|
I made this page in hopes of lending some sanity to the discussions of File Erasers in alt.privacy, especially when discussing the infamous Evidence Eliminator. The argument has turned very ugly and gotten out of hand.
The people behind Evidence Eliminator are to blame for their own predicament. Their flagrant spamming - and the outrageous content of their doomsday type of advertising regarding protecting the customer from law enforcement is more than just misleading, it's totally ludicrous. However, butt kicking the fools behind EE is not what this page is about. It's about demonstrating whether or not their program and other "eraser" programs really do work. The EE rants will continue on, but at least maybe we can discern the quality of the program apart from the ethics of its vendor(s). Anyone can reproduce my findings with the two free software programs available at the link below. The first program you will need is PC Investigator File Recovery: File Recovery The second program needed is Disk Investigator . Disk Investigator The page describing these two programs is Here While Disk Investigator *will* show your "deleted" and erased files, which is enough for our purpose of checking on an eraser's performance, it will not wipe the file names of these empty files from your disk. That takes a program such as Directory Snoop . Directory Snoop is able to purge these leftover file names. It is also capable as working as a file eraser, with a maximum number of 35 passes. You might consider downloading it for a free trial of 25 uses. If you care to, Here is where you can find Directory Snoop Here is where you can find the famous Gutmann's article on erasing files - and how many wipes it takes for true security. Here is his New Page and links to his more recent reasearch. Below are the URLs for some freebie eraser programs.
Sami Tolvanen's Eraser*
* (Sami Tolvanen's Eraser is considered the standard by which other erasers are judged. The newer versions 4x and 5x also erase those pesky file names along with the file itself. That obviates having to purge them with a program such as DirSnoop. I am not testing his Eraser because I am one of those who cannot get it to work on my machine. So, the following tests exclude it. Otherwise, the screen captures shown illustrate what is left behind after erasing files.) So, let's see some examples (with pics) as to whether a few chosen erasers do their job. Erasers Tested: ilolo's Incinerator, PermaDel, Handybits, Absolute File Shredder and Evidence Eliminator. Since all these erasers, with the exception of Evidence Eliminator, produce the same result, I will use only a single screen capture to show what File Recovery and DirSnoop see after an erasure. (The quality is degraded because of reducing the bytes in the pic to make the page load a bit faster.)
You will notice that I used text files for this test to make it easier to view the erased files if they could be recovered - which these can't be. Select the five text files you erased. Use File Recovery's OBJECT | SAVE TO... menu choice to save them to another directory. Once you have saved them, click on one of the files. Empty! There is no information in the files. (How much information can be gathered from it by experts with proper equipment, time and money depends on how many passes and what kind of content each pass was comprised of. But for us average guys who just want to hide our business and private matters from nosey people, a few passes suffices just fine. Here is what DirSnoop sees when looking into the directory of erased files. (Again, the bad quality of the capture is to keep the size reasonable to be shown on a Web page.)
You will notice that the file names are completely visible. That's no good at all as far as privacy goes. Many technically savvy guys have programs such as DirSnoop to see these file names. Many techs in the IS departments of companies or in your friendly corner computer repair shop probably do. So, now we have to use a Program such as DirSnoop to get rid of those file names. I've tried getting them purged by erasing free space and slack space to no avail. The names remain. The only way I have found to remove them is with DirSnoop. Menu: How to get rid of those pesky file names belonging to "erased "files. It's time now to checkout the infamous Evidence Eliminator and see if it does indeed sufficiently wipe files. Let's go to the EE page*. *(See this later and more detailed examination of EE's singlular failure that invalidates it's claim at beating all forensic evidence gathering.)(Choose the Evidence Eliminator link on the page.) Did you know that if you MOVE files instead of copying them, your original files can be recovered from the directory you moved them from, even though Windows says they are not there? Go HERE to find out how insecure MOVING files really is. What about PGP Wipe? The curious case of Iolo's System Shield eraser Here is the BEST FREEBIE SHREDDER of all those I have reviewed - it's from East-Tech! Here is the Ultimate Shredder For The Ultra Paranoid This is a link to a freebie program that will not only protect you against spyware taking over your machine, but will clean out much of the telltale usage tracks in your registry. Download Spybot. You do NOT need some fancy program to compact your registry and rid it of all the accumulated crud it has collected over time. That includes sensitive info you thought you had safely encrypted or erased long ago. Go HERE and learn how to defrag your registry w/o buying any fancy program to do it. (These instructions apply ONLY to Windows 95 & 98.)
ADDENDUM:Despite eraser prgrams, encrypted volumes, or anything short of a fully encrypted disk, your registry can still betray you. Endeavoring to control User.dat from betraying your privacy. |
Copyright: bluejay@cotse.net
January, 2003