the most effective privacy software?

Discussion in 'privacy technology' started by guest, Feb 15, 2009.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    OMG I didn't realize it was quite that bad. But regardless, I cannot think of any reason to use anything other than Eraser and/or R-wipe.

    However though, I do use Sweepi often. I have it set to "delete and overwrite" and I have chosen "Complete CleanUp" under "Profile Selection." I run Sweepi and then Ccleaner, which picks up a few extra remnants, and my computer runs fast. Nothing else has worked so well as this combo. Sometimes after running those together, my computer just bounces from one command to the next. I love it. FAST!

    The other thing too is you can use Returnil, which I guess prevents private data from being saved on your computer. And I use Sandboxie overtop of that. You can also configure Sandboxie to wipe any remnants that are left behind when you delete the Sanbox. But I kind of doubt that it would be necessary. But maybe I am wrong.
     
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    That first link doesn't have a date, but the pcmag review looks like it's from 2003. I would bet that the article listed above is closer to the truth. That it is an outdated product that does not do what it says. And as far as having software like that on your PC? There is not a snowball's chance in Hell that a person will be convicted of a crime if that is all there is. More and more people are using these products to protect their financial information and other personal information from identity thieves and criminals....for instance if they decide to sell their computer. In fact, from all that I have read, you would be stupid not to clean all of that stuff off first.
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    You know it's interesting that you mention people downloading porn and then mention illegal porn as a seperate issue. So evidently you think that regular porn should be illegal and that no ones has a right to privacy even when it is legal.

    But here is another point of view. There is a hell of a lot more to life than living your entire life to accommodate the possibility that someone *might* abuse something. Millions of people are stabbed everyday with knives. But we use knives to cut food. The postal service has been used for criminal activity but that is the very least of what it does. People have a right to have privacy in their lives. And if someone wants to download LEGAL porn and then wipe their computer then that is none of your business...nor anyone else's.

    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety". Benjamin Franklin
     
  4. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    WOW "Sweepi" looks alot like R-Wipe & clean!
    sweepi.gif


    Never seen it before but it looks very interesting! But I cant find any difference between the 2? can you please point out the difference between the 2?

    http://sweepi.yooapps.com/?c=produkte/sweepi5&l=E


    One thing I don't understand is in the article that talks about EE being usless
    http://radsoft.net/rants/20031027,00.shtml

    it said


    Does this mean Alternate Data Streams?
     
    Last edited: Feb 19, 2009
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    Yea didn't guest imply before that he was from UK? UK are the worst laws ever when it comes to internet privacy. it reminds me of this.

    New powers for police to hack your PC Without A Warrant
    https://www.wilderssecurity.com/showthread.php?t=229880

    can I ask why do you use both East-Tech Eraser and R-Wipe & Clean?
    wouldn't that take a long time? because say for example after you have deleted a certain file using East-Tech Eraser and then you to use R-Wipe & Clean because the file has already been deleted with East-Tech Eraser you would have to wipe the entire empty space of your hard drive. depending on the size it cauld take forever.

    also regarding Acronis Drive Cleanser for boot up wipe would it do the same as this http://thestarman.narod.ru/asm/mbr/WIPE.html which is changing all the bytes to "ZERO"
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    someone correct me if I am wrong but I can't see how either retunil or sandboxie would work. because after the session the tempory data has to go some where, the only place the deleted data can go is on the harddisk. So unless returnil and sandboxie has secure wipe etc??
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Evidence Eraser will surely ULTRA sanitize a drive alright, up and under it's platters but it better be a new and durable drive because it toasted mine and i went back to more softer methods because theres no sense in wiping for performance if it ices your hardware. Could have been the settings i used, but it definitely went to the extreme.

    EASTER
     
  8. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    as I said

    as in one provides options the other doesn't like "Wipe Master File Boot Record" in R wipe & clean, & East tech eraser searches for and wipes Alternate Data Streams, Just to name a few!

    Hmn weird site, dont really know what to think about the exaggeration of it, I don't believe a SINGLE PASS ZERO-OUT, would do anything for you, except write zeros to your drive, this is just overwriting your data once, not wiping it with random data, yes It is enough if you don't want the person you just sold your old machine, to be able to recover data, but no It will not stop Forensic tools/Hardware recovery tools!

    SandboxIE has the ability to wipe the virtual drive! I haven't used Returnil that much I don't remember what settings it has LOL I do remember you can choose where and how large its virtual drive is!
     
  9. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    121
    I have my doubts about computer forensics. When one of my HD:s crashed a few years ago, with about six months of irreplacable work on it I went on a quest for a commercial recovery service. It turned out that all of them are willing to take on pure hardware problems, but none of them will handle data that has been overwritten even once. And that's irrespectively of the company's level of competence and, significantly, irrespectively of potential revenue. So I'd say that a 3 pass DoD purge of sensitive files should satisfy even the paranoid. What to purge may take some learning though. I'm also rather doubtful about the claim that using stuff like electron microscopes or whatever to cull a bit here and half-a-byte there would make it possible to compile undisputable evidence. Has this really been done in an actual, real world, documented case?
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    Ok, as far as I know, using magnetic force microscopy to extract the data from a damaged HDD is a time consuming task. Essentially, they take a photo snapshot of your HDD using a microscope then process that HUGE image to extract the bits. Hardware forensics probably do the same. However, when they try to see what was erased, situation gets a bit more complicated. This is because for each bit you have the current value and a potential old value, read from the edge of the area allocated to that bit. In order to recover anything from that, a lot of guesswork is needed - that means a lot of time and a lot of resources. Because of that I suspect that this method is not used in every day activity, but only for special cases.
    Normal forensics, based on reading all bytes and storing them in a container (like EnCase) are defeated by any zero pass overwritting of data.
     
  11. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    I think it's more likely that the HDD had an existing fault that was exacerbated by constant writing of data. Many older drives are succeptible to failure when subjected to large and constant write patterns [such as multiple random overwrite passes]. It is no different to putting such a drive into a high I/O machine like a web server :)

    As far as I know, Evidence Eliminator uses the same overwrite routines as any other program but simply applies them to as many areas that "evidence" may reside as possible. It doesn't do anything different in respect to overwriting. Apparently it does a "9-pass DoD" pattern but I thought there were only 7-pass and 3-pass DoD patterns.
     
    Last edited: Feb 19, 2009
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Warlockz I don't have near the computer knowledge that you do so I cannot tell you what is going on. But I use to use R-Wipe and Ccleaner in the same way and the results were just not as good. When I first tried sweepi, I ran R-wipe and Ccleaner first. And then when I ran Sweepi it came up with about 50MB or so of extra stuff. And that is after I went through all of the categories that R-Wipe offers on the side panel. So I don't understand it, but when I use Sweepi and then Ccleaner, sometimes I get a really big boost. Smooth and fast. I love it. I use Returnil and Sandboxie too so I think that helps to keep everything in good working order.

    As for the authorities fiinding stuff on the guy's computer after running EE, maybe it was thumbsDB (sp?). Someone posted an article about this guy who got busted. He wiped his computer but there was still a thumbsDB image on it.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    I thought that virtual memory was memory that did not actually go to the hard drive. I don't know. But I do know that people add Eraser to Sanboxie so that when they delete the Sandbox, it wipes a dat file. I have no idea what is on a dat file or if it really even matters. maybe someone here could enlighten me.

    As for Returnil, evidently a newer beta version can be made to wipe a dat file upon reboot. I assumed that this was the only thing that it left behind.

    Here is what I am curious to know. If I download 100G of music over top of Returnil, does it get stored on the hard drive? All I know is that I have run the program Restoration since I started using Returnil, and it barely pulls up anything. So if all of these downloads are there, I have no idea how to find them.
     
  14. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Use some kind of recovery software, like Undelete plus and see if you get any results?

    You can get the Portable version + the Installer free!

    http://undelete-plus.com/

    Or you can find something else that's similar

    http://www.google.com/search?q=recover deleted data


    You know whats cool about the portable software, is if you use Portable apps, you can open the portable apps folder (the folder that contains all the apps) ant make a folder called Undelete Plus, and copy the portable undelete plus.exe to the folder you just created, then open the portable apps menu click options, then click refresh app Icons, and your portable undeleteplus will be accessible from your portable apps menu! Yes I have like 50 portable apps on in my portable apps suite thats not from the portable apps site!

    here is a site full of free portable apps to get started

    http://www.portablefreeware.com/all.php

    ................................................................................................
     
    Last edited: Feb 19, 2009
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Privacy is good and erasing helps privacy. But it only helps. Computer forensics is a lot more than just retrieving deleted files, you would be shocked at what all can be found by a well-trained forensics specialist going to work on Windows. Not from just deleted files, but from files that are sitting right there on your drive. Bizarre log files, dump files, the list goes on. Anybody not wanting to have to concern themselves with what's on their drive should definitely go with full disc encryption and forget about trying to finding every little file to wipe (and hope whatever erasing utility finds it too). If that's the kind of security you want or need, erasing tools are downright obsolete. In that case, whole drive encryption is the future. It's here now, free and paid versions, and you never have to run a wiping utility again.
     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I agree with this part completely. It is very hard for a tool to clean up all the locations where a forensic detective can find information about you. It is even harder for a user to know where are all relevant files located.

    I also partly agree with you here. Full disk encryption solves the problem of not knowing what to erase. But using full disk encryption can put you in a difficult position if you ever need to justify the need for it (i.e an investigator will become very suspicious if he finds an encrypted partition, even if you have nothing to hide there and you just encrypted it to protect your privacy). So from this point of view I'd prefer to justify some ambiguous entries in registry that an erasing tool missed, rather than to be asked about an encrypted partition or disk - though I'd REALLY wish it will never be necessary.
     
  17. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    Question

    With full disk encryption I know it prevents reading and writing to the disk etc. but does full disk encryption also prevent others from "Reformatting" the encrypted disk on a different machine?
     
  18. jonw

    jonw Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    83
    Umm could you say again I don't think I understand, are you wondering if a encrypted volume can't be reformatted? If that's what you are asking then yes you can reformat a encrypted volume without the password you just loose all the data.
     
  19. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    It only prevents Reading if the Encrypted drive is CLOSED, if the encrypted drive is open, it will read and write just like an unencrypted drive, it is susceptible to any threat that any normal unencrypted drive is wile it is open, also if an attacker found a way to obtain your password/keys to your encrypted drive, the attacker can scan the open encrypted drive with recovery software and recover any deleted data just like if your drive was never encrypted, I advise the use of Privacy software on whole encrypted drives regardless!

    I'm not to sure about this one though, software may vary, but if an attacker had your Pass/keys to your encrypted drive than the attacker can probably unencrypted your encrypted drive remove your HD from your machine then remove the platter from the HD case, and use a hardware recovery tool to scan the platters layers of data and retrieve data underneath overwritten data?

    So, the use of Privacy software regardless of the fact your whole disk is encrypted is advised!
     
  20. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    not sure what you mean here because if an attacker did have your password keys etc well of course he can unencrypt your hard drive. other wise how else would the legit owner be able to decrypt his hard drive??

    In regards to always using privacy software there is a way around that and that is to never delete any thing that way there wouldn't be any thing underneath to find.

    There is another security hole I think. Most whole disk encryption software only encrypts the hard disk not every single file individually. is this true?

    If so then if an attacker got hold of your hard disk which is encrypted he cauld reformat the disk and now because the disk is no longer encrypted he cauld now use forensic recovery tools to recover all the files that were there before the reformat. Is this possible?
     
  21. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    This is not possible. If you are referring to a software encrypted disk (using TrueCrypt for instance), then when you encrypt the disk, you encrypt each sector, so if you format the disk you just erase already encrypted data. For hardware encryption, I suspect the process is similar and each sector is encrypted. So formatting will not help in decrypting/recovery of a disk or partition.
     
  22. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Please read thru my post again until you actually understand it!

    o_O I guess if you want your drive to be full of all kinds of private and useless data then that would be an option for you, Using a good wiping algorithm in your privacy software's settings like a 7 wipe pass prevents data recovery period! If their is something on my drive that I don't want to be recovered I will use my privacy software to render the data unrecoverable, then it doesn't matter if It gets overwritten, it can never get recovered regardless!

    Whole disk encryption means whole disk encryption, its basicly a virtual encrypted drive, every byte of the partition is encrypted (not just random files), you cant even see your partition anymore when using a boot disk like paragons rescue disk, it will look as though your disk is unformatted!

    I know this because I use "PGP's Whole Disk Encryption"

    Now you can create encrypted Containers, which are like virtual drives, but encrypted, so you can have access to the data inside anytime you mount them, once you dismount them, you cannot access the data without the passwords/keyfiles! this prevents the process of having to constantly decrypt and then re-encrypt files

    Deleting an encrypted file will not give you access to the Encrypted data, if this where the case then nobody would be using Encryption, If you reformatted your drive without using a BOOt and wipe software such as acronis drive cleanser, and the attacker was able to restore your encrypted file (this will be a single file), he would still need your passwords/keyfiles to be able to access the data inside of the encrypted file!

    Now if you have private data on your drive before you encrypted it, their may be a possibility of restoring the files underneath the encrypted file, but not the files inside the encrypted file! It is advised to make sure your partition is clean before you encrypt it, this is where acronis drive cleansor comes in handy once again!

    My advice is to read up on encryption and how it works so you can understand it, one of the best ways to understand it is to start out with TrueCrypt, and read all of the tips and instructions in their help files, and on their site, then you will have a better Idea of how it all works!;)
     
  23. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    This is highly unlikely, so I wouldn't worry about it to much. If you read my post above about disk forensics, you will see that finding data underneath an existing file is not an easy task.
     
  24. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Don't worry I read your post, I know you read mine;)

    I said "their may be a possibility"

    If I had something to hide, I would most defiantly start out with a clean HD (wipe the entire drive), before I reformatted and encrypted it!

    As for opinions? unless your a HD Forensic Recovery Expert, your Opinion is null to me, just because it "is not an easy task". doesn't mean its not possible, from what I have read on the net, it is possible to recover data from as much as 3 layers within the Platter, it may not be an easy task, but it is possible!

    Now I know we will always have our own opinions about this issue until we have Proof, but if I had something to hide I would find it Ignorant to be lazy and not go thru the proper procedures where I know I would be safe!
     
    Last edited: Feb 21, 2009
  25. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    121
    We do know for sure that it's possible to "recover data" from overwritten files, but it all boils down to the definiton of data. As for recovering meaningful, coherent data that will hold water as evidence in a trial, I've not been able to find any documented case where this has been done. Maybe someone else knows?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.