Returnil "Wipe disk changes"/Recuva test - Failed

Discussion in 'privacy problems' started by caspian, Oct 21, 2010.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I got the idea to do this test from the System Spy Test thread started by Clone Ranger: Here

    This is what I did. I disabled Returnil and wiped my hard drive. It is 650 G and is empty so it took a long time.

    I then started virtual mode and enabled virtual mode upon restart. I double checked just to make sure that "wipe all disk changes" was checked. I checked both before and after restart just to be 100% sure.

    I hooked up my external hard drive and transferred a bunch of folders. I have a huge collection of animated gifs and pictures all organized by type so I had a lot to transfer. I then unhooked the external hard drive. I deleted several of the folders and I left several on the desktop. I then restated my computer.

    Since I had so many gifs (possible 2 or more G's), I decided to give Returnil plenty of time wipe everything. I went into the kitchen, did some dishes, took out the trash and did some cleaning etc... (20 to 30 minutes). Then I went in and restarted the computer again with virtual mode still enabled upon restart just for good measure. I did a few more chores and then went into the control panel and unchecked the "start virtual mode when I start windows" option, and restarted my computer.

    I then opened up Recuva, chose the picture option on C drive, and checked the "Deep Scan" option. It takes a couple of hours on this computer.

    The vast majority of the image slots said "no preview available". But the bottom potion of the results page showed a large number of my gifs. And they were completely recoverable. It in no way showed them all. But there were a lot.

    I want to be clear though that I think Returnil is a wonderful product. I absolutely love it. But one improvement that I would like to see is a better wipe option. But I don't know if that is possible. It may not be.

    If I had to choose one product to protect my computer it would be Returnil hands down. Nothing that I know of compares to it!. And it continues to get better and better with constant improvements.. I just want to be clear about that.
     
    Last edited: Oct 22, 2010
  2. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    I've never liked the idea of using live linux cd's so I've actually been trying to figure out a way to have Windows become like a live linux CD where everything is wiped after session. "Windows Ghost Sessions."...

    Returnil's wipe feature would have been the basis and your test just confirms what I have concluded. (After casing all of Truecrypt's vulnerabilities and similar material- turning off page file, hibernation, etc etc.).

    At least for the time being, it would appear that the best and ONLY way to absolutely secure your system + data 99.99% is using trusted FDE... although that still leaves you open to Cold Boot attacks which currently there seems to be no way around this type of attack.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ caspian

    You should ask Coldmoon to comment on your discoveries. I'm sure he would be interested in knowing about non deletion, as it appears to be a serious issue, and he has stated that he values privacy etc matters very highly :thumb:

    He might want to look at this thread too.

    https://www.wilderssecurity.com/showthread.php?t=284840
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What is FDE?
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    A guy posted at the Returnil forum a while back that a friend of his ran a test with encase and nothing was wiped. So he knows. Nothing else has been said about it. I don't think he is interested in talking about it.
     
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi caspian

    I think maybe, he dialxdrop means it as an abbreviation of Full Disk Encryption, also know as Whole Disk Encryption.

    Take Care
    TheQuest :cool:
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for explaining that. I am thinking about trying it with one of my laptops. I hope it is not too complicated.
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Re Returnil

    Found it, thanks :thumb: https://www.wilderssecurity.com/showthread.php?t=274850

    Jeez this is a Very serious problem :eek: and NO solution posted yet ! I wonder when/if ?
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    The good news is that it appears that BCwipe in combination with Sandboxie and/or Returnil works very well. I only had one negative result so far and that was before I checked the "verify last pass" option. I have no idea what that actually does but it appears to have made a difference. But just to let you know, on all of my tests running BCwipe, with only *one* of the other softwares, I opened a new tab after I was through and waited before I deleted the Sandbox... or before restarting my comp when testing with Returnil and BCwipe. However, with all three in combination I used my computer the way I ordinarily do for a couple of days and it worked perfectly....as far as Recuva was concerned anyway.. And just to mention, BCwipe with Firefox unsandboxed did not work.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Oh before I forget, I viewed a whole bunch of images inside of Sandboxie, with BCwipe *not* active, and X'd out of the sandboxed browser without deleting the Sanbox. I enabled Transparent wiping and restarted the computer. Then I deleted the sandbox. All of the images were still there. So BCwipe has to be active while the images are being viewed.
     
Loading...
Thread Status:
Not open for further replies.