Need experts advice

Discussion in 'privacy problems' started by whoarestinkler, Jul 31, 2009.

Thread Status:
Not open for further replies.
  1. whoarestinkler

    whoarestinkler Registered Member

    Joined:
    Apr 24, 2009
    Posts:
    12
    Rmus said:
    I have some questions:
    - what DeepFreeze-version I have to use if I want any forensic expert wouldn't recover any user actions (e.g. opened crypted by TrueCrypt folders and files) on Windows systems? Will any DF files will be keeped in real Windows systems? Are there any "portable" DF version that could be launched directly from-USB flash with NO TRACES in real Windows systems? Do I have to erase by heidi-eraser free space after DF use?
    - how to disable ALL "MRUs" in Windows (e.g. HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices etc)? Do forensic expert could recover "pagefile.sys" file if it clears on each Windows shutdown?
    - what DBAN I have to choose to wipe all discs if I have Intel Core 2 Duo (Dell 1520)?
    Thanks in advance.
     
  2. whoarestinkler

    whoarestinkler Registered Member

    Joined:
    Apr 24, 2009
    Posts:
    12
    NO EXPERTS HEREo_O
     
    Last edited: Aug 2, 2009
  3. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    NO EXPES HERE:blink:
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I'm no expert, but I've been using virtualizers for years. DeepFreeze won't write anything on your active partition, but will create a virtual volume which will be DELETED on the next reboot. I believe it would be easy for an expert to recover the virtual volume as long as it is not too old. If you want to make sure that everything is really gone, you should ERASE the free space.

    About the other questions, you can e-mail directly DF, they usually answer any queries quickly.
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    So I could use Shadow Defender in a similar manner, to access a truecrypt volume for example, and then reboot and wipe the free space with eraser? And there will be no traces left?
     
  6. whoarestinkler

    whoarestinkler Registered Member

    Joined:
    Apr 24, 2009
    Posts:
    12
    I think some traces will be in "pagefile.sys",ntuser.dat,in any temporary files SD used.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I wondered about this too. What if a person is using DeepFreeze or Returnil and downloads a lot of music and movies and then transfers them? Evidently it doesn't keep records or make permanent registry changes. But isn't all of that stuff still on the hard drive? Just as if you had downloaded it and then deleted it?
     
  8. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    This is why its better to also have full disk encryption as well as Returnil or deep freeze.

    For my downloads, I don't download them to my main hard drive and then transfer them afterwards. All my downloads get downloaded Directly into my True Crypt container.
     
Thread Status:
Not open for further replies.