Evidence eliminator and such programs

Networking/Security Forums -> Computer Forensics and Incident Response

Author: Guest PostPosted: Thu Sep 08, 2005 4:09 pm    Post subject: Evidence eliminator and such programs
    ----
Hi!

What's the best program of all those aps who claim to remove all evidence of files/activities?

Do they work even against the best forensic methods?

Love, Andy

Author: sam.spade PostPosted: Thu Sep 08, 2005 4:36 pm    Post subject:
    ----
http://ee-sucks.tripod.com/ee-lies.html

There's a bunch of sites, you can search google yourself for more. Basically, Evidence Eliminator is a giant scam.

As for wiping data, I'd suggest Eraser.

Author: MarYo PostPosted: Thu Sep 08, 2005 7:33 pm    Post subject:
    ----
I agree to stay away from Evidence Eliminator.

I suggest the following products:

- CCLEANER www.ccleaner.com - Effective, reliable, free but without secure file delete/shredding. Crying or Very sad

- CleanUp www.stevengould.org/software/cleanup/download.html - Just discovered, it feature secure file delete, free, never tested.

- PrivacyEraser www.privacyeraser.com - Commercial, with lot's of feature. At the moment I don't know about a free software that match it.

I'm also interested in other user opinion.

Author: TCM PostPosted: Fri Sep 09, 2005 5:36 pm    Post subject:
    ----
Has anyone uses SDelete from Sysinternals. I tried it couples with Restoration and although all of the file names were still intact (like SDelete's readme says) I couldn't actually recover any of the information. And you can also select the number of passes for SDelete. 40 works like a charm.

Author: MarYo PostPosted: Fri Sep 09, 2005 7:56 pm    Post subject:
    ----
For secure file delete IMHO the best freeware is Eraser
http://www.heidi.ie/eraser/

Fast and safe, nothing to except

Author: AdamVLocation: Leeds, UK PostPosted: Fri Sep 09, 2005 9:07 pm    Post subject:
    ----
hang on - was this thread started by the_psycho, or our own ThePsyko? or just a psycho? I'm confused (a very tiny bit) Confused

Author: ThePsykoLocation: California PostPosted: Fri Sep 09, 2005 9:33 pm    Post subject:
    ----
Wasn't me. Smile

Author: comrade PostPosted: Sun Sep 25, 2005 12:36 pm    Post subject:
    ----
Use a livecd and store anything that sensitive in RAM.

Secure deletion through software methods on modern hard drives is risky at best.

Author: OddOne PostPosted: Fri Nov 04, 2005 9:27 pm    Post subject:
    ----
FYI: I write data destruction software.

First off, Evidence Eliminator is a joke. HIDEOUSLY overpriced for what it does, and if your serial number is compromised it PRETENDS to destroy data without actually doing so (and the author's documentation even brags about this).

Second, Sami Tolvanen's Eraser is the best freeware destruction app out there.

Third, data destruction software CAN prove useful for sensitive info up to the level where governments and militaries are involved. Certainly there are tough enough products to thwart anything shy of a nation's security apparatus going after the data, and I've personally tested (and written) apps that thwart software-level recovery, including forensics software used by law enforcement.


The "big three" commercial tools from my tests are CyberScrub 3.5, EastTec's Eraser 2005, and Terminus 6. These actually do comply with current U.S. military recommendations and do appear to perform the types and natures of overwrites they advertise.

Of course, if your data is really sensitive it shouldn't be stored on a drive.

oO

Author: MarYo PostPosted: Sat Nov 05, 2005 6:20 am    Post subject:
    ----
Never heard of Terminus 6. It show impressive features!

Author: namidua PostPosted: Sat Aug 19, 2006 9:12 am    Post subject:
    ----
sam.spade wrote:
http://ee-sucks.tripod.com/ee-lies.html

There's a bunch of sites, you can search google yourself for more. Basically, Evidence Eliminator is a giant scam.

As for wiping data, I'd suggest Eraser.


I'll bump this! I just used it today and am THRILLED!!!

I am buying it for sure, gotta support the programmers. Try the 30 day eval, you won't be dissapointed. you have lots of oprions as to what to over-write. I have a drive that was a raptor 74gb FULL. I started out with the Gruthman (sp?) 35 Pass, but that would have taken a day, I dropped it down to DoD (department of Defense) grade of 7 passes. Worked awesome.

I had erased everything from my XP pro on theat drive using Shft + del, then YES. So it skips the recycle bin. I ran 4 differnet recovery programs and they found 99% of the files. the names weren't totally right, but the info inside was.

I ran Eraser (7 wipes)and then I tried to run the other 4 recovery programs, and they took 10x longer than before. 2 days straight of them running and they just pulled upp some INI files of my pagesys file that I have since disabled and Erased..

TRY it outit is easy!!

Author: namidua PostPosted: Sat Aug 19, 2006 9:16 am    Post subject:
    ----
Here is a GREAT one. Open source and can do 100 disks at a time!! It is called Darik's Boot and Nuke or DBAN. It is available at http://dban.sourcefogre.net.

It only is good for boot and wiping ALL disks attached to the PC (iDE and SCSI) not firewire or USB..

It cna be run from CD/DVD or floppy or USB drive.

It's free

Author: namidua PostPosted: Sat Aug 19, 2006 9:18 am    Post subject:
    ----
MarYo wrote:
I agree to stay away from Evidence Eliminator.


I agree with this 100%. They gave LE the software to recover all data that was "destroyed" from EE. I know this for a FACT, but can't say how...

Also, Acronis isn't the best either, they are in big brother's pocket too, to some extent

Author: Sam Miller PostPosted: Wed Dec 20, 2006 12:39 am    Post subject: Re: Evidence eliminator and such programs
    ----
I must say and I know a little about this as my previous day job was to do security audits... well, it's really hard to keep your data secure. Well, actually find shredders do their job, BUT:
1) They wipe only files that you send to them
2) They cannot get inside cache files or swap files as they are actually not deleted;
3) They cannot wipe files they don't know about, for instance temporary files created by MS Word

Finally, wiping free space once a week or one a day will not do a trick as .. files are changed more often and there will be a lot of data that is still available for recovering.

How can you make your files a little bit more secure?

1) Consider using background mode file shredder, these tools catch all deleted files, not just you see in Recycle been.
2) Consider putting your secret files at encrypted disk (TrueCrypt is freeware, PGP is also good).
3) Don't give your files clear names, I mean it's better to name something like "Doc1" than "MyTopSecrets".

This will be enough to keep your business in secure way.
P.S.
An off course, clear sometime your history in IE or Mozilla.


Anonymous wrote:
Hi!

What's the best program of all those aps who claim to remove all evidence of files/activities?

Do they work even against the best forensic methods?

Love, Andy

Author: bknows PostPosted: Mon Jan 01, 2007 7:10 am    Post subject:
    ----
Quote:
For secure file delete IMHO the best freeware is Eraser
http://www.heidi.ie/eraser/


Yes, it is good software, but make sure you go to Options and up the # of wipes. It defaults to only 7 passes.

Also, Tolvanen is now "Heidi"

Author: sargeantdave919 PostPosted: Mon Feb 12, 2007 12:13 am    Post subject:
    ----
Just thought i would share sum info i know about Evidence eliminator.

i used to help with forensic work with one of the uks leading computer forensic analysts (not gonna name names)who has done many major cases from child porn to fraud.he is one of the main men for the police to call in on important cases.
I worked with him in his lab (has one amazing setup)on several cases as a observer.i learnt alot of things about this field but one thing i do remember asking him is what if any could beat him when it came to data recovery and he said the only peice of software that if used properly could stump him is evidence eliminator.

ive seen there web site and how gimiky it looks and all the bad press about it but this guy is one of the best in his feild in europe and the main case i was working on fell through down to the fact a unnamed kid hacker had used EE regularly and so he was unable to get any tangable evidence.

dont get me wrong, almost every thing i read about it says nothing but bad things, but ive seen first had how it stumps UK law forensic people and i dont care what is said about it because i know it works and wouldnt use anything else.

Just thought id share that with you

Author: RoboGeekLocation: LeRoy, IL PostPosted: Mon Feb 12, 2007 4:01 am    Post subject:
    ----
I do the same forensics stuff here.. EE can be recovered from pretty easily... as can most. Terminus and MaxLLF are the hardest

Just a quick explanation of how and why.. modern drives are smart (hehe) and they use voice coils, firmware and lots of constant checks to find the center of tracks, and make sure they are perfectly aligned using the servo tracks. But magnetic materials aren't that picky - they go where the force directs then. So if a track has been rewritten many times, then erased.. the center of the track may show blank. But if you offset the read head positive or negative from the centerline, you are in an area that has only been affected by long term magnetic fields. Guess whats there...

Author: kojak PostPosted: Wed May 16, 2007 3:57 pm    Post subject: erasing drive before discard/selling
    ----
Hi, I am selling my old computer. I wiped the drive using killdisk 3.1 several times (to make sure it worked) using USDOD 5220 (3 wipes each) to remove any confidential data. It took several hours each. I work in health care and the odd time I viewed reports on my home computer. Anyway, I reinstalled windows and hope to sell the box. Is this good enough to eliminate sensitive data?

Author: KarenSeebeck PostPosted: Tue Feb 01, 2011 3:25 pm    Post subject: Cna training
    ----
This is a absolutely wrong & illegal method. It is a crime to prevent another crime.So, don't try this & be aware of making deeds against law.

Author: RoboGeekLocation: LeRoy, IL PostPosted: Tue Feb 01, 2011 3:35 pm    Post subject:
    ----
there is nothing illegal about it - in fact its a requirement of many companies before disposal of used equipment. I use dban several times a week on drives I've recovered data from and am now disposing of


@kojak.. yup.. you have met all the HIPAA requirements and then some



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group