What remains

Discussion in 'privacy technology' started by ExHelot, Apr 3, 2012.

Thread Status:
Not open for further replies.
  1. ExHelot

    ExHelot Registered Member

    Joined:
    Mar 31, 2012
    Posts:
    2
    Location:
    United States
    I'm new to truCrypt and security issues in general. I have a question that I hope someone can help with.

    Scenario: I write a document on MS Word, then place it in a truCrypt folder.
    The document is encrypted.
    What remains of the document that can be accessed on my PC?
    How do I eliminate the 'leftovers'.
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Never trust Windows (and to be honest, there is a lot of logging that goes on with Ubuntu too. It can be turned off, but it isn't an easy process...or wasn't for me). You would have to run regular free space/slack/MFT wipes to *try* to be sure. I have to say, BCWipe v5, while not free, has some nice features. One is called 'Transparent Wiping' where it wipes every file in real time when it is deleted, moved, cut and pasted, etc...by either you, or the OS. If you can't run (like one should) a TrueCrypt encrypted OS (regular or hidden), or Linux in an encrypted LVM...I think it's the next best thing.

    PD
     
  3. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Is there any free alternatives to BCWipe ? or more specifically a free ap that has 'Transparent Wiping"? at present I have to drop all docs etc in to file shredder, does the job but soon becomes a chore:ouch:
    Also on the subject of regular free space wipes can you recommend any free, quick and effective apps ? and does wiping free space frequently have a detrimental effect on the HDD ?
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Nothing I know of that does the Transparent thing. Eraser is the free standard that everyone seems to like. v6 is a little heavy, to me (100 Megs of RAM after running for a few days, on my boxes) but 5.8.8 is out there. CCleaner and Bleachbit can do free space too, and there are a ton of others (none do the Transparent thing that BC Wipe has). As far as hard drives, spinning disks should be fine...SSD's may wear quicker, but I currently have 9 years of estimated life (using SSDLife) on mine. If it jumps to 1 or 2, I'll worry then.

    PD
     
  5. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    I found same thing with Eraser, at present I alternate between CCleaner and File Shredder with the later been quite a lot faster.
    I have found BCWipe v 4.01.5 on TPB :shifty: looking forward to testing the "transparent" clean
     
  6. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    The best thing you can do is encrypt the whole drive, in addition to using the container.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    1,584
    First you have to identify what those 'leftovers' are. You'd want to know things like:

    - Did the application or OS create temporary files (elsewhere)?
    - Did the application or OS create backups (elsewhere)?
    - Did the application or OS add the document to a recently used list and how/where is that recently used list stored?
    - Did the application or OS index the document contents for searching purposes, saving that information (elsewhere)?
    - Did the application save the document in some other form for some reason, for example as a template?
    - Did the OS write document related data to persistent storage for hibernate or paging purposes? Edit: Or system level backup/restore?
    - Any other document related data left about in the registry?
    - Did any other applications or drivers cause information about the document to be stored elsewhere (AV program logging, printer spooling, whatever)
    - Did the OS filesystem create lingering data, perhaps for example as part of its journaling or logging process?
    - Was any document related data written to sectors, clusters, that were later unallocated and thus now exist in unallocated storage space or in file slack space?
    - Etc

    The answers would depend on which specific application (you mentioned one, but are there others?), how your specific OS is operating, and what you are already doing in terms of trying to address such issues. Given the complexities and unknowns, I do think a whole disk encryption approach is worth considering.
     
    Last edited: Apr 4, 2012
  8. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    Use Live CD, doesn't matter if windows or linux, what ever works for you. That way nothing will be left behind, no need to wipe anything, no need to do HDDEncryption etc...
    To save your personal files, use usb key and store encrypted files on it, or store container on it. Encryption/decryption/viewing will take place on LIVE OS.
    I suggest you use some open source / well known program for that, maybe gpg, truecrypt, luks; all with AES 256 and strong pass
     
  9. ExHelot

    ExHelot Registered Member

    Joined:
    Mar 31, 2012
    Posts:
    2
    Location:
    United States
    Thanks to all. You've given me some excellent information. I hope someday I'll be familiar enough with the issues to return the favor for others.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,184
    Location:
    Oz
    So if you have Windows as your OS and then run a live CD, Windows will not keep any logs?
     
  11. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    Windows on HD wont keep anything because it wont be in use. Windows as live cd can keep any log it wants, but as soon as you shut it down, everything will be lost, since it runs from RAM.
    But i think you know that:)
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,064
    And, if you're really paranoid, you can disconnect power and data cables to hard drives.

    But then there's the BIOS ;)
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,184
    Location:
    Oz
    No I didn't know that it relied completely on RAM. And I haven't tried one yet. Thanks for explaining that. I 6G of RAM on my desktop right now but maybe I should add some more.
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,184
    Location:
    Oz
    What kind of personal information is stored in the BIOS? I have wondered about Lojac. I have read that it is in the BIOS. But supposedly it cannot be used unless the owner installs it.
     
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,272
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,064
    Typically, BIOS store manufacturer, product name or SKU, version, serial number and asset tag. There's also stuff that you can't readily see, such as flags for OEM Windows crippleware. Malware could write other data, but I doubt that there's much free space.
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    1,584
    Is anyone up on Trusted Platform storage capabilities? I'm inclined to think the TPM chip has its own separate non-volatile storage for keys and whatever. I recall reading that the OS and also applications (password managers being an example) can use the TPM to store information securely, but I'm not sure whether that includes the ability to physically store information within such a separate device.
     
Thread Status:
Not open for further replies.