Erasers + Restoration = Whats Wrong??

Discussion in 'privacy technology' started by Shad0w, Oct 25, 2007.

Thread Status:
Not open for further replies.
  1. Shad0w

    Shad0w Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    7
    Hi there,

    I'm not a very tech savvy person. So, if I say the wrong things....:)

    I was home all sick and had nothing better to do.

    - I downloaded trial versions of erasers like R-Wipe, East-Tech Eraser, Cyberscrub, and a few others.... ( everything Google gave me )

    - Also, a freeware utility called Restoration.

    - Freshly Formatted system : XP Pro SP2 - Opera 9.24. Nod32. ICQ Lite, Yahoo, Steam, Rapidget, Google Talk.

    - Used Restoration & the "Delete Completely" option. All clean. ( Took a loooong time - I read old Archie Digest - Nostalgia )

    - Installed R-Wipe : - And did what I normally do - Web surfing, downloading, chatting and all that for about an hour or more.

    - Used R Wipe - 7 Pass. Seemed to detect a lot, Needed a Reboot.

    - Afterwards, I go to Restoration and I see this huge list of files!!! I thought it was supposed to be "beyond Recovery"! I could Restore them by copying.

    - Used the "Delete completely" on Restoration again ( ran out of Archie, So I tried to define infinity mathematically on paper :p )

    - Installed East-tech Eraser and repeated the same process.

    - On every tool - Restoration showed up all the deleted files!!! Whyo_O Does that mean none of these erasers really work?? o_O :eek:

    - Afterwards, I tried to wipe a 5MB .exe file on R-Wipe ( 7 pass) and it was still there on Restoration. I could copy it back and it was still installable!!!!?? :( I then tried a 98MB rar file and it wasnt there on Restoration! confusing results. :cautious:

    - Same results with other softwares - with the 5MB exe & mixed results on 98MB rar.

    - Lastly I tried Shred Agent. The manual wasnt clear at all ( simpleton here) Most of the time, I was like o_O huh?? ermmm? owww? geee? hmmm? huh?

    - I installed it and it showed random things as "wiped" - didnt really understand the process at all - seems like I just needed to delete things manually in windows and it would take care of it. So I deleted the 5MB exe on windows and it was still there on Restoration but it wasnt installable anymore..

    Anyway, whats really wrong here? Are these tools just giving a pseudo-erasing effect? What are your experiences?

    :)
     
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am not familiar with Restoration, but was it installed on your computer already when you used these wipe utilities? I am wondering if maybe it is keeping extra copies or interfering with the stuff being wiped off
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Better try ERASER (Freeware) by Heidi :thumb:
    http://www.heidi.ie/eraser/download.php

    Plus if you were able to restore :eek: files that were still workable after using those programs to better delete by wiping techniques, something is definitely wrong.

    Now, at least with ERASER i regularly wipe single files with either a 3, 7, or custom made pass sweep and it's junk. ]
    I routinely erase every file and folder this way for performance sake when i have no use for it anymore then at the end of the day, i clear out all temps and such with ClearProg & DiskCleaner (Freeware), i then use Index.Dat Suite (Freeware) to delete on reboot ALL history/temp/user.DAT.logs, followed up finally by RESTORATION which by this time, just like you, theres a "HUGE" list that takes quite a long while to "DELETE COMPLETELY", but this method vastly enhances my system's performance.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Reboots after running R-Wipe&Clean are normal, especially when you mark the option "System".
    The wipe & clean continues after reboot, like for instance the page file. An icon in the system tray indicates that R-Wipe is still busy and when it's done, the icon will disappear.

    I don't know about the others, but R-Wipe also allows you to create personal lists to wipe&clean specific folders or files.
     
  5. Shad0w

    Shad0w Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    7
    Thanks EASTER, I will try Heidi Eraser later tonight.


    Erik, Yes, I understood the process. Most of these tools did have various options and seemed to detect and delete lot of things. Some more so than others. But if a simple freeware utility like Restoration can find all those deleted files with all these fancy 7, 13, passes - What good are they?? o_O

    :blink: :cautious:
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I don't believe that anything is wrong per se.

    Many of these erasing programs deal with the contents of a file, but not the directory entry - at least under the typical usage conditions.

    Some will allow you to to deal with those directory entries as a separate step, either zeroing out the entry, using an incrementing "blank" name, or replacing it with a random collection of letters. If this option is available, it is often located under the Advanced Options or in a lower level configuration menu.

    Blue
     
  7. rookieman

    rookieman Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    409
    Hi Easter,That's sounds like quite a cleaning method you've got there.I'm only using CCleaner slim at the moment but your method sounds very tempting.I downloaded Eraser and got kind of scared to use it.I guess I'll have to read each program thoroughly and try to understand how to use them properly.That's what one should do anyway!Do you really feel this enhances system performance?:)
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Good question man. Sounds like we are cheated by these wipe&clean tools.
    Maybe we have to use the crazy Gutmann method (35 passes) after all to get the job done. :D
     
  9. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    I havr read somewhere that with erasing programs, performing multiple passes, disc caching can interfere with this if you have it enabled, with the net result that the program in question only performs one pass irrespective of how many it appears to perform. Don't ask me how, will see if I can find that quote, though I don't hold out much hope.
    interesting side thought though, assuming an eraser did it's job properly, I wonder how a program such as Returnil would restore erased files on reboot, theoretically the only way it could be done was if the program physically copied the files somewhere else.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I would like to try this myself. However, I am concerned that the program Restoration actually has something to do with retaining these files. I am not familiar with this program. Can restoration be installed *AFTER* you have done a wipe to see if it can retrieve these files? I'm not saying that there is not a problem, but I am wondering if the problem is in the wipe utilitieso_O
     
  11. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Not likely, since Restoration does not really install to the os. It is a stand-alone folder that will not appear in add/remove. I liked the prog, but the one downside I found is that most of the files reported recovered were really not recoverable. I would copy the recovered file only to find that it either would not open, or the file contained only random symbols.
     
  12. Shad0w

    Shad0w Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    7
    EASTER, I tried your method but the deleted files still seem to show up on Restoration. Yes, one could just say use the "Delete completely" feature in Restoration and get over it - But who is to say a better recovery tool than Restoration cant find those files again? o_O


    tradetime, I have repeated the entire process on a friends computer. He has an extremely stripped down XP ( nlited ) with only the absolute bare essentials to run the OS. ( No cache enabled ) I still got the same disappointing results. :cautious:

    caspian, Restoration is not a program that you install. You just run as it is. Readme says you can even run it from a floppy disk.

    Well Erik, thats extremely disappointing. So what all these tools are doing is just to give us a false sense of security? :doubt: :ninja:

    :blink:
     
  13. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Very interesting, I have always used Heidi's Eraser, and in the early going used a file recovery program to check if I could recover files deleted with it, think it was called pci recovery and was unable, may try it again sometime with this restoration program you mentioned
    Also want to see if Returnil can cope with replacing erased files. If I get a chance will try it this weekend and post back.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Say that again, I'm also very disappointed. I don't have much faith in security programs and this is just another example.
    These tools are supposed to remove any trace and a freeware shows them back as nothing happened. That's unacceptable.
    I regret the money, I've spent on R-Wipe&Clean already. I wonder sometimes, who the bad guy is ? :mad:
     
  15. Nomen Nescio

    Nomen Nescio Registered Member

    Joined:
    Oct 26, 2007
    Posts:
    2
    HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH. Finally a lonely bloke shatters shredders. Funny. People are so easy, so easily suggestable, add a little bit of fear and they are your puppets! :rolleyes:

    Post these somewhere it matters and get these scammers out of business.


    I have access to various forensic data recovery tools and let me tell you, there is not a single commercial shredder, NOT A SINGLE one out there that works as advertized. Data can easily be recovered with the proper tools.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd point towards two things:
    - Small files, which are kept in the MFT.
    - Disk caching.
    I'd say that the best way to erase data is booting in an alternate environment.
    Have you tried SDelete?
     
  17. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I never believed that data could be wiped by ether 3 or 7 passes and 35 passes was over kill, What the makers of R-wipe and other utilities ought to do is breakdown and buy a forensic tool kit from one of the forensic websites like www.computerforensicsworld.con and a training course and then redesign R-wipe. The forensic tool kit is the real test in what is recoverable.
     
  18. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    I doubt that.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    When I was doing some research on data recovery on a failed drive, I contacted one of the firms locally that specialized in data recovery. They said while lacking some of the classified type of programs, with what they had they could recover data even if you had done full low level formats, and then used the disk in between. They said they could go back almost 7 formats.

    Really makes you wonder about these wipe programs. Maybe the way the work is wear the disk out.
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd like to see what can be recovered using forensic tools from a drive wiped with DBAN using 7/35 passes.
     
  21. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, if by proper tools you mean something along the lines of a Class 100 cleanroom, custom built AFM (atomic force microscope), a bunch of additional custom hardware, and a whole lot of time - maybe - yes, just a maybe... assuming that the data was overwritten (and, no, you don't need to go to some of the absurd lengths mentioned above).

    Information is quite readily recoverable if not overwritten and some operations that people implicitly assume function via an overwrite of all the file information, don't to be perfect candid.

    Finally, as I noted above, Restoration is not dealing with recoverable files. It is dealing with recoverable directory entries, which may yield either garbage (most likely), the actual file contents (extremely unlikely if a decent "eraser" was used), or a segment of the original file (I have seen this on rare occasion - a missed bit here or there - due to program bugs; nothing generally usable unless text based content) if a recovery is attempted.

    Blue
     
  22. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I believe that's referred to in the trade as.... zeroes....., lots of them :)

    Blue
     
  23. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Part of the problem there can be as simple as people assuming that a file only exists in one place on the hdd for its entire life, when a simple defrag will be enough to have moved the file to another location, so overwriting the file will not render it gone.
    If the file has during its life been edited at all, then it quite likely exist multiply on the drive, thus the only way to have a shot at erasing it is to erase all free space.
     
  24. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    An excellent point as well, illustrating that it's all in the details
    Not to mention zeroing MFT records and slack space if file fragments are important as well.

    Blue
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You cannot trust anybody or any company nowadays, the only thing that counts is earning money. If they can't even solve SIMPLE problems like wiping data forever, what do I have to expect, when they have to solve DIFFICULT problems, they can't even solve the simple ones.
    I solved this problem myself, in my personal way.
     
Loading...
Thread Status:
Not open for further replies.