Have the disk cleaners forgotten something?

Discussion in 'privacy technology' started by Checkout, May 2, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I regularly perform housekeeping on my hard disk - a defrag followed by a D0D level wipe of cluster tips, free space and directory squishes.  By the time the bottle was empty, an alarming thought occurred to me:

    Between 1 and 32 passes are usually available, with at least 7 recommended (DoD) to make data completely unrecoverable.  Fine.  But what if I delete a sensitive file and then dl a setup program which overlays the space previously occupied by the deleted file?  That's equivalent to a single pass wipe of the sensitive data.

    So does that mean it's potentially recoverable from underneath the setup program?  If so, then programs addressing security wipes need to be ramped up!

    Hmm...
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Checkout - Sounds correct. I don't know how the disk cleaner manufacturers would be able to compensate for what's basically an operator error, though.

    If you want something gone for good, you should always select 'erase' and not 'delete' from the right-click menu. Pete
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Well, in future, I'll be well impressed with a security wiper which
    • cleans a free area
    • move undeleted files to that area
    • erases the previously occupied space
    • moves the files back or defrags as it goes
    I don't see how a user can be 100% guaranteed of total erasure otherwise.
     
  4. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Checkout...
                     I'm not sure I completely understand your question...
            If you wipe a file.... say 7 passes, and install a new file or directory over the space you just wiped, the wiped file could still be recoverable ? Is that your question ?
     Also, is their any reason that you perform a defrag before wiping "unused" disk space ? I usually do a scandisk first, a file wipe second (unused disk space) than a defrag.
                         thanks, bill
     
  5. Checkout;

    Checkout; Guest

    Bill, imagine a situation where you - or perhaps a cleanup program - deletes a file, or a bunch of them.  Running apps create files all the time in the background, and downloading from the net (or just visiting sites) will create new ones too.  The new files can easily occupy space formerly occupied by deleted files.

    Consequently, in these circumstances, deleted files have only had a 1-pass wipe.  Are the deleted files then recoverable in part or whole by forensic apparatus?

    IOW, I'm suggesting that files can be deleted either deliberately or accidentally or automatically without being DoD wiped first, and replaced by data which you would want to keep.

    Have I made it more clear?  Sorry if I haven't.

    Edit for a better example

    Say you've had a genius idea and you've created a file called patent_application.doc.  After weeks or months of nursing this idea into a presentable format, your other activities mean you need to defrag your hard drive.  Your patent doc is moved elsewhere on the disk.  Defrag doesn't do a security wipe, so the old copy lies in the old position, forensically recoverable.  The defrag moves another file over the top of it, say msconfig.exe (which you ain't going to delete, right?)

    Thus your hard disk is tidy, but anyone forensically examing your hard drive may find patent_application.doc lying underneath msconfig.exe.  (All assuming that data can be recovered if only overwritten once, of course.)

    I hope that's better!
     
  6. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Checkout...
                    Ok, now I completely understand your point. It is a valid point I might add.
       Having said that, what if you did a "wipe" of unused disk space...before the defrag. That would ensure that that deleted files and directories would be "wiped". Than during a defrag, if say msconfig.exe, were to be moved into another area of the hard disk, it would be moved into "wiped" hard disk space. Nothing recoverable underneath.
    As for deleting files...wipe all files not needed..recent docs, history, downloads...
     But, I dare say that  in all probability, you wouldn't be able to "wipe" every single transaction off your PC, simply because their are way too many "footprints" left behind at all stages of using a PC !!
                         IMHO...........bill ;)
     
  7. Phazor

    Phazor Guest

    Can i get a few good recommendations on file wiper programs. Pros/Cons.

    Thanks
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :cool:why check out wipeing hd stuff hm we might be kindered spirits after all he he he but im scared to ask lol :D
     
  9. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Bill, you can't guarantee a defrag will use the wiped space - far from it.  Perhaps this is a good product idea for the paranoid (government agencies)?

    Blaze, you have an evil, suspicious mind.  I neither admit nor deny anything.   ;)
     
  10. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I use IEClean, which is good.  I don't know much about the other products in this area, just enough to say don't touch Evidence Eliminator with a barge pole.
     
  11. FanJ

    FanJ Guest

    I agree with Checkout.

    I also use IEClean and like it very much. It's from the same company PSC that makes the AT BOClean. You will see Nancy from PSC very often in the update-alerts-section giving announcements about new def's for BOClean. The support from PSC is really absolutely first class.

    I also agree with Checkout to stay away from Evidence Eliminator!

    On the old forum we were also talking about this subject, for example in this thread:
    http://pub24.ezboard.com/fsecureyesecurityfrm12.showMessage?topicID=28.topic
     
  12. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Checkout....point taken...thanks !


    Phazor...I use Eraser (http://www.wilders.org/free_tools.htm)   to wipe files and unused hard disk space.
    As for those dat and temp files, I use Internet Sweeper (check off "wipe" and "run during start up"  in options) . This can be found at the same link as well !!
                      bill  ;)
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Phazor - Ditto the above. And welcome! Pete
     
Loading...
Thread Status:
Not open for further replies.