Have the disk cleaners forgotten something?

I regularly perform housekeeping on my hard disk - a defrag followed by a D0D level wipe of cluster tips, free space and directory squishes.  By the time the bottle was empty, an alarming thought occurred to me:

Between 1 and 32 passes are usually available, with at least 7 recommended (DoD) to make data completely unrecoverable.  Fine.  But what if I delete a sensitive file and then dl a setup program which overlays the space previously occupied by the deleted file?  That's equivalent to a single pass wipe of the sensitive data.

So does that mean it's potentially recoverable from underneath the setup program?  If so, then programs addressing security wipes need to be ramped up!

Hmm...

 

Checkout - Sounds correct. I don't know how the disk cleaner manufacturers would be able to compensate for what's basically an operator error, though.

If you want something gone for good, you should always select 'erase' and not 'delete' from the right-click menu. Pete

 

Well, in future, I'll be well impressed with a security wiper which

• cleans a free area
• move undeleted files to that area
• erases the previously occupied space
• moves the files back or defrags as it goes

I don't see how a user can be 100% guaranteed of total erasure otherwise.

 

Checkout...
                 I'm not sure I completely understand your question...
        If you wipe a file.... say 7 passes, and install a new file or directory over the space you just wiped, the wiped file could still be recoverable ? Is that your question ?
 Also, is their any reason that you perform a defrag before wiping "unused" disk space ? I usually do a scandisk first, a file wipe second (unused disk space) than a defrag.
                     thanks, bill

 

Bill, imagine a situation where you - or perhaps a cleanup program - deletes a file, or a bunch of them.  Running apps create files all the time in the background, and downloading from the net (or just visiting sites) will create new ones too.  The new files can easily occupy space formerly occupied by deleted files.

Consequently, in these circumstances, deleted files have only had a 1-pass wipe.  Are the deleted files then recoverable in part or whole by forensic apparatus?

IOW, I'm suggesting that files can be deleted either deliberately or accidentally or automatically without being DoD wiped first, and replaced by data which you would want to keep.

Have I made it more clear?  Sorry if I haven't.

Edit for a better example

Say you've had a genius idea and you've created a file called patent_application.doc.  After weeks or months of nursing this idea into a presentable format, your other activities mean you need to defrag your hard drive.  Your patent doc is moved elsewhere on the disk.  Defrag doesn't do a security wipe, so the old copy lies in the old position, forensically recoverable.  The defrag moves another file over the top of it, say msconfig.exe (which you ain't going to delete, right?)

Thus your hard disk is tidy, but anyone forensically examing your hard drive may find patent_application.doc lying underneath msconfig.exe.  (All assuming that data can be recovered if only overwritten once, of course.)

I hope that's better!

 

Checkout...
                Ok, now I completely understand your point. It is a valid point I might add.
   Having said that, what if you did a "wipe" of unused disk space...before the defrag. That would ensure that that deleted files and directories would be "wiped". Than during a defrag, if say msconfig.exe, were to be moved into another area of the hard disk, it would be moved into "wiped" hard disk space. Nothing recoverable underneath.
As for deleting files...wipe all files not needed..recent docs, history, downloads...
 But, I dare say that  in all probability, you wouldn't be able to "wipe" every single transaction off your PC, simply because their are way too many "footprints" left behind at all stages of using a PC !!
                     IMHO...........bill

 

Can i get a few good recommendations on file wiper programs. Pros/Cons.

Thanks

 

why check out wipeing hd stuff hm we might be kindered spirits after all he he he but im scared to ask lol

 

Bill, you can't guarantee a defrag will use the wiped space - far from it.  Perhaps this is a good product idea for the paranoid (government agencies)?

Blaze, you have an evil, suspicious mind.  I neither admit nor deny anything.  

 

I use IEClean, which is good.  I don't know much about the other products in this area, just enough to say don't touch Evidence Eliminator with a barge pole.

 

I agree with Checkout.

I also use IEClean and like it very much. It's from the same company PSC that makes the AT BOClean. You will see Nancy from PSC very often in the update-alerts-section giving announcements about new def's for BOClean. The support from PSC is really absolutely first class.

I also agree with Checkout to stay away from Evidence Eliminator!

On the old forum we were also talking about this subject, for example in this thread:
http://pub24.ezboard.com/fsecureyesecurityfrm12.showMessage?topicID=28.topic

 

Checkout....point taken...thanks !


Phazor...I use Eraser (http://www.wilders.org/free_tools.htm)   to wipe files and unused hard disk space.
As for those dat and temp files, I use Internet Sweeper (check off "wipe" and "run during start up"  in options) . This can be found at the same link as well !!
                  bill  

 

Phazor - Ditto the above. And welcome! Pete