1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

delete forever

Discussion in 'Windows XP' started by shank, Jun 17, 2010.

  1. shank

    shank Flightless Bird

    Is there a way to delete files and/or select emails without being recovered
    by forensics?

    Assuming yes, is there a way to prevent forensics from detecting if you
    performed a delete action?

    thanks
     
  2. John Wunderlich

    John Wunderlich Flightless Bird

    "shank" <shank@tampabay.rr.com> wrote in
    news:ubDUIXpDLHA.2052@TK2MSFTNGP06.phx.gbl:

    > Is there a way to delete files and/or select emails without being
    > recovered by forensics?
    >
    > Assuming yes, is there a way to prevent forensics from detecting
    > if you performed a delete action?
    >
    > thanks


    Check out freeware "Eraser":
    <http://eraser.heidi.ie/>

    HTH,
    John
     
  3. Jose

    Jose Flightless Bird

    On Jun 17, 11:24 pm, "shank" <sh...@tampabay.rr.com> wrote:
    > Is there a way to delete files and/or select emails without being recovered
    > by forensics?
    >
    > Assuming yes, is there a way to prevent forensics from detecting if you
    > performed a delete action?
    >
    > thanks


    You must remember that no matter what tool you choose to use, the
    forensic recovery person has that tool too (and better ones).

    If I see some "completely remove" tool like Eraser come along, I am
    going to get it too and use Eraser on my system and then I am going to
    figure out how to recover at least some information from a system that
    has been Erased. I will know what an Erased system looks like and
    what to do.

    If I suspect you have used Eraser to delete your files, I am going to
    already know how it works, what it does, what it doesn't do, what it
    leaves behind and where it leaves it.

    I am always going to try to be one step (or maybe leaps and bounds)
    ahead of any free Internet tool.

    If you are worried at all about your stuff, then you need to turn the
    tables in such a way that you are a step ahead. You would have to
    know what I have available (software and/or humans) and do something
    that exceeds the capabilities of my resources and remove your data in
    such a way that the resources I have will not be able to recover it or
    the methods to recover it have not been invented yet.

    Trouble is, you will never know the resources I have, but I probably
    already know the resources you have and what they look like and have
    already practiced recovering (at least something) from them many,
    many times before you even heard of them.
     
  4. Jose

    Jose Flightless Bird

    On Jun 18, 6:45 am, Jose <jose_e...@yahoo.com> wrote:
    > On Jun 17, 11:24 pm, "shank" <sh...@tampabay.rr.com> wrote:
    >
    > > Is there a way to delete files and/or select emails without being recovered
    > > by forensics?

    >
    > > Assuming yes, is there a way to prevent forensics from detecting if you
    > > performed a delete action?

    >
    > > thanks

    >
    > You must remember that no matter what tool you choose to use, the
    > forensic recovery person has that tool too (and better ones).
    >
    > If I see some "completely remove" tool like Eraser come along, I am
    > going to get it too and use Eraser on my system and then I am going to
    > figure out how to recover at least some information from a system that
    > has been Erased.    I will know what an Erased system looks like and
    > what to do.
    >
    > If I suspect you have used Eraser to delete your files, I am going to
    > already know how it works, what it does, what it doesn't do, what it
    > leaves behind and where it leaves it.
    >
    > I am always going to try to be one step (or maybe leaps and bounds)
    > ahead of any free Internet tool.
    >
    > If you are worried at all about your stuff, then you need to turn the
    > tables in such a way that you are a step ahead.  You would have to
    > know what I have available (software and/or humans) and do something
    > that exceeds the capabilities of my resources and remove your data in
    > such a way that the resources I have will not be able to recover it or
    > the methods to recover it have not been invented yet.
    >
    > Trouble is, you will never know the resources I have, but I probably
    > already know the resources you have and what they look like and have
    > already practiced recovering (at least something)  from them many,
    > many times before you even heard of them.


    ....and when you get through using Eraser, be sure to erase Eraser so I
    don't know about it either.
     
  5. Bob I

    Bob I Flightless Bird

    Let face it, you will ALWAYS be wondering if you got it erased!.

    shank wrote:

    > Is there a way to delete files and/or select emails without being recovered
    > by forensics?
    >
    > Assuming yes, is there a way to prevent forensics from detecting if you
    > performed a delete action?
    >
    > thanks
    >
    >
     
  6. Mike S

    Mike S Flightless Bird

    On 6/18/2010 3:45 AM, Jose wrote:
    > On Jun 17, 11:24 pm, "shank"<sh...@tampabay.rr.com> wrote:
    >> Is there a way to delete files and/or select emails without being recovered
    >> by forensics?
    >>
    >> Assuming yes, is there a way to prevent forensics from detecting if you
    >> performed a delete action?
    >>
    >> thanks

    >
    > You must remember that no matter what tool you choose to use, the
    > forensic recovery person has that tool too (and better ones).
    >
    > If I see some "completely remove" tool like Eraser come along, I am
    > going to get it too and use Eraser on my system and then I am going to
    > figure out how to recover at least some information from a system that
    > has been Erased. I will know what an Erased system looks like and
    > what to do.
    >
    > If I suspect you have used Eraser to delete your files, I am going to
    > already know how it works, what it does, what it doesn't do, what it
    > leaves behind and where it leaves it.
    >
    > I am always going to try to be one step (or maybe leaps and bounds)
    > ahead of any free Internet tool.
    >
    > If you are worried at all about your stuff, then you need to turn the
    > tables in such a way that you are a step ahead. You would have to
    > know what I have available (software and/or humans) and do something
    > that exceeds the capabilities of my resources and remove your data in
    > such a way that the resources I have will not be able to recover it or
    > the methods to recover it have not been invented yet.
    >
    > Trouble is, you will never know the resources I have, but I probably
    > already know the resources you have and what they look like and have
    > already practiced recovering (at least something) from them many,
    > many times before you even heard of them.


    Good reply.

    I just took a few classes at a junior college here and in one of them we
    talked about how these programs work. IIRC the hdd writes the 1 or 0 to
    the hdd media but the areas just to the edges of the bit area get
    magnetized too, and I believe you can overwrite the bit area but the
    edges will retain some of the charge they had from the value of the
    previous bit, and the forensic program can detect this. Sorry it's short
    an any technical details or facts, that's what a guy in our class who
    had some sort of military technical training said. But it agrees with
    the previous poster, they have tools we probably can't begin to understand.
     
  7. Mike S

    Mike S Flightless Bird

    On 6/18/2010 4:54 AM, Bob I wrote:
    > Let face it, you will ALWAYS be wondering if you got it erased!.


    LOL

    > shank wrote:
    >> Is there a way to delete files and/or select emails without being
    >> recovered by forensics?
    >> Assuming yes, is there a way to prevent forensics from detecting if
    >> you performed a delete action?
    >> thanks
     
  8. Bob I

    Bob I Flightless Bird

    DOD said this in 2001.
    http://www.google.com/url?sa=t&sour...nF8P8M&usg=AFQjCNGNC7aRmO-yXjBlY2t5KCUazjpZZQ

    Mike S wrote:
    > On 6/18/2010 4:54 AM, Bob I wrote:
    >
    >> Let face it, you will ALWAYS be wondering if you got it erased!.

    >
    >
    > LOL
    >
    >> shank wrote:
    >>
    >>> Is there a way to delete files and/or select emails without being
    >>> recovered by forensics?
    >>> Assuming yes, is there a way to prevent forensics from detecting if
    >>> you performed a delete action?
    >>> thanks

    >
    >
     
  9. Craig Coope

    Craig Coope Flightless Bird

    On Thu, 17 Jun 2010 23:24:35 -0400, "shank" <shank@tampabay.rr.com>
    wrote:

    >Is there a way to delete files and/or select emails without being recovered
    >by forensics?
    >
    >Assuming yes, is there a way to prevent forensics from detecting if you
    >performed a delete action?
    >
    >thanks
    >


    Remove HDD. Place in microwave.

    --
    The Zero ST
     
  10. Bob I

    Bob I Flightless Bird

    Craig Coope wrote:
    > On Thu, 17 Jun 2010 23:24:35 -0400, "shank" <shank@tampabay.rr.com>
    > wrote:
    >
    >
    >>Is there a way to delete files and/or select emails without being recovered
    >>by forensics?
    >>
    >>Assuming yes, is there a way to prevent forensics from detecting if you
    >>performed a delete action?
    >>
    >>thanks
    >>

    >
    >
    > Remove HDD. Place in microwave.
    >


    Replace microwave.
     
  11. milt

    milt Flightless Bird

    On 6/18/2010 7:51 AM, Craig Coope wrote:
    > On Thu, 17 Jun 2010 23:24:35 -0400, "shank"<shank@tampabay.rr.com>
    > wrote:
    >
    >> Is there a way to delete files and/or select emails without being recovered
    >> by forensics?
    >>
    >> Assuming yes, is there a way to prevent forensics from detecting if you
    >> performed a delete action?
    >>
    >> thanks
    >>

    >
    > Remove HDD. Place in microwave.
    >



    I was thinking more like...

    Remove HDD, apply large mallet repeatedly.
     
  12. Twayne

    Twayne Flightless Bird

    In news:ubDUIXpDLHA.2052@TK2MSFTNGP06.phx.gbl,
    shank <shank@tampabay.rr.com> typed:
    > Is there a way to delete files and/or select emails without
    > being recovered by forensics?
    >
    > Assuming yes, is there a way to prevent forensics from
    > detecting if you performed a delete action?
    >
    > thanks


    For most people, the answer is yes. For a few, the answer is no. For others
    it's maybe.
    It depends on how much money you want to spend. Even gvt spec disc rewriters
    can be thwarted with the proper procedures and equipment.
     
  13. Ivan I. Deer

    Ivan I. Deer Flightless Bird

    On Thu, 17 Jun 2010 23:24:35 -0400, "shank" <shank@tampabay.rr.com>
    wrote:

    >Is there a way to delete files and/or select emails without being recovered
    >by forensics?
    >
    >Assuming yes, is there a way to prevent forensics from detecting if you
    >performed a delete action?
    >
    >thanks
    >

    Reformat the drive, then copy some non-sensitive files onto it,
    filling it completely. Then repeat the reformat process and copy the
    files again. Do this about 5 times and there should be no remaining
    "evidence" on this drive.
     
  14. HeyBub

    HeyBub Flightless Bird

    Bob I wrote:
    > Let face it, you will ALWAYS be wondering if you got it erased!.
    >


    Ah, but there's a pill for that.
     
  15. Bob I

    Bob I Flightless Bird

    HeyBub wrote:
    > Bob I wrote:
    >
    >>Let face it, you will ALWAYS be wondering if you got it erased!.
    >>

    >
    >
    > Ah, but there's a pill for that.
    >


    Thought the new phrase was "There's an app for that!" ;-)
     
  16. HeyBub

    HeyBub Flightless Bird

    Ivan I. Deer wrote:
    > On Thu, 17 Jun 2010 23:24:35 -0400, "shank" <shank@tampabay.rr.com>
    > wrote:
    >
    >> Is there a way to delete files and/or select emails without being
    >> recovered by forensics?
    >>
    >> Assuming yes, is there a way to prevent forensics from detecting if
    >> you performed a delete action?
    >>
    >> thanks
    >>

    > Reformat the drive, then copy some non-sensitive files onto it,
    > filling it completely. Then repeat the reformat process and copy the
    > files again. Do this about 5 times and there should be no remaining
    > "evidence" on this drive.


    That won't COMPLETELY work. Formatting doesn't erase the drive of course.
    And copying junk files leaves some amount of slack bytes at the end of each
    file's final sector. Super forensics may decode the random remaining bits
    as:

    "Your!!!!!!!!!!!!!!! year mission is
    to!!!!!!!!!!!!!!!!!!!!,!!!!!!!!!!!!!!!!!!!!, land!!!!!!!!!!!!!!! a safe
    distance!!!!!!!!!!..................., land............... monitor
    it.!!!!!!!!!!!!!!!..."

    Which may result in being bitten on the thigh by a Nowhatian Bog Hog.

    It's tough.
     
  17. Billns

    Billns Flightless Bird

    On 6/17/2010 8:24 PM, shank wrote:
    > Is there a way to delete files and/or select emails without being recovered
    > by forensics?
    >
    > Assuming yes, is there a way to prevent forensics from detecting if you
    > performed a delete action?
    >
    > thanks
    >
    >

    If the information is really that sensitive it probably shouldn't have
    been placed on the computer in the first place.

    That said, there are erase programs that scrub the entire disk, not just
    the files, a number of times times that will result in completely
    unrecoverable data.

    Complete destruction of the hard disk certainly will work too, but I
    wouldn't recommend the microwave approach.

    Of course even if you destroy the hard disk those "select emails" were
    sent or came from someplace, weren't they? If they are incoming you
    don't even know who else got the email -- the "bcc" method hides
    recipients.

    Bill
     
  18. Antares 531

    Antares 531 Flightless Bird

    On Mon, 21 Jun 2010 09:51:32 -0500, "HeyBub" <heybub@gmail.com> wrote:

    >
    >Ivan I. Deer wrote:
    >> On Thu, 17 Jun 2010 23:24:35 -0400, "shank" <shank@tampabay.rr.com>
    >> wrote:
    >>
    >>> Is there a way to delete files and/or select emails without being
    >>> recovered by forensics?
    >>>
    >>> Assuming yes, is there a way to prevent forensics from detecting if
    >>> you performed a delete action?
    >>>
    >>> thanks
    >>>

    >> Reformat the drive, then copy some non-sensitive files onto it,
    >> filling it completely. Then repeat the reformat process and copy the
    >> files again. Do this about 5 times and there should be no remaining
    >> "evidence" on this drive.

    >
    >That won't COMPLETELY work. Formatting doesn't erase the drive of course.
    >And copying junk files leaves some amount of slack bytes at the end of each
    >file's final sector. Super forensics may decode the random remaining bits
    >as:
    >

    But, repeating the (reformat - copy new files) at least five times,
    will shift these slack bytes around and will write over them. Granted,
    the files being copied should not be copied in the same order, but the
    ordering sequence need be broken only once, near the beginning of the
    copy process.
    >
    >"Your!!!!!!!!!!!!!!! year mission is
    >to!!!!!!!!!!!!!!!!!!!!,!!!!!!!!!!!!!!!!!!!!, land!!!!!!!!!!!!!!! a safe
    >distance!!!!!!!!!!..................., land............... monitor
    >it.!!!!!!!!!!!!!!!..."
    >
    >Which may result in being bitten on the thigh by a Nowhatian Bog Hog.
    >
    >It's tough.
    >
     
  19. Paul

    Paul Flightless Bird

    shank wrote:
    > Is there a way to delete files and/or select emails without being recovered
    > by forensics?
    >
    > Assuming yes, is there a way to prevent forensics from detecting if you
    > performed a delete action?
    >
    > thanks
    >


    You're using the wrong OS, if you're hoping to remain "secret".

    Try the following.

    Remove all hard disks from the computer.

    Boot a Linux LiveCD. It stores intermediate files in RAM. With
    the proper distro, you can have an email program, fetch the "secret"
    messages from the email server (which of course, the forensic person
    can't gain access to). Or, alternately, plug in the USB flash stick
    that holds your "secret" files, read them with the tools in the
    Linux Live environment etc.

    When you're finished, shut down the OS and turn off the power.
    Now, all intermediate files that were in RAM, are gone. The original
    OS is stored on a CD, so that doesn't store any new info. On the next
    BIOS POST, the RAM testing and initialization process, will overwrite
    any remnant pattern in RAM (I mention that for the "what if the fuzz
    kick in the door" crowd). If you want to relatively quickly flush RAM,
    just do a restart and let the BIOS clean the RAM. Even pushing the
    computer reset button, will trigger BIOS POST within the next 30
    seconds. The BIOS may do some amount of writing to RAM, as part
    of the POST sequence.

    *******

    Also remember, that physical evidence is not needed for a "legal
    shakedown". Ask the 5000 people receiving letters for torrenting
    "Hurt Locker" how much evidence the lawyers have. They can still
    squeeze $1500 out of you, without too much trouble. For those
    people receiving the legal letter, it's still going to cost them
    money, whether they go to court or not.

    *******

    If you want the convenience of Windows, with all of its forms of
    information leakage, it's going to be pretty hard to plug all
    the leaks with adhoc methods. You'll likely slip up and forget
    something. That's why I get a bit of a chuckle, when someone
    mentions their latest CCleaner tactic. There really are too
    many leakages, to go about it that way. You need a method
    where you can demonstrate there is no hard disk with "scraps"
    on it. If there is no hard drive, there is nothing for the
    forensic guy to do.

    Your email server has archives of all your emails, which can
    be held for long periods of time. Even if the official retention
    time for an archive or backup at the email provider is one year,
    if the tapes or media haven't been rotated, they might still
    have copies of your sensitive email years from now. So the
    forensic guy doesn't have to work too hard, if he has a
    good lawyer helping him.

    http://en.wikipedia.org/wiki/Subpoena

    Paul
     
  20. Alias

    Alias Flightless Bird

    On 06/18/2010 12:45 PM, Jose wrote:
    > On Jun 17, 11:24 pm, "shank"<sh...@tampabay.rr.com> wrote:
    >> Is there a way to delete files and/or select emails without being recovered
    >> by forensics?
    >>
    >> Assuming yes, is there a way to prevent forensics from detecting if you
    >> performed a delete action?
    >>
    >> thanks

    >
    > You must remember that no matter what tool you choose to use, the
    > forensic recovery person has that tool too (and better ones).
    >
    > If I see some "completely remove" tool like Eraser come along, I am
    > going to get it too and use Eraser on my system and then I am going to
    > figure out how to recover at least some information from a system that
    > has been Erased. I will know what an Erased system looks like and
    > what to do.
    >
    > If I suspect you have used Eraser to delete your files, I am going to
    > already know how it works, what it does, what it doesn't do, what it
    > leaves behind and where it leaves it.
    >
    > I am always going to try to be one step (or maybe leaps and bounds)
    > ahead of any free Internet tool.
    >
    > If you are worried at all about your stuff, then you need to turn the
    > tables in such a way that you are a step ahead. You would have to
    > know what I have available (software and/or humans) and do something
    > that exceeds the capabilities of my resources and remove your data in
    > such a way that the resources I have will not be able to recover it or
    > the methods to recover it have not been invented yet.
    >
    > Trouble is, you will never know the resources I have, but I probably
    > already know the resources you have and what they look like and have
    > already practiced recovering (at least something) from them many,
    > many times before you even heard of them.


    If I run a Mack truck over the hard drive, you won't be able to recover
    anything. If I take a powerful magnet to it, you'll be SOL too. And if I
    pour hydrochloric acid on the drive, you're also SOL. There are many
    other permanent ways to delete everything on a hard drive.

    --
    Alias
     

Share This Page