How can I confirm that my Windows 8.1 is properly cleaned?

Discussion in 'privacy technology' started by SeanGilvey747, Nov 26, 2014.

  1. SeanGilvey747

    SeanGilvey747 Registered Member

    Joined:
    Nov 26, 2014
    Posts:
    2
    Please can anyone tell me how I can confirm that my Windows 8.1 has been cleaned.

    After I have run a complete "Scan In Depth" and then a c drive "Clean" using something like the Peter Gutmanns 35 Passes Hard Drive clean, when I run another similar scan to confirm all has been cleaned I still seem to have all the same internet files, Index Dat, Web Cache etc etc showing loads of files etc.

    I hope that my question makes sense?

    Thank you in advance for any help.

    Sean.

    PS - what does the 35 passes or 3 passes actually mean?

    Thank you again.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Welcome to the forums :).

    What software are you using to clean?
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Hey I say welcome too!!

    I will let you and MrBrian discuss which software to "clean up" with. While you are doing that let me ask you to consider why you are trying to make sure your drive is so clean?

    If you are worried about someone (we call them adversaries around here) actually physically holding your computer at some point, then I would strongly recommend you do a WHOLE DISK ENCRYPTION of your drive. You will find lots of threads and folks to help you accomplish this relatively simple task. In fact for me that would be a starting point. Your drive can be clean OR dirty and no adversary can see anything locally if the drive is properly encrypted. I have spent a decade of my life learning how to encrypt, which programs to use, and also how to "attack" machines as an adversary. Let me assure you that proper WDE is your friend in so many ways.

    OK MrBrian I give this back to you, but I wanted to make sure this side of security was at least presented to our new member.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yes, "cleaning" as a defense against forensic attack is hopeless. FDE/WHE, as Palancar says, is one way to go. But that may not work if you'll be tortured for your passphrases (or as in the UK, just left to rot in jail). In that case, the only option is working only with LiveCDs (Tails for Tor) and storing your data encrypted in the Cloud. However, if adversaries can see your network activity, they could infer that you're doing that, and torture you for the URLs :(
     
  5. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    You can also use Truecrypt for deniable encryption, meaning that you can create several virtual hard disks, and if pressured only give up the password to a decoy disk you set up. There's no way to tell that you're not giving everything up

    And yes, look up Bitlocker for sure. As the other posters said, it won't mean much in the US or UK, but in most EU countries, Canada, Australia, etc. you actually do have a right against self-incrimination

    Also FDE/Truecrypt is not the end-all be-all, there's plenty of other ways for an adversary to own your machine if they really want to see what you're doing, especially with Windows.
     
  6. SeanGilvey747

    SeanGilvey747 Registered Member

    Joined:
    Nov 26, 2014
    Posts:
    2
    Thank you McBrian,
    Thank you Palancar,
    Thank you mirimir,
    Thank you krustytheclown2.

    All your points were great and if I may say politely a little over my head....and sorry for my delayed response to your help.

    I used Privazer to clean my c drive...and hope that would get rid of all my activities.

    If someone looked at my pc could they tell what I have been doing after a Privazer clean?

    Thank you again.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    You can test your own system with LastActivityView or similar, but keep in mind that there might be some things that LastActivityView (or similar) misses.
     
  8. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I'm assuming he's doing "Free Space" wipes, or just overwriting deleted files.

    The Peter Gutmanns 35 pass is for older drives, probably from the early 90s and older. https://en.wikipedia.org/wiki/Gutmann_method 3-7 passes is all you need for modern drives. Never do these sort of wipes on an SSD drive, it'll kill their lifespan and not really work as well as you'd think (because of the way SSDs work). Even on spinning disk drives I'd use file overwrite sparingly, because it is just extra work for the drive in the end, and pointless if no one ever tries to recover data on your drive anyway. (use your own judgment on the risks). For daily file overwrites, 1-3 is good enough.

    If you're selling a system to someone else, then you'd be better off doing a full hard drive wipe (again, 3-7 passes) and then reinstall the OS. If you REALLY need to make sure no one recovers stuff from an old drive, just physically damage it in whatever method is the most entertaining (drive nails through it, shoot it, etc).

    edit

    Though like others are saying, none of this is great protection against adversaries, it's odd that the stuff you've just wiped is still showing up. Try using https://en.wikipedia.org/wiki/BleachBit or https://en.wikipedia.org/wiki/CCleaner and see if one of those overwrites it.
     
    Last edited: Dec 9, 2014
  9. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    599
    Location:
    US
    Hello @SeanGilvey747,

    here is the PrivaZer Team.
    please try again and send us a screenshot of the second scan result after cleanup.
     
Loading...