Pagefile Question

No problem. One thing I didn't mention is after the shutdown unplug the power cord from the computer and leave it that way for at least 2 minutes. If you don't do this sometimes it won't clear the memory.

Also if you notice in that explanation (2'nd file) it mentions it being a "clean shutdown". That suggests that perhaps just quickly yanking the plug out in haste while your door is getting kicked in by feds won't cut it. That it needs to shut down properly. So if you're hardcore and all then encrypting or disabling it altogether may be the way to go. I'm not in that category (at least I certainly hope not).

It also states how it's the dual boot crowd that could really benefit from these measures. If you're single boot like I am on this machine, not so much to write home about. But even the dual boot crowd will be just fine applying this tweak instead, and it's much safer. I personally use a good bit of legacy apps, and have retro games & emulators on this box. Disabling or encrypting my pagefile could fudge a lot of things up for me personally.

 

In general if Ive had a bit of a glitch where I reboot Ive always done the 15 Second thing, for flushing remnants of "whatever" out, so the 2 minutes makes sense. Yes the clean shut down does indicate what you've said. Im single boot too. Im not sure how one type of app would require that the pagefile remained intact at reboot any more than another, as that's out of my league.

This thread interests me because after 11 years with no OS reinstall I'm looking to have a sort out on my XP machine w 80G HDD. It has 3 partitions. My system drive (10GB) is just too small and I constantly struggle to keep it under my preferred minimum 25% free. My pagefile is on a second partition and Im not sure how this would figure, if at all, when I image my drive. I also have a lot of utilities installed on another partition and I'm always on the lookout incase something just installs to C with no warning, but this is a topic for another thread somewhere....

I realize the sky is the limit as to who could frequent forums like these but as for me, if they kicked my door in it will be a complete waste of their time. Still, on the principle that privacy is a basic standard necessity for a healthy life, I'll do whatever I can to guard it anyway. I find it totally obnoxious what the snoops are doing. That said, I have no pity at all for those who get caught doing scummy shady stuff.

 

Clearing the Pagefile after every shut down, does NOT mean it can't be recovered with forensics etc ! So, as i've said before, on more than one occasion, not having is 100% better.

 

Once again though, your scenario (a forensic team) falls into that hardcore category that I'm guessing almost everybody doesn't fall into. If I had information/items that sensitive I would never store them on a computer connected to the internet in the first place. Certainly not on a closed source OS either.

If they want you that bad, by that point they'd probably have bugs and possibly even hidden cameras in that room. They can make the latter out of a very small strand of fiberoptic cable these days that you'd never notice, blending in with it's surroundings... after they intentionally gave your home a termite infestation then ended up being the ones to come fix the problem too. Of course, telling you you had to leave the house temporarily because of toxic fumes. Maybe even take the opportunity while they're at it to slip a microscopic piece of hardware onto your mother-board that narcs on your every keystroke or click.

And/or notice a telephone company always working on the telephone pole near your house that your line runs into. Things of that nature...

My solution is for that people that aren't quite that hardcore, and only need to protect it from shady "friends/girlfriends", script kiddies and maybe even grey or black hatters. And to do it without breaking things in the process. I know a lot of old games and emulators require the presence of a page file to operate properly.

Oh and btw Clone, you could benefit from upgrading your OS to SP3, and Firefox to v27.0.1 (after further review, instead of v2. I'm all about sticking with the known/good stuff too, but in both cases they are marked improvements. In FF, one thing in particular is spoofing your user agent string, I think was introduced in v8? A nice privacy improvement. Just don't go past 28... it goes downhill at that point.

 

A 10 GB partition should be more than sufficient for just your OS (XP)... as long as you're not putting anything else in there with it. My installation of XP Pro SP3, with all critical updates applied, takes up about 5 GB of space. Of course it depends on how much stuff you have on your box. Even if installed into other partitions, most programs have to throw some stuff at the OS for it to function properly. And I make it a point to make sure I have at least 90% free space in my OS partition. No, that wasn't a typo... 90% !!! free space. Ever since way back in the old AOL 4.0-5.0 days, on dial up, I learned that having that much free space made your browser/AOL run faster. I never really kept up to see if that's any longer the case, and doubt it is, at least not to nearly the same degree anymore. But I do notice a difference when my OS has more room to breathe... although my example may be excessive. But I'll take a good placebo any day, so I stick with it. And my partitions go all the way up to the letter "W", lol. I make sure my browser has that much free space too, but nothing else.

Oh, and putting your pagefile on it's own dedicated partition will accomplish nothing. It must be put on it's own dedicated HD altogether, with nothing else but that on it. And even then... I found it to do nothing as well (tried it myself). Didn't even get a placebo out of it, as I was expecting improvement after reading some stuff about it.

And as for unplugging the power cord, the rule of thumb is that doing it for 1 minute is sufficient. But I just go 2 for good measure, and figure what's another minute compared to the peace of mind of knowing it worked? But usually when I do it it's to shut down my entire network overnight, which I do like once a week to give everything a rest and get a fresh connection.

 

Clone, ideally, I would go for TOTAL PRIVACY ALL THE TIME. However, a LOT of our actions comes down to what we're comfortable with technology-wise. I simply haven't got the confidence or the knowledge to toy around with the possible disaster that might follow disabling the pagefile. Some say it's fine, some don't. All probably know more than me. Conclusion: on this I take the safe path since as Luciddream intimates, if you're not in that hardcore category its gonna be much less a problem.

VERY Well said and I have no doubt this scenario is right on the button. Amazing that there's some people who have no trouble believing all the hideous NSA stuff, yet when it comes to what you've described here, those same people brand you as "paranoid" or more nauseously .... a "conspiracy theorist"

As for the telephone pole well I'm rural and among other geographical things, anyone coming near us is in full view and would look very out of place very quickly. If I'm out, it may sound ironic but I'll spy if I have to, to reveal any privacy breeches.

 

@ luciddream

I'm fine without SP3. Interesting about Firefox v27.0.1, but v3.6.14 works nicely. I'm able to spoof my user agent string with an addon when i want to.

@ Reality

The only possible disaster that "might" follow by disabling the pagefile, is a temporary BSOD, which is easily cured by rebooting. So if you save what you're working on often, it won't catch you out. Plus before you disable the PF, by monitoring your memory usage with for eg Task Manager etc, you'll soon discover how much your apps etc are using. You can then decide if you have enough overhead to safely disable it.

As for tampering with your telephone pole, that's old skool ! They could do it @ your local telephone exchange and/or ISP, plus remotely from almost anywhere via the locally installed Black Boxes & the NSA etc's big Fat tapping Pipes.

 

Yes youre right Clone. I think Lucid was speaking more generally like placing physical "plants" onsite, but with todays technology just about anythings possible, example: whats shaping up to be the ultimate spy device and the mother of all privacy breeches. The smartmeter. These are the pits. Ultimately they can tell what youve turned on, when youve turned it on, how long etc etc... they can also have the ability to remotely control your power, but of course its talked up in PC language that's acceptable to the gullible. So far Ive managed to circumvent getting one of these which are being rolled out surreptitiously on the unsuspecting, or the too-lazy-to-care.

I dont think I have enough overhead to disable the PF, so Ill leave it on at this point.

 

Thanks, CloneRanger. I was a little concerned because a while back some of us thought that no data would persist after a reboot while using Returnil. And that turned out not to be true. But anyway, I did a little test. I copied more than 3 G's of my gif collection over to my desktop with SD enabled and then retarted and ran Recuva. Not one gif showed up after a deep scan. Pretty amazing if you ask me.

 

How do you see whats in your pagefile ....app? utility?

 

@ caspian

Before i had SD i also had Returnil 2008, which was very good, & most of us preferred on here to later versions. I can't remember the issues you stated with it though. Anyway we know SD is Excellent in many ways, as you noted.

@ Reality

AFAIK you either have to boot/log in as the MAIN Admin, not regular Admin, & then you can view the other users including regular Admin etc, but Not the MAIN Admin itself you would be using at the time. And/or, use for eg Linux to view.

Plus have a read of these for more info.

http://www.forensicswiki.org/wiki/Pagefile.sys

http://www.sevenforums.com/performance-maintenance/255524-can-page-file-read.html

 

Well that's definitely all above me.
One has to wonder just how many nooks and crannies there are in computers that are put there on purpose and we don't know about them.

 

I started a thread back in 2010 about Returnil leaving all kinds of data and images after reboot. Plus, unless this has changed, Returnil does not virtualize the pagefile.

https://www.wilderssecurity.com/threads/returnil-wipe-disk-changes-recuva-test-failed.284959/

I was inspired by you, CloneRanger. I did the same tests with Sandboxie configured with Eraser, and it also failed.

https://www.wilderssecurity.com/threads/sandboxie-eraser-test-with-recuva.284840/

But I tried again with Sandboxie a couple of days ago and it completely wiped away all of the images, as far as Recuva is concerned. But maybe a more serious forensic tool could see them I would test to see but I don't know how.

 

So for the hardcore privacy nut cases like myself

1:disable page file
2:disable hibernation

I take it despite running the entire os hard drive in FDE if your os entered hibernate or stored your encrypted password into the pagefile or RAM the above would at least prevent or counter this ?

 

I just encrypt the pagefile. For now. I'm a little nervous about disabling it. But I haven't tried FDE. I've been thinking about it. If it is as simple as just entering a password then I will probably try it.

 

I have switched mine off and rebooted and pc is just fine, seems many worries and reports and the usual don't ever switch it off talk all seems well and smooth as butter.

I also use privazer tool scheduled so it runs daily and it cleans my RAM and it now shows hiber and page sys files are greyed out since both are disabled so guess that is one sure way to see its off for good, think its a great idea to have them switched off and increase your privacy and security.

 

Encrypting a file within a non encrypted os can be ok given whatever you are protecting but lets face it if its say your online or bank passwords you should really be on FDE. Diskcryptor is a good choice since tc is hit and miss lately. You can use a bootloader say a pen drive and that will allow you to enter a password to access the FDE drive.

Bit of a chore when you switch on the pc but if your serious about your privacy or aware your hdd can die at any moment at least you can feel relaxed no one can get at your data.

You can off course then encrypt your files further or as a hidden encryption container if you still use tc while under FDE giving double security or with hidden more plausible situation.

 

FDE is on my list of things to try. Someone told me that it is as easy as entering a password when you start your computer. I can hang with that. As long as it doesn't require much effort I will usually do it, even if I don't think it's necessary.