PrivaZer Discussion Thread

Files and folders names recovered in the MFT ?

 

Yes, and especially USN.

Today you showed me globalLoadable.bak and history.db-journal. I typed and searched, but highlight/copy would be easier, esp for those long-titled folders.

 

Privazer Team,

Can you please post your Bitcoin address in this thread. I just tried 3 different browsers and couldn't get it do display. I have some money for you. Or PM it.

Thanks,

PD

 

Hello Pauly,
our Bitcoin address is 1KFuh86KqbmkfF67urefDUX1EP6hhBQRsF

 

Thanks.

PD

 

I sent you a PM regarding a problem I am having.

Chrome Version 28.0.1500.72 m

W7x64

 

looking into this...

 

PrivaZer is on Hot UK Deals
http://www.hotukdeals.com/freebies/privazer-pc-cleaner-privacy-tool-1608220

Hope it will become hot

 

Tried Privazer on XP and noticed that it causes ipconfig.exe to request internet access during a scan. Why is this?

 

Hello Firebytes,
it is used by ipconfig while listing entries in DNS cache.

The DNS Cache may contain websites you visited.
Thus, the DNS Cache is checked by PrivaZer and cleaned if needed.

 

Keep up the good work! I am now addicted to PrivaZer!

 

Thank you for the prompt explanation.

 

New PrivaZer v1.15
http://privazer.com/downloadupdate.php

Changelog
- New Turbo cleanup
. Cleanup in less than 60 s
. Very fast deletion (no overwriting)
- New feature
. Export FAT, MFT, USN traces to .txt
- New cleanup option
. "Close PrivaZer when finished"
- Improved update of recycle bin icon
- Improved UI

 

Same here, Love this software

 

I have a problem when I run PrivaZer with this configuration - Explained here https://www.wilderssecurity.com/showpost.php?p=2256759&postcount=2533, and it isn't the Windows Restore problem that I thought it was. https://www.wilderssecurity.com/showpost.php?p=2243110&postcount=298

I posted this problem in the EXE Radar Pro thread and letting you know here, because it's unclear as to what program is causing these errors/problems.

 

Hi Guys

A tiny issue, not a problem but not right, when I'm disconnected from the internet and run the "Empty without a trace" on the Recycle Bin, I get a Privazer pop up telling me that there's a newer version...etc. and I know:
1) it couldn't know, there's no connection to allow checking
2) I have v 1.15.1 which is the latest version (for donors, anyway).

I just click the [?] button and it goes away.
If I empty the recycle bin again (a bit later), there's no pop up, so it's a VERY small issue, but weird....

I'm glad that I donated and get to use everything this program offers, it's fantastic!

Thanks,

J

 

will your software shorten the life of SSD?

 

Tonight a forensics guy told me that the software he uses would be able to retrieve HD data even after 7 cleanup passes. No problem, just takes time.

How effective is Privazer cleanup against this attack?

Does other things as well:

"EnCase can analyze and acquire mounted encrypted volumes, such as PGP and DriveCrypt, and give examiners full access to data on hard drives that are wrapped with encryption technology, such as SafeBoot.

"Automatically culls through the registry and configuration files to quickly identify the types of hardware installed on a target machine, including NIC cards, FireWire devices, thumb drives, IDE devices and other hardware information.

"The Active Directory Information Extractor forensically analyzes the Active Directory database (NTDS.DIT) and extracts the username, SID, home directory, email address, last login, last failed login and next password change.

https://www.digitalintelligence.com/software/guidancesoftware/encase7/

 

"EnCase can analyze and acquire mounted encrypted volumes,

if its "mounted" then its accessable just like any drive,


As regards recovering data after 7 cleanup passes, you have to define the method of the 7 cleanup passes, if the drive was completely zeroed out using the drives inbuilt "secure erase" - then no software would recover any data, And you only need one pass.

If the drive contained a operating system and file system and the 7 cleanup passes were made on the live drive then its possible there could be metadata and file artifacts in slack space.

So challenge your "Forensic" guy and give him a drive thats been zeroed out using "secure erase" and then ask him to retrieve data, i`d love to hear his answer!

 

Perhaps not clear enough in last question. I'm asking specifically about Privazer cleaning, which is why I posted in this thread.

We have a choice of various numbers of passes when Privazer cleans, depending on what is erased (RAM, HD, etc.) HD has a 35 pass option! In my conversation Forensics Guy said that the program he uses, Encase, could recover data after a seven pass overwrite, although more cleaning passes would require more read and analyze passes to recover.

Encase is a standard forensics program and likely to be encountered by some Privazer users. I just wonder how effective the Privazer clean is against this, and would like to hear from them about how we should setup. 35 passes?

Also, as we look over the Encase features we see many angles of attack on privacy. I don't expect Privazer to solve all the world's surveilence, but it would be good to know its limits.

I expect some forensics feedback on this, but the Privazer staff responds so fast that we will probably have an answer from them long before that.

 

Okay i guess its best to let privaZer answer your specfic questions about their product but here some food for thought.

From my experience with testing Encase and other software recovery programs i`ve found one pass is enough to erase data,You can google lots of info on the multipass myths.

http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html

Now if we agree one pass erase is enough then we have to ask how well does privaZer do this? From my own testing it does it well enough.

I`ve heard these stories that forensic guys could recover data after a 7 pass clean and you can never find any evidence about these claims. I suspect mostly theses guys get lucky- someone has done a 7 pass free space wipe and forgot to make sure the page file was wiped and they find remants of data in the page file slack.

 

Someone with actual experience with Encase. All right!

In the past I have seen explanations of erasing (or not) showing how minuscule differences in write head alignment in each overwrite pass can leave behind "historic" traces of previous data. In this theory successive passes make it likely that old data will be totally overwritten. I have no opinion on this.

I did mention Privazer(free) in the conversation, so I hope that Mr. Forensics will indeed test with Encase ($3000). I'm not planning to.

Encase seems to be a standard product in the industry, so I expect that any serious privacyware will address some of its features. Privazer looks a lot better than most, but nothing can be all things to all people. I just wonder where I should be concerned in the Privazer/Encase universe.

 

I'm also looking forward to PrivaZer's response

For those that are interested, i can vouch for making sure the following is adhered to, which will ensure traces etc are NOT even stored

Please note i'm on XP/SP2 FAT32 so some things may be different.

Delete or rename shscrap.dll Shell "scrap object handler" in both System32 & System32/DLLcache.

Make sure your cleaner erases traces of names of deleted files in the FAT.

If you have enough RAM, securely delete the Swap/Page file. Even on 98SE with only 1Gb i had NO problems, so most of you should be fine as it's NOT actually required. I'm also fine on XP with 2Gb.

 

I didn`t know about that info on "shscrap.dll" etc, What are the various traces it stops logging Cloneranger? I run XP/SP2 also but use NTFS and couldn`t see shscrap.dll in system32/DLL cache but its in my system 32 folder.

Good tip on disabling the swap/page file, I did read somewhere in some microsoft white papers that windows will re-create a (temporary?) swap file if it runs out of physical ram. I cant recall if its only on 98Se/XP.

one things for sure though,PrivaZer does rock!

 

Hello guys,

just a few words (we are finalizing PrivaZer v2).

Firstly, when overwriting with 1 pass, recovery software (like Encase) are unable to read overwritten data.

Concerning tests with Encase :
- please delete all restore points before cleaning with PrivaZer
- keep in mind that we still have a lot to do
(for instance, PrivaZer will delete .evt and .evtx files, slack space of occupied sectors in a next release).
- provide us with a detailed report, that will help us to improve if needed

PrivaZer v2 will be ready quite soon.
Thanks for your patience and thanks to Appzman and JW Clements for their kind words.