What remains

Discussion in 'privacy technology' started by ExHelot, Apr 3, 2012.

Thread Status:
Not open for further replies.
  1. ExHelot
    Offline

    ExHelot Registered Member

    I'm new to truCrypt and security issues in general. I have a question that I hope someone can help with.

    Scenario: I write a document on MS Word, then place it in a truCrypt folder.
    The document is encrypted.
    What remains of the document that can be accessed on my PC?
    How do I eliminate the 'leftovers'.
  2. PaulyDefran
    Offline

    PaulyDefran Registered Member

    Never trust Windows (and to be honest, there is a lot of logging that goes on with Ubuntu too. It can be turned off, but it isn't an easy process...or wasn't for me). You would have to run regular free space/slack/MFT wipes to *try* to be sure. I have to say, BCWipe v5, while not free, has some nice features. One is called 'Transparent Wiping' where it wipes every file in real time when it is deleted, moved, cut and pasted, etc...by either you, or the OS. If you can't run (like one should) a TrueCrypt encrypted OS (regular or hidden), or Linux in an encrypted LVM...I think it's the next best thing.

    PD
  3. popcorn
    Offline

    popcorn Registered Member

    Is there any free alternatives to BCWipe ? or more specifically a free ap that has 'Transparent Wiping"? at present I have to drop all docs etc in to file shredder, does the job but soon becomes a chore:ouch:
    Also on the subject of regular free space wipes can you recommend any free, quick and effective apps ? and does wiping free space frequently have a detrimental effect on the HDD ?
  4. PaulyDefran
    Offline

    PaulyDefran Registered Member

    Nothing I know of that does the Transparent thing. Eraser is the free standard that everyone seems to like. v6 is a little heavy, to me (100 Megs of RAM after running for a few days, on my boxes) but 5.8.8 is out there. CCleaner and Bleachbit can do free space too, and there are a ton of others (none do the Transparent thing that BC Wipe has). As far as hard drives, spinning disks should be fine...SSD's may wear quicker, but I currently have 9 years of estimated life (using SSDLife) on mine. If it jumps to 1 or 2, I'll worry then.

    PD
  5. popcorn
    Offline

    popcorn Registered Member

    I found same thing with Eraser, at present I alternate between CCleaner and File Shredder with the later been quite a lot faster.
    I have found BCWipe v 4.01.5 on TPB :shifty: looking forward to testing the "transparent" clean
  6. syncmaster913n
    Offline

    syncmaster913n Registered Member

    The best thing you can do is encrypt the whole drive, in addition to using the container.
  7. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    First you have to identify what those 'leftovers' are. You'd want to know things like:

    - Did the application or OS create temporary files (elsewhere)?
    - Did the application or OS create backups (elsewhere)?
    - Did the application or OS add the document to a recently used list and how/where is that recently used list stored?
    - Did the application or OS index the document contents for searching purposes, saving that information (elsewhere)?
    - Did the application save the document in some other form for some reason, for example as a template?
    - Did the OS write document related data to persistent storage for hibernate or paging purposes? Edit: Or system level backup/restore?
    - Any other document related data left about in the registry?
    - Did any other applications or drivers cause information about the document to be stored elsewhere (AV program logging, printer spooling, whatever)
    - Did the OS filesystem create lingering data, perhaps for example as part of its journaling or logging process?
    - Was any document related data written to sectors, clusters, that were later unallocated and thus now exist in unallocated storage space or in file slack space?
    - Etc

    The answers would depend on which specific application (you mentioned one, but are there others?), how your specific OS is operating, and what you are already doing in terms of trying to address such issues. Given the complexities and unknowns, I do think a whole disk encryption approach is worth considering.
    Last edited: Apr 4, 2012
  8. hugsy
    Offline

    hugsy Registered Member

    Use Live CD, doesn't matter if windows or linux, what ever works for you. That way nothing will be left behind, no need to wipe anything, no need to do HDDEncryption etc...
    To save your personal files, use usb key and store encrypted files on it, or store container on it. Encryption/decryption/viewing will take place on LIVE OS.
    I suggest you use some open source / well known program for that, maybe gpg, truecrypt, luks; all with AES 256 and strong pass
  9. ExHelot
    Offline

    ExHelot Registered Member

    Thanks to all. You've given me some excellent information. I hope someday I'll be familiar enough with the issues to return the favor for others.
  10. caspian
    Offline

    caspian Registered Member

    So if you have Windows as your OS and then run a live CD, Windows will not keep any logs?
  11. hugsy
    Offline

    hugsy Registered Member

    Windows on HD wont keep anything because it wont be in use. Windows as live cd can keep any log it wants, but as soon as you shut it down, everything will be lost, since it runs from RAM.
    But i think you know that:)
  12. mirimir
    Online

    mirimir Registered Member

    And, if you're really paranoid, you can disconnect power and data cables to hard drives.

    But then there's the BIOS ;)
  13. caspian
    Offline

    caspian Registered Member

    No I didn't know that it relied completely on RAM. And I haven't tried one yet. Thanks for explaining that. I 6G of RAM on my desktop right now but maybe I should add some more.
  14. caspian
    Offline

    caspian Registered Member

    What kind of personal information is stored in the BIOS? I have wondered about Lojac. I have read that it is in the BIOS. But supposedly it cannot be used unless the owner installs it.
  15. LockBox
    Offline

    LockBox Registered Member

  16. mirimir
    Online

    mirimir Registered Member

    Typically, BIOS store manufacturer, product name or SKU, version, serial number and asset tag. There's also stuff that you can't readily see, such as flags for OEM Windows crippleware. Malware could write other data, but I doubt that there's much free space.
  17. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    Is anyone up on Trusted Platform storage capabilities? I'm inclined to think the TPM chip has its own separate non-volatile storage for keys and whatever. I recall reading that the OS and also applications (password managers being an example) can use the TPM to store information securely, but I'm not sure whether that includes the ability to physically store information within such a separate device.
Thread Status:
Not open for further replies.