Portable Firefox and a Recuva test

I installed Firefox on a USB drive, and also in a TrueCrypt folder on my desktop. I searched for a bunch of images and then ran Recuva. Not one image showed.

For anyone who missed my earlier posts regarding browsing tracks that are left behind while using Sandboxie and Returnil, I performed the same tests as above and Recuva recovered all or most of the images.

So simply using a portable browser on a USB stick or in a TrueCrypt folder seems to do the trick. But I would assume that using Returnil and/or Sandboxie would provide the additional benefit of preventing the OS from creating copies and records of everything.

I hope the new XB Browser works out because if it does, running it from a USB sticks should provide the best privacy ever.

 

portable firefox is the way to go its my default and only browser

 

It has now become mine as well. I have it in a TrueCrypt folder on my desktop and on a USB stick. I also use Returnil and Sandboxie. So while Returnil is active, I open the truecrypt folder and right click Firefox and open it with Sandboxie. That seems like a pretty good setup that is simple and easy to do. I want something that is easy to do. If it is too time consuming or difficult I'll just skip it. But this is so simple. And as far as I can tell it works very well for privacy.

 

So if I use portable firefox absolutely no traces would be left on the computer? Is there portable firefox for mac? Will history, preferences, cookies, etc be saved on the usb stick? Thanks.

 

Well, the DNS-cache and possibly the storage of SSL-certificates would reveal the majority of your net-activity anyway.

Your ISP would now every site you've visisted, unless you use a VPN or TOR. In case of a VPN, the VPN would then know every site you've visited.

 

Im mostly interested in situations where im using the computers at school/work and I dont want to leave any information particularly pertaining to my e-mail account. Off course if theres a key/screen logger around then im probably screwed no matter what.

 

No surprises there. Harddrive forensics is no adversary model they protect against. Disk encryption is the only sensible answer. Wiping disk space after writing sensitive data is bad practice considering journaling FS, defragmentation, page file, slack space, small files in the MFT and so on.
They won't yield any additional benefit from that point of view. Though it's still a good idea to use them. You don't want a vulnerability to write outside the encrypted container or worse compromise the system.

 

I understand that disk encryption is the answer. But you think that using a product like R-wipe is ineffective? They claim that it wipes page file, MFT, and slack space.

I looked up journaling FS. I was under the impression that Returnil would prevent copies of activity or logs from being collected.

 

If you run portable firefox from a truecrypt folder on a USB stick I would think that there would be no records left on the computer. But you would also have to run a VPN to prevent the records of websites visited. You can run Xerobank from a USB stick and maybe Cryptohippie too.

 

No, I wouldn't say that as I haven't used and tested it. In any case it's tedious and it's likely something will be missed either by software limitation (e.g. I doubt it can wipe slack space of files in use) or by user error (like forgetting to run a full wipe which probably takes ages).

It can't prevent NTFS from doing journaling. As far as I understand it won't prevent the fact that data is being written onto the disk, it will only redirect all writes to a cache area which makes it easy to discard and wipe all changes. Therefore together with something like r-wipe it offers something against hdd forensics.

However I don't quite understand what scenario this or any "after the fact" wiping is actually useful for. If you worry about forensics you deal with sensitive files, you got to store them securely and that usually involves encryption. So why not encrypt everything and stop worrying?

 

http://www.freesmug.org/portableapps:firefox

 

I will assume that this still wont protect me from key/screen loggers?

 

You are right? Why not just encrypt everything? I am ready to lear how to do this. I will go over and read TrueCrypt's tutorials. Thanks

 

No because all of that will be sent through the VPN just like everything else. If you reinstall your operating system and do all of the updates and install everything exactly the way you want it, you can install Returnil and you won't have to worry about keyloggers. The paid version of Returnil also has an antiexectable feature that will prevent any program from running that you did not install. And you can also use Sandboxie (your browser sandboxed) while Returnil is enabled. So if you reinstall and start fresh and use Returnil and Sandboxie, you won't have to worry about keyloggers.