delete forever

[shank]

Is there a way to delete files and/or select emails without being recovered
by forensics?

Assuming yes, is there a way to prevent forensics from detecting if you
performed a delete action?

thanks

 

[John Wunderlich]

"shank" <shank@tampabay.rr.com> wrote in
news:ubDUIXpDLHA.2052@TK2MSFTNGP06.phx.gbl:

> Is there a way to delete files and/or select emails without being
> recovered by forensics?
>
> Assuming yes, is there a way to prevent forensics from detecting
> if you performed a delete action?
>
> thanks

Check out freeware "Eraser":
<http/eraser.heidi.ie/>

HTH,
John

 

[Jose]

On Jun 17, 11:24 pm, "shank" <sh...@tampabay.rr.com> wrote:
> Is there a way to delete files and/or select emails without being recovered
> by forensics?
>
> Assuming yes, is there a way to prevent forensics from detecting if you
> performed a delete action?
>
> thanks

You must remember that no matter what tool you choose to use, the
forensic recovery person has that tool too (and better ones).

If I see some "completely remove" tool like Eraser come along, I am
going to get it too and use Eraser on my system and then I am going to
figure out how to recover at least some information from a system that
has been Erased. I will know what an Erased system looks like and
what to do.

If I suspect you have used Eraser to delete your files, I am going to
already know how it works, what it does, what it doesn't do, what it
leaves behind and where it leaves it.

I am always going to try to be one step (or maybe leaps and bounds)
ahead of any free Internet tool.

If you are worried at all about your stuff, then you need to turn the
tables in such a way that you are a step ahead. You would have to
know what I have available (software and/or humans) and do something
that exceeds the capabilities of my resources and remove your data in
such a way that the resources I have will not be able to recover it or
the methods to recover it have not been invented yet.

Trouble is, you will never know the resources I have, but I probably
already know the resources you have and what they look like and have
already practiced recovering (at least something) from them many,
many times before you even heard of them.

 

[Jose]

On Jun 18, 6:45 am, Jose <jose_e...@yahoo.com> wrote:
> On Jun 17, 11:24 pm, "shank" <sh...@tampabay.rr.com> wrote:
>
> > Is there a way to delete files and/or select emails without being recovered
> > by forensics?
>
> > Assuming yes, is there a way to prevent forensics from detecting if you
> > performed a delete action?
>
> > thanks
>
> You must remember that no matter what tool you choose to use, the
> forensic recovery person has that tool too (and better ones).
>
> If I see some "completely remove" tool like Eraser come along, I am
> going to get it too and use Eraser on my system and then I am going to
> figure out how to recover at least some information from a system that
> has been Erased.    I will know what an Erased system looks like and
> what to do.
>
> If I suspect you have used Eraser to delete your files, I am going to
> already know how it works, what it does, what it doesn't do, what it
> leaves behind and where it leaves it.
>
> I am always going to try to be one step (or maybe leaps and bounds)
> ahead of any free Internet tool.
>
> If you are worried at all about your stuff, then you need to turn the
> tables in such a way that you are a step ahead.  You would have to
> know what I have available (software and/or humans) and do something
> that exceeds the capabilities of my resources and remove your data in
> such a way that the resources I have will not be able to recover it or
> the methods to recover it have not been invented yet.
>
> Trouble is, you will never know the resources I have, but I probably
> already know the resources you have and what they look like and have
> already practiced recovering (at least something)  from them many,
> many times before you even heard of them.

....and when you get through using Eraser, be sure to erase Eraser so I
don't know about it either.

 

[Bob I]

Let face it, you will ALWAYS be wondering if you got it erased!.

shank wrote:

> Is there a way to delete files and/or select emails without being recovered
> by forensics?
>
> Assuming yes, is there a way to prevent forensics from detecting if you
> performed a delete action?
>
> thanks
>
>

 

[Mike S]

On 6/18/2010 3:45 AM, Jose wrote:
> On Jun 17, 11:24 pm, "shank"<sh...@tampabay.rr.com> wrote:
>> Is there a way to delete files and/or select emails without being recovered
>> by forensics?
>>
>> Assuming yes, is there a way to prevent forensics from detecting if you
>> performed a delete action?
>>
>> thanks
>
> You must remember that no matter what tool you choose to use, the
> forensic recovery person has that tool too (and better ones).
>
> If I see some "completely remove" tool like Eraser come along, I am
> going to get it too and use Eraser on my system and then I am going to
> figure out how to recover at least some information from a system that
> has been Erased. I will know what an Erased system looks like and
> what to do.
>
> If I suspect you have used Eraser to delete your files, I am going to
> already know how it works, what it does, what it doesn't do, what it
> leaves behind and where it leaves it.
>
> I am always going to try to be one step (or maybe leaps and bounds)
> ahead of any free Internet tool.
>
> If you are worried at all about your stuff, then you need to turn the
> tables in such a way that you are a step ahead. You would have to
> know what I have available (software and/or humans) and do something
> that exceeds the capabilities of my resources and remove your data in
> such a way that the resources I have will not be able to recover it or
> the methods to recover it have not been invented yet.
>
> Trouble is, you will never know the resources I have, but I probably
> already know the resources you have and what they look like and have
> already practiced recovering (at least something) from them many,
> many times before you even heard of them.

Good reply.

I just took a few classes at a junior college here and in one of them we
talked about how these programs work. IIRC the hdd writes the 1 or 0 to
the hdd media but the areas just to the edges of the bit area get
magnetized too, and I believe you can overwrite the bit area but the
edges will retain some of the charge they had from the value of the
previous bit, and the forensic program can detect this. Sorry it's short
an any technical details or facts, that's what a guy in our class who
had some sort of military technical training said. But it agrees with
the previous poster, they have tools we probably can't begin to understand.

 

[Mike S]

On 6/18/2010 4:54 AM, Bob I wrote:
> Let face it, you will ALWAYS be wondering if you got it erased!.

LOL

> shank wrote:
>> Is there a way to delete files and/or select emails without being
>> recovered by forensics?
>> Assuming yes, is there a way to prevent forensics from detecting if
>> you performed a delete action?
>> thanks

 

[Bob I]

DOD said this in 2001.
http://www.google.com/url?sa=t&sour...nF8P8M&usg=AFQjCNGNC7aRmO-yXjBlY2t5KCUazjpZZQ

Mike S wrote:
> On 6/18/2010 4:54 AM, Bob I wrote:
>
>> Let face it, you will ALWAYS be wondering if you got it erased!.
>
>
> LOL
>
>> shank wrote:
>>
>>> Is there a way to delete files and/or select emails without being
>>> recovered by forensics?
>>> Assuming yes, is there a way to prevent forensics from detecting if
>>> you performed a delete action?
>>> thanks
>
>

 

[Craig Coope]

On Thu, 17 Jun 2010 23:245 -0400, "shank" <shank@tampabay.rr.com>
wrote:

>Is there a way to delete files and/or select emails without being recovered
>by forensics?
>
>Assuming yes, is there a way to prevent forensics from detecting if you
>performed a delete action?
>
>thanks
>

Remove HDD. Place in microwave.

--
The Zero ST

 

[Bob I]

Craig Coope wrote:
> On Thu, 17 Jun 2010 23:245 -0400, "shank" <shank@tampabay.rr.com>
> wrote:
>
>
>>Is there a way to delete files and/or select emails without being recovered
>>by forensics?
>>
>>Assuming yes, is there a way to prevent forensics from detecting if you
>>performed a delete action?
>>
>>thanks
>>
>
>
> Remove HDD. Place in microwave.
>

Replace microwave.

 

[milt]

On 6/18/2010 7:51 AM, Craig Coope wrote:
> On Thu, 17 Jun 2010 23:245 -0400, "shank"<shank@tampabay.rr.com>
> wrote:
>
>> Is there a way to delete files and/or select emails without being recovered
>> by forensics?
>>
>> Assuming yes, is there a way to prevent forensics from detecting if you
>> performed a delete action?
>>
>> thanks
>>
>
> Remove HDD. Place in microwave.
>


I was thinking more like...

Remove HDD, apply large mallet repeatedly.

 

[Twayne]

In news:ubDUIXpDLHA.2052@TK2MSFTNGP06.phx.gbl,
shank <shank@tampabay.rr.com> typed:
> Is there a way to delete files and/or select emails without
> being recovered by forensics?
>
> Assuming yes, is there a way to prevent forensics from
> detecting if you performed a delete action?
>
> thanks

For most people, the answer is yes. For a few, the answer is no. For others
it's maybe.
It depends on how much money you want to spend. Even gvt spec disc rewriters
can be thwarted with the proper procedures and equipment.

 

[Ivan I. Deer]

On Thu, 17 Jun 2010 23:245 -0400, "shank" <shank@tampabay.rr.com>
wrote:

>Is there a way to delete files and/or select emails without being recovered
>by forensics?
>
>Assuming yes, is there a way to prevent forensics from detecting if you
>performed a delete action?
>
>thanks
>
Reformat the drive, then copy some non-sensitive files onto it,
filling it completely. Then repeat the reformat process and copy the
files again. Do this about 5 times and there should be no remaining
"evidence" on this drive.

 

[HeyBub]

Bob I wrote:
> Let face it, you will ALWAYS be wondering if you got it erased!.
>

Ah, but there's a pill for that.

 

[Bob I]

HeyBub wrote:
> Bob I wrote:
>
>>Let face it, you will ALWAYS be wondering if you got it erased!.
>>
>
>
> Ah, but there's a pill for that.
>

Thought the new phrase was "There's an app for that!"

 

[HeyBub]

Ivan I. Deer wrote:
> On Thu, 17 Jun 2010 23:245 -0400, "shank" <shank@tampabay.rr.com>
> wrote:
>
>> Is there a way to delete files and/or select emails without being
>> recovered by forensics?
>>
>> Assuming yes, is there a way to prevent forensics from detecting if
>> you performed a delete action?
>>
>> thanks
>>
> Reformat the drive, then copy some non-sensitive files onto it,
> filling it completely. Then repeat the reformat process and copy the
> files again. Do this about 5 times and there should be no remaining
> "evidence" on this drive.

That won't COMPLETELY work. Formatting doesn't erase the drive of course.
And copying junk files leaves some amount of slack bytes at the end of each
file's final sector. Super forensics may decode the random remaining bits
as:

"Your!!!!!!!!!!!!!!! year mission is
to!!!!!!!!!!!!!!!!!!!!,!!!!!!!!!!!!!!!!!!!!, land!!!!!!!!!!!!!!! a safe
distance!!!!!!!!!!..................., land............... monitor
it.!!!!!!!!!!!!!!!..."

Which may result in being bitten on the thigh by a Nowhatian Bog Hog.

It's tough.

 

[Billns]

On 6/17/2010 8:24 PM, shank wrote:
> Is there a way to delete files and/or select emails without being recovered
> by forensics?
>
> Assuming yes, is there a way to prevent forensics from detecting if you
> performed a delete action?
>
> thanks
>
>
If the information is really that sensitive it probably shouldn't have
been placed on the computer in the first place.

That said, there are erase programs that scrub the entire disk, not just
the files, a number of times times that will result in completely
unrecoverable data.

Complete destruction of the hard disk certainly will work too, but I
wouldn't recommend the microwave approach.

Of course even if you destroy the hard disk those "select emails" were
sent or came from someplace, weren't they? If they are incoming you
don't even know who else got the email -- the "bcc" method hides
recipients.

Bill

 

[Antares 531]

On Mon, 21 Jun 2010 09:512 -0500, "HeyBub" <heybub@gmail.com> wrote:

>
>Ivan I. Deer wrote:
>> On Thu, 17 Jun 2010 23:245 -0400, "shank" <shank@tampabay.rr.com>
>> wrote:
>>
>>> Is there a way to delete files and/or select emails without being
>>> recovered by forensics?
>>>
>>> Assuming yes, is there a way to prevent forensics from detecting if
>>> you performed a delete action?
>>>
>>> thanks
>>>
>> Reformat the drive, then copy some non-sensitive files onto it,
>> filling it completely. Then repeat the reformat process and copy the
>> files again. Do this about 5 times and there should be no remaining
>> "evidence" on this drive.
>
>That won't COMPLETELY work. Formatting doesn't erase the drive of course.
>And copying junk files leaves some amount of slack bytes at the end of each
>file's final sector. Super forensics may decode the random remaining bits
>as:
>
But, repeating the (reformat - copy new files) at least five times,
will shift these slack bytes around and will write over them. Granted,
the files being copied should not be copied in the same order, but the
ordering sequence need be broken only once, near the beginning of the
copy process.
>
>"Your!!!!!!!!!!!!!!! year mission is
>to!!!!!!!!!!!!!!!!!!!!,!!!!!!!!!!!!!!!!!!!!, land!!!!!!!!!!!!!!! a safe
>distance!!!!!!!!!!..................., land............... monitor
>it.!!!!!!!!!!!!!!!..."
>
>Which may result in being bitten on the thigh by a Nowhatian Bog Hog.
>
>It's tough.
>

 

[Paul]

shank wrote:
> Is there a way to delete files and/or select emails without being recovered
> by forensics?
>
> Assuming yes, is there a way to prevent forensics from detecting if you
> performed a delete action?
>
> thanks
>

You're using the wrong OS, if you're hoping to remain "secret".

Try the following.

Remove all hard disks from the computer.

Boot a Linux LiveCD. It stores intermediate files in RAM. With
the proper distro, you can have an email program, fetch the "secret"
messages from the email server (which of course, the forensic person
can't gain access to). Or, alternately, plug in the USB flash stick
that holds your "secret" files, read them with the tools in the
Linux Live environment etc.

When you're finished, shut down the OS and turn off the power.
Now, all intermediate files that were in RAM, are gone. The original
OS is stored on a CD, so that doesn't store any new info. On the next
BIOS POST, the RAM testing and initialization process, will overwrite
any remnant pattern in RAM (I mention that for the "what if the fuzz
kick in the door" crowd). If you want to relatively quickly flush RAM,
just do a restart and let the BIOS clean the RAM. Even pushing the
computer reset button, will trigger BIOS POST within the next 30
seconds. The BIOS may do some amount of writing to RAM, as part
of the POST sequence.

*******

Also remember, that physical evidence is not needed for a "legal
shakedown". Ask the 5000 people receiving letters for torrenting
"Hurt Locker" how much evidence the lawyers have. They can still
squeeze $1500 out of you, without too much trouble. For those
people receiving the legal letter, it's still going to cost them
money, whether they go to court or not.

*******

If you want the convenience of Windows, with all of its forms of
information leakage, it's going to be pretty hard to plug all
the leaks with adhoc methods. You'll likely slip up and forget
something. That's why I get a bit of a chuckle, when someone
mentions their latest CCleaner tactic. There really are too
many leakages, to go about it that way. You need a method
where you can demonstrate there is no hard disk with "scraps"
on it. If there is no hard drive, there is nothing for the
forensic guy to do.

Your email server has archives of all your emails, which can
be held for long periods of time. Even if the official retention
time for an archive or backup at the email provider is one year,
if the tapes or media haven't been rotated, they might still
have copies of your sensitive email years from now. So the
forensic guy doesn't have to work too hard, if he has a
good lawyer helping him.

http://en.wikipedia.org/wiki/Subpoena

Paul

 

[Alias]

On 06/18/2010 12:45 PM, Jose wrote:
> On Jun 17, 11:24 pm, "shank"<sh...@tampabay.rr.com> wrote:
>> Is there a way to delete files and/or select emails without being recovered
>> by forensics?
>>
>> Assuming yes, is there a way to prevent forensics from detecting if you
>> performed a delete action?
>>
>> thanks
>
> You must remember that no matter what tool you choose to use, the
> forensic recovery person has that tool too (and better ones).
>
> If I see some "completely remove" tool like Eraser come along, I am
> going to get it too and use Eraser on my system and then I am going to
> figure out how to recover at least some information from a system that
> has been Erased. I will know what an Erased system looks like and
> what to do.
>
> If I suspect you have used Eraser to delete your files, I am going to
> already know how it works, what it does, what it doesn't do, what it
> leaves behind and where it leaves it.
>
> I am always going to try to be one step (or maybe leaps and bounds)
> ahead of any free Internet tool.
>
> If you are worried at all about your stuff, then you need to turn the
> tables in such a way that you are a step ahead. You would have to
> know what I have available (software and/or humans) and do something
> that exceeds the capabilities of my resources and remove your data in
> such a way that the resources I have will not be able to recover it or
> the methods to recover it have not been invented yet.
>
> Trouble is, you will never know the resources I have, but I probably
> already know the resources you have and what they look like and have
> already practiced recovering (at least something) from them many,
> many times before you even heard of them.

If I run a Mack truck over the hard drive, you won't be able to recover
anything. If I take a powerful magnet to it, you'll be SOL too. And if I
pour hydrochloric acid on the drive, you're also SOL. There are many
other permanent ways to delete everything on a hard drive.

--
Alias