the most effective privacy software?

Discussion in 'privacy technology' started by guest, Feb 15, 2009.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    It is slower and more thorough. I use Ccleaner just for a quick clean often for cookies etc... But I run sweepi every so often for a more thorough cleaning, and then Ccleaner right after to pick up any remnants.

    I have Sweepi set NOT to move to recycle bin, but instead to overwrite. I use it in classic mode and I have it set for Complete Cleanup instead of standard. I run it choosing "Quick Clean" and when it collects everything and asks what I want to do, reboot etc..., I choose skip, and it cleans everything. As an experiment, run ccleaner first and then set up Sweepi the way I suggested and run it and see if it picks up extra stuff. It makes my computer run faster and smoother when I use it this way.
     
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    regards, Siberian!
     
  3. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    I meant to ask this question before.

    I thought that all old previously deleted data would also "Become" encrypted as well when you do a full disk encryption. Full Disk encryption does mean
    "FULL" disk encryption right? including stuff that was deleted before you encrypt the disk? and not just the current windows installation. some one correct me if I am wrong
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
  5. rookieman

    rookieman Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    411
    Thanks for your reply.I'll retry it the way you suggested:thumb:
     
  6. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Well yes, if you "full encrypt" your system, all your data will be overwritten with data that, without decryption key, looks exactly like random data.
    Anybody able to recover data that has been overtwritten, might be able to recover your data in its unencrypted form; however, there is NO evidence of any person/company/agency that was ever able to recover data overwritten once from a modern hard disk.

    For the paranoids, TrueCrypt gives you the possibility to overwrite your unencrypted data during the full disk encryption phase.
     
  7. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Yep. If you think a single pass wipe with random data wont secure delete your files, you should wipe unencrypted files prior to encrypting your system. If you think a single wipe of random data can not have previous data recovered from it, just encrypting should be fine provided you use strong encryption.
     
  8. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    OK I had to reply again, to many people are getting ill informed with null information, For all the people that think a simple overwrite will protect you, Dido!

    YOU WANT PROOF?

    Yes this case is sick but it did happen and it does prove that a single pass doesn't do anything for you!


    The article

    http://radsoft.net/rants/20031027,00.shtml

    You can also Google "Dr Marc Watzman" for more proof he does exist, if you think the rant is fake!

    And Yes this goes for all Privacy software when you choose a simple overwrite Algorithm!

    Now tell me again that a single pass over data will make the data unrecoverable?
     
    Last edited: Feb 23, 2009
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I will say again. Single pass overwrite is enough to make data unrecoverable with SOFTWARE means. Evidence Eliminator is a closed source program, so I cannot say what it does, or if it does what it says. So the rant might be very well true, but that does not prove that ALL erasing program are uncapable of protecting you.
    The only way to recover data from a correctly erased HDD is using hardware methods. Check the link I gave above to see what are the downsides of the hardware methods.
     
  10. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    121
    That link of yours is good education. Thanks. And from what I understand, the final word there is that there's just a theoretical possibility to recover overwritten data - there's no evidence it has ever been done and anyway it would be forbiddingly expensive to do it. So if you get caught after having used EE:s overwrite it shows that EE is exactly the crap the word has it. If what that whitepaper says is correct no one using a reputable eraser should have to worry, neither paedophiles nor terrorists nor us fairly honest guys.
     
  11. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Just like you said, the data can be recovered! so why are we going around in circles when we know it can be recovered using hardware recovery tools?

    The Algorithms were written for a reason, why not use them? whats the point of arguing over spilled milk? I would rather clean it up than let it just sit their!

    But you do have a point, why use more than a single pass if your only trying to stop software recovery tools? no their really isn't a point, its not like the person you sell your old machine to is going to be able to recover any data!

    I think our points have been made and their really isnt any more to say about the subject!

    Not paranoid, use a single pass.

    Paranoid, use a 7 wipe pass.


    IT doesn't matter if its EE or Eraser, use a single overwrite pass and your data can be recovered via Hardware recovery tools, If "Dr Marc Watzman" would have tweaked his Algorithm settings right in EE they wouldn't have been able to recover the data (200,000 (two hundred thousand) Illegal Images) using Hardware recovery tools!

    Nuf said!

    .........................................................................................
     
    Last edited: Feb 23, 2009
  12. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    I see so data which has already been deleted does not "Become" encrypted,
    it just gets Over Written. So Full Disk isn't literally Full Disk encryption.

    What about data from an encrypted system which gets Deleted after full disk encryption has been done. Does the data Remain Encrypted or does it become Unencrypted when it is Deleted??
     
  13. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Someone posted an article a while back about a guy who was busted for child porn. He had wiped his unused disk space and so they said that was all unrecoverable. But there were a few thumbsDB files left over and that is actually what they buisted him with. Not the wiped files.
     
  15. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Ok look at it this way.

    Prior to encryption you have File1. After encryption, File1 is overwritten with Encrypted-File1. If strong encryption is used, an adversary can't use Encrypted-File1 to get File1. But they can possibly (this is what is being debated here it seems) get File1 by analyzing the hard drive with a specialized microscope, the same way they would get File1 if File1 was over written with random data. They are not breaking the encryption, just getting the file as it was prior to encryption, if that makes sense. If File1 comes to the system AFTER it is set up as full disk encryption, then they can't do this attack. Or if the drive is securely over written prior to encryption, they can't find what was on it. I suggest a 7 pass DoD wipe prior to encryption.
     
  16. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Also whole drive encryption isn't really whole drive encryption. There is a small bit of data that is unencrypted for you to boot from. True full drive encryption you would need to put the boot sector on a USB stick. Then the entire drive is encrypted, and you need the USB to boot from. You could even put a keyfile on the USB and require that, (plus a passphrase, I would suggest).
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Hardware recovery of wiped files is a myth. If it CAN be done, it's only for the most extreme cases of national security and could only be done by a TLA. Theory and practice are two different things.

    Can anyone point me to a single instance of "hardware recovery" of properly wiped files? Anyone? Anywhere?
     
  18. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    A friend of mine once took his damaged hard drive to forensics to recover some valuable information a while ago. He said they can recover just about any thing. I said I bet they can't recover if it has been over written 35 times. His response was

    Actually they can the heads that write the tracks aren't as sensitive as the ones used by proper recovery devices, the edges of over written tracks usually still hold the 1's and 0's the center of the track has had overwritten. Instead your better off physically destroying the platter itself.
     
  19. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    And why do you think Eraser would erase the file slower? hint hint ;)
     
  20. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    I was under the impression that this was only applicable to very old HDDs since newer drives have platters so dense that it reduces the probability of success to almost zero.

    As far as I know, after a drive has been overwritten with a few random passes, there are techniques out there that allow fragments of data to possibly be discovered for forensics purposes but there is no way that data can be recovered intact.

    Happy to be proven wrong, though :)
     
  21. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    The biggest threat is what doesn't get wiped by your favorite privacy software during your cleaning sessions!
     
  22. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    Could not agree more with this comment. It is more likely that the data discovered is what missed by the overwrite pass, not what someone has managed to retrieve from "underneath" overwritten data.

    If you are worried about your habits being exposed, encrypt your drives. This is better than just hoping/assuming that your privacy software is configured to erase _all_ areas that may hold information regarding your PC usage.
     
  23. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    You are 100% correct.
     
  24. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    I agree with this and is exactly why I think whole drive encryption/system encryption is so important if one has things they don't want falling into the wrong hands.

    That forensics forum is interesting. Take a look at this thread "Single Pass Wipe Sufficient?" http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3387
     
  25. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Yea Encryption is the way to go, but it is not solid, it can still be opened by anyone who obtains the keys, and yes software recovery tools are 100% effective in recovering deleted data wile the encrypted drive is open!

    EDIT: I deleted a statement out of courtesy for another user!

    I guess its all about who's "Theories" you would like to believe or not!

    If theirs a will theirs a way! the feds didn't have a very hard time getting into that racketeering guys encrypted machine! I think you know who I'm talking about? He was using PGP whole disk encryption!

    You never really know when you can get caught slippin "IF" your engaged in illegal activities!

    I loled when I heard that "BitLocker" the one that comes with Vista Ultimate Has a Backdoor accessible to Government Agencies! This guy was trying to use the "Fact that he Knew nothing about the backdoor in BitLocker" as a defense in court!

    So a single pass using the Pseudo Random method should be effective, anything lower than that is cutting yourself short!

    I found another paper, I still don't understand why the Government uses higher standards than a single wipe pass if a single wipe pass is so effective?

    I look at it as Technology is Advancing and you never know what their going to come up with in the future, so the Government is trying to stay ahead of the Advancing Technology, Its always better to be safe than sorry!

    http://www.nber.org/sys-admin/overwritten-data-guttman.html



    ..........................................................................................
     
    Last edited: Feb 24, 2009
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.