Undeleted wiped files in Windows: how to?

Discussion in 'privacy problems' started by whoarestinkler, Apr 28, 2009.

Thread Status:
Not open for further replies.
  1. whoarestinkler

    whoarestinkler Registered Member

    Joined:
    Apr 24, 2009
    Posts:
    12
  2. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    While technically no-one can guarantee that any software erasure method is 100% effective, overwriting data with a couple of passes of pseudorandom data is fine for ensuring that pretty much anyone cannot obtain it.

    You may want to increase the number of pseudorandom passes for peace of mind :)
     
  3. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    That looks like "eraser". I use it myself. I have also used "restoration" by Brian Kato, and Recuva, by Piriform.
    The recovery programs I have used can identify some files that have been 3-pass wiped by Ccleaner, by name and/or path in some cases. They can recovery effortlessly files that have been simply deleted. Neither spot anything recoverable once Eraser has been in action wiping the free space, even with just a single pass.
    This is hardly proof. Just one users' experience.
    Who knows what is possible with software that is not generally released? As used by, say, the computer forensics division of a police force.
     
  4. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    The computer forensics division of a police force often use tools available to the public (see http://www.x-ways.net/ as an example). Anyways, what makes the difference is the ability and experience of the officer doing a particular forensic analysis, not the tool used.
     
  5. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    I argue that a one-pass wipe with pseudorandom data, slack spaces included and MFT names as well, such as what Eraser does, will prevent anyone access to retrieving the wiped data.

    Call up a data retrieval service and tell them you have a wiped drive and ask for their response. See if you can get a guarantee you won't be charged unless they can reproduce the data.

    It is far more likely Windows leaks, registry, MUI, secondary cache (swap file), hibernation files, forgotten logs, backups, etc., will reveal files you should have erased but didn't that will reveal what you thought to be private. This is why I now wipe Firefox/Opera files that get written that reveal my surfing habits. I let the apps default to recording all they want, then when I am done surfing, I run a script I've prepared that wipes all traces of their logging. It is truly amazing what logs are kept. Even CCleaner does not get them all, which is why I took to doing my own research on the particular apps I use... finding out what crumbs they leave behind.

    If you look around, you will see folks who now only run a virtual OS, or else a fully encrypted box... because the leaks are so many you cannot possibly catch them all.
     
    Last edited: May 1, 2009
  6. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    https://ssd.eff.org/tech/deletion
     
  7. whoarestinkler

    whoarestinkler Registered Member

    Joined:
    Apr 24, 2009
    Posts:
    12
    Yeah,its -heidi- software,portable edition on screenshots =)
    i think this is the best tool which can erase free space and file entries
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
  9. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    Eraser is good. However, using it on a fully encrypted boot partition will most likely damage it and force you to reinstall.

    So, if you are encrypting, use DBAN instead.
     
  10. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    I agree with snowdrift unless it is a Fed agency and the data is "vital" to National Security "and" cost is no object - there are ways to extract the overwritten data. That is why Fed guidelines direct the grinding of hard drive platters to dust to ensure security on certain computer systems.

    SourMilk out
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    There is another method equivalent to grinding of the platters. Begins with an "S". ;)

    If using Eraser, hope there are not duplicates of the data you are erasing.
     
Loading...
Thread Status:
Not open for further replies.