Shadow Defender privacy question

Discussion in 'privacy technology' started by firefox2008, Oct 19, 2008.

Thread Status:
Not open for further replies.
  1. firefox2008

    firefox2008 Registered Member

    Joined:
    May 17, 2007
    Posts:
    125
    When I am running Shadow Defender in Shadow Mode is everything stored in RAM--is this the virtualization they are talking about? If I downloaded something off the net it disappears once I reboot but how secure should I be in that it can't be recovered?
    I mostly am using Shadow Defender so I am not having to use those clutter cleaning programs like CCleaner or Window Washer.
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Shadow mode is a snap shot of your pc configuration any changes I believe are redirected to a temp file created by SD,on reboot that temp file is deleted and would not be able to recover it.I think but not 100 percent sure though.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    This is a point of contention with programs like ShadowDefender, PowerShadow, Returnil, etc. The developers don't like to get into too much detail. However, everything is not "stored in RAM," as some of the marketing would lead you to believe. Just do the math.

    As for Returnil, I was reading the other day about a large .dat file, among others, that is deleted upon reboot. Whether that large file shows activity from the previous (or other) sessions is really unknown. Forensic analysis of those files are probably possible. What would they show? Your guess is as good as mine. This is where the developers don't get into detail as to what exactly is written to the drive, what exactly is deleted and if those files can be recovered forensically. Just don't buy the "it's all in RAM and when you reboot it's all gone," line. Mathematically, that just can't be true. When pressed, they will admit this and begin talking about proprietary information, yada, yada.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hey Gerard,I tend to agree what your saying that is all gone but is it really gone.If I am not mistaken that Coldmon from returnil said some remants can be found after reboots but perhaps by forensics as you say,but for its intended purpose it does what it suppose to rectify changes bad or good.As for shadow defender haven't got a clue if it is recoverable on a wild assumption I would say yes but only by means of forensic analysis.Oh yes as far as stored in ram I never understood how thats possiable my self.
     
    Last edited: Oct 19, 2008
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    When you go into shadow mode each drive that is shadowed has a file something like diskopt.sys written in the main directory. All disk reads are written to that file. When you reboot the file is deleted.

    No doubt one could recover that file, but can you get what was done while shadowed without knowing that files structure. That I don't know.

    Pete
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    How about Sandboxie? And what happens if you use Sandboxie over top of Returnil?
     
Loading...
Thread Status:
Not open for further replies.