Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How effective IS secure over-writing? 3

Status
Not open for further replies.

spy1

Technical User
Jun 9, 2006
26
US
Situation: Dad (me) very active politically online - especially as regards out-of-control Executive Branch extension of power

Son - 20 year old normal male, likes porn sites.

Can you tell me whether following the "exit strategy" will be sufficient to make "bad" stuff totally non-recoverable on this SOHO computer?

(Note that Windows is set to clear the swapfile at re-start and Page Defrag from SysInternals - sysinternals.com/Utilities/PageDefrag.html - is set to run automatically at every re-start. SystemRestore is totally dis-abled, as are RemoteRegistry and RemoteDesktop.

All browsers - IE, FireFox, Opera - are set to delete personal data/clear temp files/not remember history for longer than one day/remove d/l history upon exit, etc.)

Run CleanCache v3.2 - buttuglysoftware.com with all options set re: finding/deleting what's found - 35 single wiping passes - with no back-ups permitted. (Covers all three browsers and is actually pretty awesome in and of itself - notwithstanding the fact that it requires the .Net framework).

Run CCleaner v.1.28.277 - ccleaner.com, set likewise except for a seven-wipe max (it's catches a couple of things that CC misses, mainly the jre caches and Windows Update un-install stuff). No logs allowed.

Run Index.dat Suite - support.it-mate.co.uk/?mode=Products&p=index.datsuite - to make absolutely sure all index.dats are found and deleted. (No "back-ups" and all other cleaning functions selected in that, too, although to just "deletes", doesn't multiple-pass over-write). No logs allowed.

Re-start computer.

Run SpyBot Search&Destroy, followed immediately by NTREGOPT and another re-start. No logging allowed.

At that point - having deleted everything I can possibly think of - I start off a single "free-space" wipe with Eraser Version 5.7 - heidi.ie/eraser/ as I'm walking out the door.

(Eraser also does another "free-space" wipe - scheduled - nightly).

Can anyone think of anything I'm missing? Maybe in regard to the .Net Framework stuff? Pete
 
Hmm - upon further reading at various sites, I notice that the subject of the "Event Viewer" logs comes up.

Re-reading my initial post, I see that I failed to mention that I always "Clear all events" in all three categories there and answer "No" to the "Do you want to save.." question.

So since the information gets deleted, then all the deleted stuff gets over-written by Eraser, CDS or SDelete, the Event Viewer logs shouldn't be a problem, either, as long as I'm not running System Restore (which I'm not) and as long as it's really not making/keeping an unknown back-up anywhere, right? Pete
 
Pete - Do you really care that all of those "Service Has Started" messages will be left hanging around?

Mike

I am not inscrutable. [orientalbow]

Want great answers to your Tek-Tips questions? Have a look at faq219-2884

 
Mike - Those kinds of logs both confuse and bore me to tears. Since I myself have absolutely no use for them, why should I leave them there to accumulate?

And, if there weren't *some* forensic use for them to begin with, why would they be being discussed on forensic sites?
Does that make sense? Pete
 
Forensic use as in "analyze operational glitches" or forensic use as in "analyze surreptitious behavior?" Shoot, anything can have a forensic use - CSI tells us that! [neutral]

At that point, if folks are paranoid about the event logs, then more power to them. They're a little overboard at that point, IMO. I can't recall that I've seen anything in them regarding document content/history. If anything, they could be potentially useful to check for straightforward attempts at remote access into the system.

It certainly doesn't hurt to clean the logs, but then they're set to roll over by default anyway.

Because of the connected nature of the internet, there are going to be mulitple entry points besides the end terminal for discovery of information.

 
Hmm #2 - I also just noticed - again, while reading elsewhere - that firewall logs (among other types of "logs" ) will/can cook your goose even when everything else has been done right.

I did note that I didn't allow any of the "cleaning" programs themselves to log anything about what they had found/done. It didn't really occur to me to mention the fact that my only firewall (Windows ICF) isn't allowed to log anything, either ( no "C:\WINDOWS\pfirewall.log" , IOW).

I'm sure the same (either not allowing router logging or making sure to erase all router logs daily) would have to be done for router logs, too (not running a router here).

Or that the contents of my ProcessGuard logs, my A/V logs, etc., get multiple-pass erased prior to free-space wipe runs.

I'm running out of other ideas - is anyone seeing anything at all that I could be either missing or simply forgetting to mention? Pete
 
I've been trying not to post for two days now ...

0) If you are doing something illegal - then stop it.

1) If you are doing something SO illegal that you need to wipe any activity from your computer, then firstly - stop doing it, secondly - stop posting over the net about it (duh !) and thirdly - satrt realising that if you are doing something that the authorities want to take you down for, the last thing they will be looking at is your computer !

2) If you are NOT doing something seriously illegal, then for ****'s sake, get a life !!! NO-ONE - not even the federal government gives a monkey's toss about your computer history if you are 'politically active'. In ANY CASE - as people have tried to state before, the government can track your net activity in probably much easier ways than filtering through your HD.

3) If you are such a nutter that you really do thing 'they are out to get you' then STOP USING WINDOWS !!!! And start using a Linux live CD (as suggested before) and only access the net via a dynamic dial-up pool.

--------------------------------------------------
Free Java/J2EE Database Connection Pooling Software
 
sedj - Since you're apparently missing the entire point of the thread, I'll simply point you to one headline:

"ACLU Sues Pentagon Over TALON Database"

&


Also, check out my thread here:

You're living in the middle of the hardest push for tyranny in this country that we've ever been subject to - and you're blind to it.

To nsagov - Bite me. pete
 
Whether or not the government decides to gather information from ISPs - wiping your HD of internet related activity is not going to stop them.

As has been said over and over now - if you are that worried, then stop using Windows and start using live linux distros that do not leave anything at all on your HD.

Personally, I think you are being extrememly paranoid, and a little naive to think cleaning your HD will make any difference to whatever you think the government is up to.

--------------------------------------------------
Free Java/J2EE Database Connection Pooling Software
 
I would heartily agree that sedj and nsagov's last posts were over the top and meant to provoke.

No where in this thread, or the other profiles he pointed us to, has spy1 given the indication of illegal activity. The questions he has posed here have been of a purely technical nature and entirely appropriate for the forum, IMO.

At the same time, he has made public to us aspects of his life that while we may not agree with his conclusions, are never the less legitimate concerns and he is entitled to them and to make them known.

 
I would take exception to the "hardest push for tyranny" we've ever been subjected to depiction though. It's something that's been tossed out since our founding, and indeed we could compare Hamilton's ultimate federalist ideals, the northern tyranny over southern states in reconstruction absent Lincoln's leadership, or the cumulative acts of the McCarthy era.
 
The main problem here is that what's "legal" and "illegal" are being determined on a day-by-day basis by a totally un-controlled Executive Branch.

And, no, I'm not doing anything "illegal" - not by today's standard, anyway.

Look, if you can't get your head around the "government intrusion as an excuse to monitor you/confiscate your HD" rationale, then consider again the scenarios where you simply want to irrevocably remove any traces of anyone else's activities on the computer you possess without having to go to the trouble of doing a complete HD wipe/re-format (spouse, children, friends that use the computer, etc.) - as well as the scenario where you purchase a used computer that doesn't have the "Rescue" or OS disks included. Pete
 
What exactly are you trying to accomplish, complete and untraceable anonymity?
 
trojanman - No, none of the above has anything to do with anonymity - as I believe I stated above, it's all about "plausible deniability".

In any case, things have slacked off here (son moved out when wife and I moved). Although, with ISP's now jumping on the "data retention" band-wagon at the governments' behest, I consider most of this info to still be useful.

Found a really great series of articles though (some of the things therein which I've implemented here) at this location:


especially:
 
Why are they calling UserAssyt Spyware?

It serves a valid purpose, one of which is your most recently used list on the start menu. How on earth is the system going to maintain this sort of data wihout storing it anywhere? If that were the case and it is classed as spyware, nearly every program ever written could be classed as such.

Only the truly stupid believe they know everything.
Stu.. 2004
 
Stu - If you read the comment the author of the article makes ( "If there is a key that indicates a ‘tracks eraser’ program such as evidence eliminator was run, it definitely puts the user under suspicion as to why he wanted to erase the trails of his activity on the machine." ), the importance of clearing/defeating UserAssist becomes obvious.

Any investigator, upon failing to find any direct (un-erased) evidence on a HD that he's looking for/knows should be there is going to point to the UserAssist entries and claim that the information was there, but that the subject of the investigation erased all traces of it (except the UserAssist entries showing the eraser programs' use, of course).

These days, that's about all it takes to get a "conviction". Is it worth taking a chance that such would not be the outcome? Pete
 
Last time I heard, a lack of evidence wasn't enough to go to court over....

And hey if you were doing something wrong, oh well. This is all getting a bit rediculous.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
lack of evidence wasn't enough to go to court over"

Never a truer word said Greenage. Instead they give you an Orange suit and hold kangaroo courts...lol

Only the truly stupid believe they know everything.
Stu.. 2004
 
By they way Spy1, wasn't a dig.
It's just pointing out to label it spyware was wrong and only clouds peoples views of what spyware is. This is a perfectly legimate piece of software. Spyware is not.



Only the truly stupid believe they know everything.
Stu.. 2004
 
Not taken as one, Stu. It's all good and I hope everyone has a great holiday weekend. Pete
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top