security." Now, there's another can't-go-wrong program. It is excellent and I wouldn't hesitate for a minute in using it. You are right about it having a few other features that are actually very important features. The most important, I think, is the excellent interface which allows a box to check for wiping the Windows swap file. For those who haven't used the program, it allows you to check that as an option and when finished with its other duties, will go to DOS and take care of the swap file. It's not that "clean the swap-file from Windows" baloney that some "wipers' claim.

You are 100% correct about Sami's ERASER. As good as it is, the filename thing COULD be a problem, but only if you weren't cleaning the freespace daily. Filename erasure from the directory structure is fully supported in the freespace wipe. If you haven't noticed, the filenames aren't just re-named or whatever after a freespace wipe, they are, as they should be, GONE. However, if you wipe just one file while working in Windows the filename remains. I should qualify this.  That's the last I know. I did not do the 5.3 upgrade and still use 5.2. In fact, 5.4 was just released less than a month ago and I haven't had a chance to look at it. I actually would be VERY surprised if 5.4 didn't correct the problem. ERASER, as I mentioned in another post is now a GNU GPL program and if it isn't fixed yet, it will be soon! The source is right there on the site and if you have programming skills, there you go! ERASER being GNU can only improve it. But, back to "Clean Disk Security," Kevin Solway is a genius in his own way. The guy is probably late thirties, early forties, lives in Australia and is a philosopher!! CDS is only one of several useful security programs from him by the way. You know, if you use CDS a lot maybe you can answer a question for me. I could never figure out how to use it without having to always answer yea or ney to "Are you sure you want to...." at every new task. With all the features, I would like to hit start and let it just do its thing. In the later versions was that ever changed? That was my ONLY problem with it. But, it's a great piece of software and is a truly secure and profesional wiper versus all the schlock that says its "erasing" while making coffee or something else because they sure aren't erasing any files securely.

To John: Welcome! Great name   BC Wipe is another good product. I only dislike it not supporting a Gutmann wipe. But, its DOD 7-pass is true-blue and another professional, solid wiper. Couldn't expect less from Jetico, another great company with Tampere graduates and headquarted in Tampere, Finland.
http://www.jetico.com These people have to be the nicest, most friendly software makers on the planet as well. BESTCRYPT is, in my opinion, the best encryption program on the market. The problem is the price in US dollars. I think it's $80 or so. But, these people know their stuff there's no question about that. You also asked about uninstalling "File Recovery 98"....

"File Recovery 98" from LC Tech is a single executable file. Just delete (or erase!) the file. There's no other traces of it anywhere. There's no installation, except to run it. So, there's no uninstall. Pete is absolutely correct in stressing not to run it from the same disk. It still works, but there are indeed risks of the program itself deleting material you are actually wanting to recover! I run it from a "misc" partition on my drive that has no installed programs and run it from there. When it says don't run it from the same drive, remember that means if your drive is one big giant single partition. Partition your drive and it recognizes your logical drives as totally separate drives and you can run it fine that way.

Finally, I agree, yet disagree, with the post about the magnetic image on the disk and the implied theory that it doesn't matter what you do that some lab somewhere can get the image. That part is just not correct. This, again, is where Gutmann and his method, as described in his papers come in. It is this very issue that makes his method so important. I can only refer you back to his papers (linked above). The part I agree with, is that if you want to be 100% certain nothing could ever, by any means, be pulled up then don't put it on the drive in the first place. But then we all go back to what Pete and I were talking about the other day - are we protecting stuff from the kid sister or are we protecting it from three-letter agencies? (Which these days, I question whether the kid sister may be the tougher adversary!)

Sorry for the long post. But, there was a lot to respond to. Like I said, I LOVE THIS TOPIC!

John
Luv2bSecure

 

       John, you certainly do like the "file wipe" topic !! LOL
And you are well informed on the subject as well.
 As for CDS, I love it. One thing I'd like to see in CDS though...a shell extension that would allow a right click on files and erase, like Eraser has.
 Also, if I run "wipe unused space" in the Eraser proggie, it should also wipe deleted file names and directories ?
 Great post and keep em' coming !!

                    regards,    
                                 bill  

 

<As for CDS, I love it. One thing I'd like to see in CDS though...a shell extension that would allow a right click on files and erase, like Eraser has. >
 OOPS !!  My apologies.....CDS DOES have the "shell extension" for erasing files !!
  ARGHH...where's my coffee ??
             
                      regards,
                                  bill  
                                   

 

Isn't the file shredder that comes with Spybot SD
anygood?

I think he will be adding the option to delete the intire folder too and not just the files inside the folder.

This program is taking over Ad-Aware I am thinking

 

Ok at your advise I tried filerecovery
It does not find any deleted files and the help file does not work at all.
I am not impressed

I am using Windows XP home addition at present.

[glow=red,2,300]controler[/glow]

 

FileRecovery:

I got the help file by just clicking on the file in the folder
not in the program. Notice running rpogram during current windows session for best results. Not to be rood but this program really sucks. Even the help file needs grammer fixes.


here is their adviseNTFS Problems and Solutions
Filerecovery for Windows® will not work for NTFS drives that are compressed or encrypted. It will not be able to undelete files those were compressed or encrypted. It has been seen that the file system driver in the case of NTFS drives tries to optimize the space used by the MFT by resizing it during each time the system is switched on. Once the MFT has been resized (if downsized), it is not possible to recover all the deleted entries. For best results, it is advisable to run Filerecovery for Windows® in the same session the files were deleted.

 

Controler: I really don't know what to tell you. I know I have never tried using it on WinXP. I went to the site to see if I could learn anything there, but could not.

I do know that several have commented on how useful a tool FILE RECOVERY is (even in its unregistered mode) as a way to see what is being wiped, what is not, and with hundreds of so-called "wipers" on the net it serves a valuable purpose. I'm sorry you have had troubles with it. I know how you feel, I remember how frustrated I was when I was trying to get certain software to work with XP.

John
Luv2BSecure

 

Hi LUV2BS

And congrats on your new position here

Did you get a chance to take a look at the file wiper included in Spybot S&B ?

The only option it gives to wip anynumber of times.
I like the option to drag & drop the files or whole folder as of this week into the shredder
http://patrick.kolla.de/spybotsd.html

 

Yes John, your experience will be appriciated here. I use SBS&D and wondered how it did at file wiping. I'll be happy if I could count on it and not have to get another solution.

 

I must report at this time, Filerecovery will not work on my Windows XP home laptop.

There are some issues still being worked out.

I figured out today that one of the files that go to Microsoft when you send the error file for their
tracking, is created in the temp folder and deleted right away after either sending or not sending.
I had to copy the file out of the temp folder and sabe else where to send to Dave from the filerecovery site
MS names the file accompat.txt
I am happy Spybot added the complete folder to the shreed option but after using clean disk, the folder still shows and I used 35 wipes too. I am still messing with it though.

 

QuickWiper from http://www.aks-labs.com/ passed the FR test.

luv2bsecure: I'm curious about your sig's "Privacy is a right". While I wish that were true, I'm not aware of any law that grants privacy as a general and specific right. What have I missed?

 

Hey, Jerry! Welcome to the forum!

"Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

"Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."

(If privacy isn't actually a legal right either in the Constitution or the Bill of Rights, you can rest assured that we're working on making it one! ).

Thanks for the link to QW! Pete

 

WELCOME JERRY!

Privacy advocates, like myself, like to say the guarantees come more in the way of procedures rather than substance. The perfect examples were already posted by Pete. He laid it out very well.

Privacy "rights" are usually interpretations of procedural and constitutional law. Most privacy advocates tend to be wary of giving up individual rights in the name of communal rights. Our example here would obviously be what is more important, feeling secure at whatever cost to personal freedoms, or being free and accepting the risks that come as a free people? Granted, there are many things that can make us insecure after 9-11. But we have lived with the threat of world obliteration since the early fifties (now eased of course since '89, but still, this isn't the first "threat to our security.") We meet with the same insecurity each day we pass through a busy intersection or round a dangerous bend in the hills.

I write this in case you are skeptical - couldn't really tell in your post. There ARE state laws in various states that offer sovereignty to the individual in many matters of personal activity (ie: Internet usage, etc).

As far as true constitutional protections, Pete already nailed it.

Again - welcome!

John
Luv2BSecure