Not leave traces on system

Discussion in 'privacy problems' started by italia2006, Jul 9, 2006.

Thread Status:
Not open for further replies.
  1. italia2006

    italia2006 Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    14
    Location:
    Belgium
    As I have sensitive info on my laptop I do not want to leave traces of online activity and also not from certain applications I use.

    I already know a few options, but need your experts advice on what would be best:
    - VMWare (or any other virtual machine software) with *.iso livecd.
    No snapshots, so all traces will not be saved.
    Is this true if you run your vmware from the host OS? Does qemu or vmware not leave traces? which "vmware" would be best in your opinion?

    - ShadowUser (ShadowSurfer)
    Read a lot about it on the forum but never tried it myself. See a lot of alternatives also. Works with snapshots and you can roll back to certain snapshot, so all changes will be not saved.
    Is this true that even technician could not find any traces of work or online activity with this kind of software?
    I do not want to start discussion about ShadowUser or any other similar software and which would be better... I saw many other threads about this.

    Thank you for all the input !
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    The question is for how long?
    If your Shadow session is 7 days, your information will be saved to the virtual volume while you're logged on.
    In VMware, the data will be written to the virtual disk. You would like to use the snapshot to revert to before you started browsing, because the cache, the index, the temp files will be written on like on a normal disk.
    Both are good, depends on the flexibility you need.
    There are other ways to increase your privacy if you need.
    For instance, you can use Restriction Policies to disable MRUs etc.
    Mrk
     
  3. italia2006

    italia2006 Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    14
    Location:
    Belgium
    Mrk,

    I understand that during the session the files will be "saved to disk" like normal, but after resetting I would like no traces.
    So I mean, if I power off the vmware player, are there still traces of the activity I did inside the guest OS?
    If I use ShadowUser and go back to previous snapshot, are there still traces of the work I did?

    Second, if you talk about flexibility and you tell me that both options are quite equally removing any traces, then I have a feeling that ShadowUser would be the easiest as this software is specifically intended for the purpose.
    VMware is more developed for testing purposes.

    What you mean with restriction policies and MRUs?
    Maybe that becomes a bit too technical for me.

    The main idea is to have no traces on the local system of my activities.

    Italia2006
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Hi,
    I haven't tested VMware so I can't say much about it. ShadowUser on the other hand, like you mentioned is designed to allow surfing the web without leaving any trace once you reboot, and I can vouch for its reliabibility.

    There is no return to 'previous snapshot'. There is your normal system and a virtual volume created with every new 'Shadow session' (which is not really a snapshot of your system). That means that you don't have to use a lot of disk space, only what is required for your activities.

    ShadowUser (not ShadowSurfer) will allow you to save changes if you wish, but once the shadow session is over, there is no going back, everything new is 'deleted' not 'erased'. Which means that a tech. guy could with suitable software recover data from the 'shadow session'. The only way to get rid of any deleted data is to erased it (but it is time consuming).

    So IMO if you want to be anonymous, ShadowUser is really suitable, if you want to try out new applications perhaps other alternatives are preferable.
     
  5. italia2006

    italia2006 Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    14
    Location:
    Belgium
    Quote: "everything new is 'deleted' not 'erased'."

    This is exactly what I mean. Deleted data are the traces I am talking about.
    I can simply use Acronis and start every boot with a "clean" system.
    But I would be very ignorant to think that all my previous work and data would be completely removed from the system.
    As you clearly say: "a tech. guy could with suitable software recover data from the 'shadow session'."

    The reason is because the data is written to the harddisk.
    When booting from a livecd and not mounting the HD, the temp data only exist in the memory and this would be almost impossible to get back afterwards.

    So that is why I also ask if I run vmware with some livecd *.iso from the harddisk.. I know that *.iso will be read-only. But will vmware not log anything on the harddisk that can be recovered afterwards? i.e. TRACES !

    So yes, I am looking for a solution with NO traces...

    Thanks again for your input :thumb:
     
  6. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    You can use a livecd without vmware that would be the best security you can offfer.

    The idea behind a livecd is to use only the ram as "storage media"
    In theory many of them will work even if there is no harddrive attached to it.
    As far as i know there is no recoverable information you can leave of the ram.

    I hihgly suggest one of the folowing:

    Windows: WinPE / BArtPE
    Linux: Ubuntu Live / Knoppix

    (Ubuntu may use sparce HD ... i'm not sure but it reformat after if it use that space)

    Also this will not prevent you of saving information to normal HD if you need to. Please note that booting from cd takes a LONG time. In theory you can install a live cd on a HD but still instruct it to use HD as read only. This can be an interesting compromise.

    THere is also windows embeded that have a special HD driver that allow you to mount an HD read only. (A bit like shadowsurfer but from MS). Test are being done by different group to make it work on bartpe or windows xp. However going that way would probably be against MS EULA.
     
  7. italia2006

    italia2006 Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    14
    Location:
    Belgium
    Are there any people on the forum that have experience with the things f3x mentions?
    I mean using BartPE or for example the Ubuntu Browser Appliance (by VMWare) just to leave no traces and to start every boot with a clean system.

    Also I like the idea of installing a live cd on a HD as read only.

    I agree that running a livecd is a solution, but it is indeed quite slow.

    All help is welcome. Thanks! :thumb:
     
  8. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Hi Italia.

    the cd forum: http:// www.911cd.net is THE MAIN REFERENCE regarding WinPE / BartPE. You'll aso find the home of many of the variant.

    I may recommand you REATOGO wich is a collection of batch file / script that make the creation of BartPE a breeze (almost) ;)

    If you are more computer savy i'll recommand you to try to build one from vanilla BartPE. I've been in the bartpe scenne since a while and trying to literally rebuild windows xp give you A LOT of usefull knowlege regarding security and computer administration. It's also a lot of fun.

    the advantage of using windows based solution is to have an handy disk for disaster recovery as very few system support write access to NTFS drives.
    it also you to hand pick each of your application and give you better control.


    ----------------------------------------------


    ON the other hand the advantage of linux and open source cd is too have a legal iso ready to download with some very good software on it. It also let you see things normally hidden from windows. It's the simpliest way to go.
     
Loading...
Thread Status:
Not open for further replies.