To get rid of these traces I use "Window Washer"
http://www.webroot.com/consumer/products/windowwasher/features.html
Discussion on:
View:
Show:
I always wondered how much information can be read off a hard drive after it was over-written. I use Defrag on a weekly basis. Doesn't the defragmentation process write over the gaps in the broken files? If the old data is overwritten how can it be viewed by anyone?
I also use a free program called Eraser that overwrites all the unused spaces several times. The program claims their process for erasing data is the same as the Dept. of Defense.
I also use a free program called Eraser that overwrites all the unused spaces several times. The program claims their process for erasing data is the same as the Dept. of Defense.
It can help with some cases. However, in the specific case mentioned here (slack space) the file may well not be moved, and the slack space (with contents) will not be touched. I don't know if any tools address this problem or not (hopefully something does - in case I decide to do something 'sensitive' 
)
Just clearing a page file doesn't help much either - you need to overwrite it (multiple times) to make it inaccessible. You have to be pretty paranoid to worry much about this though - if they come for your machine - you are already in trouble!
)Just clearing a page file doesn't help much either - you need to overwrite it (multiple times) to make it inaccessible. You have to be pretty paranoid to worry much about this though - if they come for your machine - you are already in trouble!
I run a file shreader also.... Not because of porn or anything else.
But, I do almost all my financial transactions online. Banking, bill paying, everything. I shread my tmp files, cookies, and everything else mutiple times a day.
Wouldn't the consideration of these types of files be a reason for wanting to overwrite both slack space and any files you are deleting?
Told ya, dumb question.
Dan
But, I do almost all my financial transactions online. Banking, bill paying, everything. I shread my tmp files, cookies, and everything else mutiple times a day.
Wouldn't the consideration of these types of files be a reason for wanting to overwrite both slack space and any files you are deleting?
Told ya, dumb question.
Dan
For the uberparanoid, you can have Windows automatically clear the page file when it shuts down.
http://support.microsoft.com/kb/314834
http://support.microsoft.com/kb/314834
I mean, I used to do it too.
But really, if your PC is compromised to the point where someone has access to your page file, clearing it once a day or so isn't really protecting you now is it?
All it did for me was add to my shutdown times.
But really, if your PC is compromised to the point where someone has access to your page file, clearing it once a day or so isn't really protecting you now is it?
All it did for me was add to my shutdown times.
clearing the space used for the swap
This is done on every shutdown/reboot (which is not daily, but can be very often in Windows)
3rd party utilities can do this, so can Live CDs (ones that don't touch the host OS at all)
ie, there are ways to clear the space so that no sensitive data is retained at all.
This is done on every shutdown/reboot (which is not daily, but can be very often in Windows)
3rd party utilities can do this, so can Live CDs (ones that don't touch the host OS at all)
ie, there are ways to clear the space so that no sensitive data is retained at all.
But the question remains, what does it accomplish?
Personally, I think clearing the page file on reboot is like the age old advice about hiding SSIDs on wireless networks.
I think it provides little to no value to most people.
Personally, I think clearing the page file on reboot is like the age old advice about hiding SSIDs on wireless networks.
I think it provides little to no value to most people.
Some places even require you to have procedures like this so that if the box is lost, than (assuming the data is encrypted) the data is safeish.
If it is encrypted, it would depend on the encryption, and where the key was.
But yes, safe'ish' is a good term...
But it is much better to use a utility that looks for this stuff and washes (scrubs) it completely.
But yes, safe'ish' is a good term...
But it is much better to use a utility that looks for this stuff and washes (scrubs) it completely.
I have to say, well said, deleting it does provide little to no protection (and can cause a false sense of security - even worse.). However, with Vista MS introduced full disk encryption - including the swap file - Mac has done this for a while too, and *nux has had this for donkeys years. The other useful thing that *nix has is to allow for Swap partition encryption with a *randomly generated key each time you boot*. So basically, you switch off the machine, the swap partition is full of unusable bits and bytes (little pun there, I like it). (Link: http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml -- Gentoo docs on Disk encryption, starting with swap partition).
There's a tool for MS Windows called TrueCrypt that has been available for a while now, and is at least one of the best personal disk encryption tools available for that platform, if not the best. It's certainly better than Microsoft's built-in disk encryption tools. If you must use MS Windows, check out TrueCrypt.
TrueCrypt isn't just for Windows....it works on Mac and Linux too.
http://www.truecrypt.org/
T r u e C r y p t
Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux
Main Features:
Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Encrypts a partition or drive where Windows is installed (pre-boot authentication).
Encryption is automatic, real-time (on-the-fly) and transparent.
Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography ? more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Further information regarding features of the software may be found in the documentation.
http://www.truecrypt.org/
T r u e C r y p t
Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux
Main Features:
Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Encrypts a partition or drive where Windows is installed (pre-boot authentication).
Encryption is automatic, real-time (on-the-fly) and transparent.
Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography ? more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Further information regarding features of the software may be found in the documentation.
"TrueCrypt isn't just for Windows....it works on Mac and Linux too."
This is true. It will also install on FreeBSD, with a few tweaks.
However . . . there are better options for volume encryption on BSD Unix and Linux-based systems than TrueCrypt. TrueCrypt is designed more with a more completely GUI-oriented system in mind, and I prefer encryption tools that aren't limited to GUI-based operation when I'm not using an OS whose command line interface is crippled like MS Windows'.
Your mileage may vary.
This is true. It will also install on FreeBSD, with a few tweaks.
However . . . there are better options for volume encryption on BSD Unix and Linux-based systems than TrueCrypt. TrueCrypt is designed more with a more completely GUI-oriented system in mind, and I prefer encryption tools that aren't limited to GUI-based operation when I'm not using an OS whose command line interface is crippled like MS Windows'.
Your mileage may vary.
Yes, there are 3rd party utils that can do this much better. I too used to do the 'clear page file at shutdown' but this is pretty ineffective. The data is still there, just not as accessible to the OS. Other issues are that it does not address part of the article well, like with the slack space and hibernation.
If you are afraid of being brought up on charges for what you're doing with your computer, and you wipe your hard drive, they can still possibly get incriminating evidence off your pagefile or swap partition (depending on the OS). Thus, wiping out a pagefile or swap partition is more a tool of paranoia for those who engage in activity they don't want proven later than a way to secure data.
disable the paging executive in the same area of the registry. this means that data is never written to disk, ever. but as w2ktech notes this doesn't affect slack space orfreespace. for this i use a file shredder, that came w/ giant, so instead of delete, you right click a file and 'shred'. but thenagain, i'm not actually that paranoid, just don't want my family finding my porn when i die.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
