delete forever

  • Thread starter Thread starter shank
  • Start date Start date
S

shank

Guest
Is there a way to delete files and/or select emails without being recovered

by forensics?



Assuming yes, is there a way to prevent forensics from detecting if you

performed a delete action?



thanks
 
"shank" wrote in

news:ubDUIXpDLHA.2052@TK2MSFTNGP06.phx.gbl:



> Is there a way to delete files and/or select emails without being

> recovered by forensics?

>

> Assuming yes, is there a way to prevent forensics from detecting

> if you performed a delete action?

>

> thanks



Check out freeware "Eraser":





HTH,

John
 
On Jun 17, 11:24 pm, "shank" wrote:

> Is there a way to delete files and/or select emails without being recovered

> by forensics?

>

> Assuming yes, is there a way to prevent forensics from detecting if you

> performed a delete action?

>

> thanks



You must remember that no matter what tool you choose to use, the

forensic recovery person has that tool too (and better ones).



If I see some "completely remove" tool like Eraser come along, I am

going to get it too and use Eraser on my system and then I am going to

figure out how to recover at least some information from a system that

has been Erased. I will know what an Erased system looks like and

what to do.



If I suspect you have used Eraser to delete your files, I am going to

already know how it works, what it does, what it doesn't do, what it

leaves behind and where it leaves it.



I am always going to try to be one step (or maybe leaps and bounds)

ahead of any free Internet tool.



If you are worried at all about your stuff, then you need to turn the

tables in such a way that you are a step ahead. You would have to

know what I have available (software and/or humans) and do something

that exceeds the capabilities of my resources and remove your data in

such a way that the resources I have will not be able to recover it or

the methods to recover it have not been invented yet.



Trouble is, you will never know the resources I have, but I probably

already know the resources you have and what they look like and have

already practiced recovering (at least something) from them many,

many times before you even heard of them.
 
On Jun 18, 6:45 am, Jose wrote:

> On Jun 17, 11:24 pm, "shank" wrote:

>

> > Is there a way to delete files and/or select emails without being recovered

> > by forensics?

>

> > Assuming yes, is there a way to prevent forensics from detecting if you

> > performed a delete action?

>

> > thanks

>

> You must remember that no matter what tool you choose to use, the

> forensic recovery person has that tool too (and better ones).

>

> If I see some "completely remove" tool like Eraser come along, I am

> going to get it too and use Eraser on my system and then I am going to

> figure out how to recover at least some information from a system that

> has been Erased.    I will know what an Erased system looks like and

> what to do.

>

> If I suspect you have used Eraser to delete your files, I am going to

> already know how it works, what it does, what it doesn't do, what it

> leaves behind and where it leaves it.

>

> I am always going to try to be one step (or maybe leaps and bounds)

> ahead of any free Internet tool.

>

> If you are worried at all about your stuff, then you need to turn the

> tables in such a way that you are a step ahead.  You would have to

> know what I have available (software and/or humans) and do something

> that exceeds the capabilities of my resources and remove your data in

> such a way that the resources I have will not be able to recover it or

> the methods to recover it have not been invented yet.

>

> Trouble is, you will never know the resources I have, but I probably

> already know the resources you have and what they look like and have

> already practiced recovering (at least something)  from them many,

> many times before you even heard of them.



....and when you get through using Eraser, be sure to erase Eraser so I

don't know about it either.
 
Let face it, you will ALWAYS be wondering if you got it erased!.



shank wrote:



> Is there a way to delete files and/or select emails without being recovered

> by forensics?

>

> Assuming yes, is there a way to prevent forensics from detecting if you

> performed a delete action?

>

> thanks

>

>
 
On 6/18/2010 3:45 AM, Jose wrote:

> On Jun 17, 11:24 pm, "shank" wrote:

>> Is there a way to delete files and/or select emails without being recovered

>> by forensics?

>>

>> Assuming yes, is there a way to prevent forensics from detecting if you

>> performed a delete action?

>>

>> thanks

>

> You must remember that no matter what tool you choose to use, the

> forensic recovery person has that tool too (and better ones).

>

> If I see some "completely remove" tool like Eraser come along, I am

> going to get it too and use Eraser on my system and then I am going to

> figure out how to recover at least some information from a system that

> has been Erased. I will know what an Erased system looks like and

> what to do.

>

> If I suspect you have used Eraser to delete your files, I am going to

> already know how it works, what it does, what it doesn't do, what it

> leaves behind and where it leaves it.

>

> I am always going to try to be one step (or maybe leaps and bounds)

> ahead of any free Internet tool.

>

> If you are worried at all about your stuff, then you need to turn the

> tables in such a way that you are a step ahead. You would have to

> know what I have available (software and/or humans) and do something

> that exceeds the capabilities of my resources and remove your data in

> such a way that the resources I have will not be able to recover it or

> the methods to recover it have not been invented yet.

>

> Trouble is, you will never know the resources I have, but I probably

> already know the resources you have and what they look like and have

> already practiced recovering (at least something) from them many,

> many times before you even heard of them.



Good reply.



I just took a few classes at a junior college here and in one of them we

talked about how these programs work. IIRC the hdd writes the 1 or 0 to

the hdd media but the areas just to the edges of the bit area get

magnetized too, and I believe you can overwrite the bit area but the

edges will retain some of the charge they had from the value of the

previous bit, and the forensic program can detect this. Sorry it's short

an any technical details or facts, that's what a guy in our class who

had some sort of military technical training said. But it agrees with

the previous poster, they have tools we probably can't begin to understand.
 
On 6/18/2010 4:54 AM, Bob I wrote:

> Let face it, you will ALWAYS be wondering if you got it erased!.



LOL



> shank wrote:

>> Is there a way to delete files and/or select emails without being

>> recovered by forensics?

>> Assuming yes, is there a way to prevent forensics from detecting if

>> you performed a delete action?

>> thanks
 
DOD said this in 2001.

http://www.google.com/url?sa=t&sour...nF8P8M&usg=AFQjCNGNC7aRmO-yXjBlY2t5KCUazjpZZQ



Mike S wrote:

> On 6/18/2010 4:54 AM, Bob I wrote:

>

>> Let face it, you will ALWAYS be wondering if you got it erased!.

>

>

> LOL

>

>> shank wrote:

>>

>>> Is there a way to delete files and/or select emails without being

>>> recovered by forensics?

>>> Assuming yes, is there a way to prevent forensics from detecting if

>>> you performed a delete action?

>>> thanks

>

>
 
On Thu, 17 Jun 2010 23:24:35 -0400, "shank"

wrote:



>Is there a way to delete files and/or select emails without being recovered

>by forensics?

>

>Assuming yes, is there a way to prevent forensics from detecting if you

>performed a delete action?

>

>thanks

>



Remove HDD. Place in microwave.



--

The Zero ST
 
Craig Coope wrote:

> On Thu, 17 Jun 2010 23:24:35 -0400, "shank"

> wrote:

>

>

>>Is there a way to delete files and/or select emails without being recovered

>>by forensics?

>>

>>Assuming yes, is there a way to prevent forensics from detecting if you

>>performed a delete action?

>>

>>thanks

>>

>

>

> Remove HDD. Place in microwave.

>



Replace microwave.
 
On 6/18/2010 7:51 AM, Craig Coope wrote:

> On Thu, 17 Jun 2010 23:24:35 -0400, "shank"

> wrote:

>

>> Is there a way to delete files and/or select emails without being recovered

>> by forensics?

>>

>> Assuming yes, is there a way to prevent forensics from detecting if you

>> performed a delete action?

>>

>> thanks

>>

>

> Remove HDD. Place in microwave.

>





I was thinking more like...



Remove HDD, apply large mallet repeatedly.
 
In news:ubDUIXpDLHA.2052@TK2MSFTNGP06.phx.gbl,

shank typed:

> Is there a way to delete files and/or select emails without

> being recovered by forensics?

>

> Assuming yes, is there a way to prevent forensics from

> detecting if you performed a delete action?

>

> thanks



For most people, the answer is yes. For a few, the answer is no. For others

it's maybe.

It depends on how much money you want to spend. Even gvt spec disc rewriters

can be thwarted with the proper procedures and equipment.
 
On Thu, 17 Jun 2010 23:24:35 -0400, "shank"

wrote:



>Is there a way to delete files and/or select emails without being recovered

>by forensics?

>

>Assuming yes, is there a way to prevent forensics from detecting if you

>performed a delete action?

>

>thanks

>

Reformat the drive, then copy some non-sensitive files onto it,

filling it completely. Then repeat the reformat process and copy the

files again. Do this about 5 times and there should be no remaining

"evidence" on this drive.
 
Bob I wrote:

> Let face it, you will ALWAYS be wondering if you got it erased!.

>



Ah, but there's a pill for that.
 
HeyBub wrote:

> Bob I wrote:

>

>>Let face it, you will ALWAYS be wondering if you got it erased!.

>>

>

>

> Ah, but there's a pill for that.

>



Thought the new phrase was "There's an app for that!" ;-)
 
Ivan I. Deer wrote:

> On Thu, 17 Jun 2010 23:24:35 -0400, "shank"

> wrote:

>

>> Is there a way to delete files and/or select emails without being

>> recovered by forensics?

>>

>> Assuming yes, is there a way to prevent forensics from detecting if

>> you performed a delete action?

>>

>> thanks

>>

> Reformat the drive, then copy some non-sensitive files onto it,

> filling it completely. Then repeat the reformat process and copy the

> files again. Do this about 5 times and there should be no remaining

> "evidence" on this drive.



That won't COMPLETELY work. Formatting doesn't erase the drive of course.

And copying junk files leaves some amount of slack bytes at the end of each

file's final sector. Super forensics may decode the random remaining bits

as:



"Your!!!!!!!!!!!!!!! year mission is

to!!!!!!!!!!!!!!!!!!!!,!!!!!!!!!!!!!!!!!!!!, land!!!!!!!!!!!!!!! a safe

distance!!!!!!!!!!..................., land............... monitor

it.!!!!!!!!!!!!!!!..."



Which may result in being bitten on the thigh by a Nowhatian Bog Hog.



It's tough.
 
On 6/17/2010 8:24 PM, shank wrote:

> Is there a way to delete files and/or select emails without being recovered

> by forensics?

>

> Assuming yes, is there a way to prevent forensics from detecting if you

> performed a delete action?

>

> thanks

>

>

If the information is really that sensitive it probably shouldn't have

been placed on the computer in the first place.



That said, there are erase programs that scrub the entire disk, not just

the files, a number of times times that will result in completely

unrecoverable data.



Complete destruction of the hard disk certainly will work too, but I

wouldn't recommend the microwave approach.



Of course even if you destroy the hard disk those "select emails" were

sent or came from someplace, weren't they? If they are incoming you

don't even know who else got the email -- the "bcc" method hides

recipients.



Bill
 
On Mon, 21 Jun 2010 09:51:32 -0500, "HeyBub" wrote:



>

>Ivan I. Deer wrote:

>> On Thu, 17 Jun 2010 23:24:35 -0400, "shank"

>> wrote:

>>

>>> Is there a way to delete files and/or select emails without being

>>> recovered by forensics?

>>>

>>> Assuming yes, is there a way to prevent forensics from detecting if

>>> you performed a delete action?

>>>

>>> thanks

>>>

>> Reformat the drive, then copy some non-sensitive files onto it,

>> filling it completely. Then repeat the reformat process and copy the

>> files again. Do this about 5 times and there should be no remaining

>> "evidence" on this drive.

>

>That won't COMPLETELY work. Formatting doesn't erase the drive of course.

>And copying junk files leaves some amount of slack bytes at the end of each

>file's final sector. Super forensics may decode the random remaining bits

>as:

>

But, repeating the (reformat - copy new files) at least five times,

will shift these slack bytes around and will write over them. Granted,

the files being copied should not be copied in the same order, but the

ordering sequence need be broken only once, near the beginning of the

copy process.

>

>"Your!!!!!!!!!!!!!!! year mission is

>to!!!!!!!!!!!!!!!!!!!!,!!!!!!!!!!!!!!!!!!!!, land!!!!!!!!!!!!!!! a safe

>distance!!!!!!!!!!..................., land............... monitor

>it.!!!!!!!!!!!!!!!..."

>

>Which may result in being bitten on the thigh by a Nowhatian Bog Hog.

>

>It's tough.

>
 
shank wrote:

> Is there a way to delete files and/or select emails without being recovered

> by forensics?

>

> Assuming yes, is there a way to prevent forensics from detecting if you

> performed a delete action?

>

> thanks

>



You're using the wrong OS, if you're hoping to remain "secret".



Try the following.



Remove all hard disks from the computer.



Boot a Linux LiveCD. It stores intermediate files in RAM. With

the proper distro, you can have an email program, fetch the "secret"

messages from the email server (which of course, the forensic person

can't gain access to). Or, alternately, plug in the USB flash stick

that holds your "secret" files, read them with the tools in the

Linux Live environment etc.



When you're finished, shut down the OS and turn off the power.

Now, all intermediate files that were in RAM, are gone. The original

OS is stored on a CD, so that doesn't store any new info. On the next

BIOS POST, the RAM testing and initialization process, will overwrite

any remnant pattern in RAM (I mention that for the "what if the fuzz

kick in the door" crowd). If you want to relatively quickly flush RAM,

just do a restart and let the BIOS clean the RAM. Even pushing the

computer reset button, will trigger BIOS POST within the next 30

seconds. The BIOS may do some amount of writing to RAM, as part

of the POST sequence.



*******



Also remember, that physical evidence is not needed for a "legal

shakedown". Ask the 5000 people receiving letters for torrenting

"Hurt Locker" how much evidence the lawyers have. They can still

squeeze $1500 out of you, without too much trouble. For those

people receiving the legal letter, it's still going to cost them

money, whether they go to court or not.



*******



If you want the convenience of Windows, with all of its forms of

information leakage, it's going to be pretty hard to plug all

the leaks with adhoc methods. You'll likely slip up and forget

something. That's why I get a bit of a chuckle, when someone

mentions their latest CCleaner tactic. There really are too

many leakages, to go about it that way. You need a method

where you can demonstrate there is no hard disk with "scraps"

on it. If there is no hard drive, there is nothing for the

forensic guy to do.



Your email server has archives of all your emails, which can

be held for long periods of time. Even if the official retention

time for an archive or backup at the email provider is one year,

if the tapes or media haven't been rotated, they might still

have copies of your sensitive email years from now. So the

forensic guy doesn't have to work too hard, if he has a

good lawyer helping him.



http://en.wikipedia.org/wiki/Subpoena



Paul
 
On 06/18/2010 12:45 PM, Jose wrote:

> On Jun 17, 11:24 pm, "shank" wrote:

>> Is there a way to delete files and/or select emails without being recovered

>> by forensics?

>>

>> Assuming yes, is there a way to prevent forensics from detecting if you

>> performed a delete action?

>>

>> thanks

>

> You must remember that no matter what tool you choose to use, the

> forensic recovery person has that tool too (and better ones).

>

> If I see some "completely remove" tool like Eraser come along, I am

> going to get it too and use Eraser on my system and then I am going to

> figure out how to recover at least some information from a system that

> has been Erased. I will know what an Erased system looks like and

> what to do.

>

> If I suspect you have used Eraser to delete your files, I am going to

> already know how it works, what it does, what it doesn't do, what it

> leaves behind and where it leaves it.

>

> I am always going to try to be one step (or maybe leaps and bounds)

> ahead of any free Internet tool.

>

> If you are worried at all about your stuff, then you need to turn the

> tables in such a way that you are a step ahead. You would have to

> know what I have available (software and/or humans) and do something

> that exceeds the capabilities of my resources and remove your data in

> such a way that the resources I have will not be able to recover it or

> the methods to recover it have not been invented yet.

>

> Trouble is, you will never know the resources I have, but I probably

> already know the resources you have and what they look like and have

> already practiced recovering (at least something) from them many,

> many times before you even heard of them.



If I run a Mack truck over the hard drive, you won't be able to recover

anything. If I take a powerful magnet to it, you'll be SOL too. And if I

pour hydrochloric acid on the drive, you're also SOL. There are many

other permanent ways to delete everything on a hard drive.



--

Alias
 
You must log in or register to reply here.
Back
Top