Computer Cleanup and security...How is this possible? Files not gone once deleted?

scottjua · 19 June 2003

I caught a few lines of a quote in another forum that caught my interest:

the hard drive and scanner were taken to the FBI's Computer Analysis and Response Team lab...found traces of more than 300 images on hard drive...Of these, 60 were in the temporary browser cache, and 230 had been downloaded and deleted.

OK...so does this mean that deleting files you don't want doesn't really delete them? So if I don't want an older verison of photoshop on my computer...and I uninstall or delete completely everything...that it still resides somewhere on my HD? How can that be?

In the case of imagesor peronal banking files... how can you NOT have deleted the files? If you see the blank space and used space on your HD change after supposedly deleting files you don't want anymore... how do remnants exist?

So if this is true, what do you do to really CLEAN off the junk you don't want like old application versions and outdated games, personal info, etc.?

How can you lean out your PC for best performance and get rid of all the shite you don't want hoggin' memory/HD space/etc.???

caz-nsx · 19 June 2003

I'm not an expert but here is what I know. When you delete a file you only delete the register for the location of the file not the file itself. The bits of data are still stored on the drive in the original location there just isn't any way for the operating system to find it without a special program that scans the disk.

One way the file could be deleted is if it is sitting on a sector of the disk that gets overwritten when you save a new file. If you have a large drive it may take a while for you to save enough data to write to all the emty locations before the OS goes back to previously used sectors.

Another way, I believe, to permantly delete some files or at least partially is to defrag your drive. The defrag process tries to put the clusters of a file next to each other to reduce the drives search time. This process may move clusters from the previously deleted files away from each other. The bits of data would still be there just in different locations and much more difficult to put together, like a puzzle.

I have not done any research on the subject but I'm sure there are programs out there that will go through the file address table and remove, or corrupt, the data that is in the deleted files location.

DutchBlackNsx · 19 June 2003

In the good old DOS days, we used to have a small program called *DISKWIPE* from Symantec, which would write just 0's and 1's to the unused harddrive space, so there was nothing left. This mehode (in multiple write's) was gouverment approved.

Another idea to get rid of ALL resident data, is to fill up your HDD with loads off crap, and delete it afterwards.

I'm sure there is software which can do this under windows as well.

Mich

gheba_nsx · 19 June 2003

On NT there was this feature (right click on teh Hard Disc icon). On 2000 I am not sire it is there anymore... anyway Norton tools do this for you. And I am sure a lot of shareware/freeware do REAL permanent delete.

Here a lot of nice stuff for PC (German page):
http://www.hacker-archiv.de/action.php?go=secure_delete

your geek

gheba_nsx

ps: a friend with MAC (no, David, not you!

) told me that he always use this: http://www.aladdinsys.com/secure_delete/

NeoNSX · 19 June 2003

Sorry this is long, but i've tried to cover everything.

There are different ways files are not deleted :

1) Like caz-nsx explained, say you have a large file on your HDD which you want to delete. Becayse it's big it would take a long time for Windows to physically "delete" by overwriting ...so Windows takes a shortcut - it resets the entires in the FAT which just point whereabouts the file is on disk. Essentially Windows then ignores what was written. That's the not-to-technicial explaination.

2) With Windows XP there is a feature called "System Restore" which tracks what you install on a hard drive in case something goes wrong and you need to "undo" the changes. Even when you've uninstalled a program (eg. Photoshop) the System Restore feature will keep files. Installing a program over the top of another program doesn't effect SystemRestore. You can turn this HDD-wasting feature off, although it's useful if ever you install bad drivers by mistake.

3) Then there's the INTERNET... this is completely different. I don't have a technical understand why files can still linger, but they do linger (see story below) ... When you clear your Internet Cache & History, it doesn't clean everything.

A great example of this was a guy who was using my PC, and started d/loading porn flicks w/ IE5.5 when i was out of the room. I came back and saw what he was downloading to my horror (and disgust).

That was the end of him touching my PC.

I deleted the crap he d/loaded, cleaned the Internet History and Cache, and thought nothing more about it... my PC was porn-free again. However months later i was running low on HDD space, and so i searched for large files to delete... cached copies of the porn flicks appeared.

IE5.5 had cached them in other system folders even though I'd cleared the Internet History & Cache! (he hadn't copied them; as i found heaps of other old files)

Long story, but that's why i don't use IE anymore...

If you are concerned about privacy & security issues, you should try out <A HREF="http://www.evidence-eliminator.com/">evidence eliminator</A> which claims to be the best.

If you have further questions about SystemRestore, or how Windows deletes files... don't hessitate to ask. No such thing as a silly question.

NeoNSX · 19 June 2003

...just in case some smarty-pants thinks the guy d/loading porn flicks in that story was me and i'm covering up, not so... and i have the perfect alibi too.... why else do i have so much spare time to be posting on prime?

The NSX is far more satisfying!!!

Enzo · 19 June 2003

gheba_nsx said:
ps: a friend with MAC (no, David, not you! ) told me that he always use this: http://www.aladdinsys.com/secure_delete/

What ??? Someone else than me is using a Mac too !

Seriously. you can find a tons of sharewares/freewares on the net too to do that kind of stuff under Mac OS X!

Some months ago, during the "GENESIS" operation, we were hired by a judge in charge of this affair to help him to find proofs of pedophiles activities on several hard disks seized by the police which were completely erased and we did succeed !

Edwardo · 19 June 2003

1. Someone downloaded pornography on a computer?

-Surely you jest....

2. Someone is using a Mac?

-Surely you jest...

Haha...I am just kidding with you guys

.

scottjua · 19 June 2003

so ...can we assume that using these shred apps are compleltely safe...?

So since I've been reading about these methods now...does the over writing of blnk space on your HD with 1's and 0's over a certain amount of times pretty much make the old data irrecoverable? (BTW, evidence eliminator is 150$!!!

...for that much I will go buy a new HD and start over for less... and burn, sand, dip in acid, smash, grind, piss, etc...on my old one to make sure it's dead.)

Where can you find out the tolerances? I mean if I want to delete old info or personal banking or SS# info...I want it GONE 100%... not 99.999%...

???

I also have a Mac on my desk at home...so thanks for the MAC link!!! ^______^

Enzo · 19 June 2003

scottjua said:
I also have a Mac on my desk at home...so thanks for the MAC link!!! ^______^

Try this one :

http://www.versiontracker.com/mp/ne...e=Quick&OS_Filter=MacOSX&search=shred&x=0&y=0

burbel · 19 June 2003

When trying to clear the data off of the disk, you have to look at likely candidates that would try and recover it. I have normally heard that formatting all data on the disk, and doing the all 0/all 1 write cycle three times makes the disk clean.

However, to determined government investigators, or other groups, that really want in, well there are tricks to try and get it. However, for most folks, deleting a file is enough; if someone were to find the hard drive in a dumpster, they most likely wouldn't get your files off.

If you want to see some impressive stories/pictures, do a search for disaster recovery services - there is some pretty amazing work going on getting data that was lost (purposely or accidentally).

BadCarma · 19 June 2003

the disk must be overwritten 7 times with binary to insure deletion. it is also the miltary standard for nato. you can find miltary grade wipe utilitys fairly easy on the web.
you could format your drive and install a new os and a good forensic computer scientist could retrieve your old stuff in minutes not hours. I have retrived files from a drive that had been wrecked physically. even a drive that has intense ntfs permissions and max length all asci passwords no character existing on the keyboard can be slaved off another box and your in.
david
every email in the us is keyword sniffed by the nsa including the keyword nsa
just for kicks if you have an nt or 95 box do a find file on nsa.key ..MS says its not a backdoor and say it was a big hoax but who trusts MS, IIS servers through build 4 had a back door built into a DLL this was found by rain forrest puppie, MS or anyone in the loop could walk into any online web server running IIS instead of apache until it was made public. I bet most of you havent even unshared your drives if you are running an old build of NT and XP if setup incorrectly is wide open

ncdogdoc · 19 June 2003

Honestly the best way to remove traces is to remove the HD, and find some way of physically destroying the media, preferably with an electrical or magnetic component involved. Those looking for traces will find them, even if they are really part of some other file. When it comes to porn, accounting, and terrorism, you are pretty much guilty until proven innocent, and either way, you will be made known of in the media which of course makes it to the internet, where it will never go away.

PHOEN$X · 20 June 2003

Here's a good article on this topic:

http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/

Eraser is generally regarded as one of the best Secure Data Removal tools, and it's open-source (free).

NeoNSX · 20 June 2003

wow.... you guys would consider physically destroying a hard disk to destroy data?!?!

What are you guys into?!!?! (i want in!!!

) j/k

scottjua · 20 June 2003

OK I'm using eraser now...and it takes forever. I mean a LONG time...

But I get errors...like it won't be allowed to overwrite cluster tips for IE's history and such... and some other weird files I've never seen before. What does that mean?

About the only thing I care about it people hacking banking and personal information off of and out of my internet cache's and memories. That is VERY VERY sensitive to me and I don't want to ever be the victim of ID theft. Also back from my student days of having versions of software that was for "learning purposes"

as well as MP3's that are obviously not paid for...etc.

How about things like MP3's that one downloaded from Kazaa, or Napster (which I have tons of)... How do you protect from those? Burn and delete? But once they're deleted and they still exist... what then? Will an app like eraser take care of those things?

How can you know what to look for? I'd like to know what's getting deleted too.

And in general, anyone have any good housekeeping tips to keep the machine lean and fast? What's necessary to run and not on a PC?

NeoNSX · 20 June 2003

We can stuff around with 3rd party software all we want, but the best advice for keeping your system clean, lean and mean is to format & re-install Windows regularly. If you're really paranoid, this is the only way to go. Doesn't take too long these days either.

PHOEN$X · 20 June 2003

scottjua said:
OK I'm using eraser now...and it takes forever. I mean a LONG time...

You can change your Erasing preferences to reduce the # of rewrites to speed up the process. By default I think the # of passes is 35 (Gutmann). I use 7 passes (US Dept. of Defense standard) for Files, and 1 pass (pseudorandom data) for unused space. The point is to scramble the data just enough to make it prohibitively difficult (and expensive) to recover the data. Only the government would expend the resources necessary to make a recovery attempt on an erased HD, and unless you're a big time crook that shouldn't be a concern.

scottjua said:
But I get errors...like it won't be allowed to overwrite cluster tips for IE's history and such... and some other weird files I've never seen before. What does that mean?

Try closing all instances of IE and Windows Explorer, if that doesn't work try rebooting. Sometimes Windows won't release certain files because it thinks IE is still using them. If all else fails, boot from a second disk and perform the erase on the first disk, that's guaranteed to do the trick.

scottjua said:
How about things like MP3's that one downloaded from Kazaa, or Napster (which I have tons of)... How do you protect from those? Burn and delete? But once they're deleted and they still exist... what then? Will an app like eraser take care of those things?

Protect from what, the record industry? Just erase them with Eraser if you're that concerned about them.

scottjua said:
How can you know what to look for? I'd like to know what's getting deleted too.

I don't use the Autocomplete feature within IE to store my username & passwords, so I'm not that concerned about erasing my IE cache. Anything that is in the cache, I'm not very concerned about being used for ID theft purposes.

Just clearing the cache periodically is sufficient for me.

As for Eraser, it produces a report after each erase that tells you what's been erased.

scottjua said:
And in general, anyone have any good housekeeping tips to keep the machine lean and fast? What's necessary to run and not on a PC?

What O/S are you running? I like to run my PC lean and mean, so I go through the start menu, registry, and Windows Services to disable anything I deem unnecessary. I'm running Windows XP Pro, and right now the task manager shows 23 processes running. I use EFS (encrypted File System), I don't use Outlook for email (uninstalled Outlook Express), and I don't install any software that has spyware built-in. Basically, the only thing I run on my PC are programs to read documents and browse the net. Also, keep up with critical Windows updates.

This article is a good read for additional tips:

http://www.pcmag.com/article2/0,4149,894330,00.asp

PHOEN$X · 20 June 2003

BTW, I use the following options in IE to prevent secure web pages from being saved in the cache:

NeoNSX · 21 June 2003

akira3d said:
A much cheaper method I've come up with is simply re-format the harddrive (first using fdisk to recreate the partitions...and then a full format) and then write a recursive batch file that endlessly appends itself until the harddrive is full. Unless I'm missing something, I think this should be all that's necesssary to remove traces of old files from the drive.

Can anyone verify the validity of my technique?

wow... that's an extravagant way of doing it. I didn't think of that.

With large partitions, you might run into problems with the filesize of the batch file (assuming FAT32, the maximum size a file can be is 4GB i think from memory)

You'd really have to be paranoid to go to this extreme; you'd have to be a terrorist, a paedophila, or into espionage to go this far.

For the average user, a format + copying some files would be sufficient.

The REAL nsxtasy · 21 June 2003

Edwardo said:
2. Someone is using a Mac?

-Surely you jest...

What's a Mac?

PHOEN$X · 25 June 2003

You might find this of interest:

https://www.12ghosts.com/ghosts/wash.htm

snapper · 25 June 2003

I have read on tech boards the only sure way is destruction. Hammer or drill.
Data can also be recovered in varying degrees from ram.

Lud · 25 June 2003

NeoNSX said:
For the average user, a format + copying some files would be sufficient.

Only if you over-write all the "empty" sectors on the drive. Formatting and copying a few files around leaves many, many files available to be recovered with minimal effort. It is the equivilent of tearing a piece of paper into a few smaller pieces before throwing it away.

Personally I would prefer to cross-cut shred the paper. Can the information still be recovered? Sure, if someone is willing to put enough resources into it. But it's like any other security - anyone who is REALLY determined is still going to get though. The goal is just to make yourself an unattractive target so people will skip you and look for easier targets.

For example, if I manage my personal finances on my computer and have all my account numbers, passwords, etc. saved on my computer, then I buy a new computer and sell the old one, I would like to be reasonably sure that the new owner cannot easily retrieve any of my personal information. Simply formatting and copying a couple files around leaves a very good chance that data can be recovered with just a few minutes of someone's time using common utility software.

To recover data from RAM or from a hard drive on which all the sectors have been over-written is a very involved project and requires considerable resources. I think steps beyond that are well beyond the average person's security needs, as is complete physical destruction of the media.

If, on the other hand, you have the formula for Coke on your hard drive, or if you are a government trying to protect information vital to national security, or are someone operating against the government, then sure, it's probably worth several over-writes followed by abrading the media surface and dumpting the whole thing in a vat of acid to disolve.

But I'm pretty sure the NSA isn't after my brokerage account information, and if they wanted it, there would be easier ways for them to get it.

Enzo · 25 June 2003

Originally posted by snapper

Cool gif !

Computer Cleanup and security...How is this possible? Files not gone once deleted?

scottjua

caz-nsx

DutchBlackNsx

gheba_nsx

NeoNSX

NeoNSX

Enzo

Edwardo

scottjua

Enzo

burbel

BadCarma

ncdogdoc

PHOEN$X

NeoNSX

scottjua

NeoNSX

PHOEN$X

PHOEN$X

Attachments

NeoNSX

The REAL nsxtasy

PHOEN$X

snapper

Lud

Enzo

Similar threads