File and disk-wiping software

In view of the foregoing, the user who wants to keep his or her hard disks, but wants to clean (“sanitize”) them up enough to prevent unauthorized viewing of data in them, is advised to follow the following procedure:

1. Use full disk encryption. These are software products that encrypt the entire disk track for track and sector for sector, with the excep- tion of the boot sector, which contains no sensitive information. Make sure that you use a password that is very hard to guess. The recommended software packages are shown in detail in Section 6.4.1. Ideally, this should be done on a brand new disk before one installs any operating system or application software so that no data can end up in the mothballed sectors described under (5) above. If it is done after a disk has been used, protection will be offered from all threats except these mothballed sectors.

Also, keep in mind that full disk encryption protects one only when the computer is turned off; when the computer is turned on, it is vulnerable to hardware keystroke interceptors, to hidden over- head cameras, to the interception of the radio-frequency emanations that every computer radiates to varying degrees (see Section 4.7), and to any hacker online. Protection from these threats requires different countermeasures described in the corresponding sections in this book.

2. If full disk encryption is not taken advantage of as recommended and one wants merely to get rid of a single file, then supershredder.exe is recommended; see www.cotse.net/users/bluejay/supershred.html for detailed step-by-step advice on its use. Keep in mind that this will only eliminate the single file in question; it will not touch temporary files, history files, or the swap file. TIF-Clean is an excellent small utility to clean up the litter left behind by Internet Explorer; it runs in the background every time Windows is started. See http://www.staff.uiuc.edu/%7Eehowes/resource3.htm, where it can be downloaded.

3. If one does not want to use full disk encryption to sanitize one’s hard disks, then the first step is to use software products that try to clean up the electronic litter left behind by assorted applications software and by the operating system. This must be done before any disk wip- ing. The best of these software packages are the following:

a. SecureClean by White Canyon Company (http://www.white- canyone.com). This one shows a before and after view of what it finds in the hard disk. It does not remove files used by Windows.

b. Window Washer by Webroot Software (http://www.webroot. com). This, too, does not remove files in use by Windows. c. Eraser by East Tec Software (http://www.east-tec.com). This

causes the file length to be set to zero, renames the file with ran- dom symbols, and places a .tmp extension on every file it removes.

d. BC Wipe by Jetico (http://www.jetico.com). Although BC Wipe is free, the full Best Crypt package from the same source is highly recommended in that it offers the option to encrypt your swap file as a default from that point on so that you no longer need to worry about data leakage from the swap file. Like East Tec’s Eraser, it eliminates the names of the files being wiped, whereas most of the other software packages do not do that. e. Track Eraser Pro by AcesSoft Company (http://www.acesoft.

com).

4. Use two or, preferably, more different disk-wiping software pack- ages in sequence. Do not trust any one of them alone. Make sure you have enabled the option to overwrite the files you want removed. Some packages use odd terms for overwriting (e.g., “bleach” in the Window Washer software).

5. Defragment the disk. Defragmenting is emphatically not a substitute for, but an adjunct to, disk wiping.

6. Now use a disk-wiping software package to overwrite the free space and the slack (space between the end of file and end of clus- ter) in your disk. This can take a long time (hours), so it is not the sort of thing you want to do in a hurry when the chips are down. The best software for this is Eraser by www.tolvanen.com. The option to have multiple overwrites is not as appealing as it may seem because many hard disks look at the request to write different things sequen- tially to a given sector and shortcut the process by only writing the last sequence. You are better off overwriting once, then returning when this is done and overwriting everything again from scratch.

Ensure that you specify the overwriting of the swap file; this can only be done outside Windows from DOS using ERASERD, which comes with that software.

7. Use some forensic software to see if you can still find what you tried to remove. A set of simple and free software packages is Directory Snoop and File Recover. The best of them all is EnCase from Guid- ance Software (http://www.guidancesoftware.com) (which is used by roughly 90% of the police departments in the United States and the United Kingdom) to double check if a file that is supposed to have been removed has in fact been removed, along with all references to it. A full check of a typical 100-GB hard disk can take hours. Do not use Encase from within the same computer you are interested in checking for the absence of sensitive data; otherwise, you risk creat- ing temporary and other files containing precisely the keywords you don’t want to find.

Keep in mind that if the computer you are trying to clean is a networked corporate one, the network administrator can readily detect what you are installing (or have installed).

Numerous other software packages for overwriting data are reasonably good, but each has its own peculiarities and shortcomings. See www.cotse. net/users/bluejay for an objective comparison. Specifically:

1. The file-wiping function of many versions of Pretty Good Privacy (PGP) freeware has been found to be flawed. If one wants to use it anyway, see http://www.cotse.net/usersbluejaypgpwipe.html for a thorough hand holding on how to do it properly.

2. The disingenuously named Evidence Eliminator has a lot of contro- versy associated with it because of its makers’ scare tactics in advertising it.

A more complete list from www.fortunecity.com/skyscraper/true/882/ Comparison_Shredders.htm includes information about shredders’ other qualities (or lack thereof), such as availability and pricing.

Other additional software products are available for disk wiping that have not been specifically evaluated. They include, but are not limited to, the following:

◗ _{Shredder 2.0 by Strafor Systems;}

◗ _{Cover Your Tracks 3.0 by FatFree Software (http://www.ffsoft-}

ware.com);

◗ _{Shiva, Destroyer of Files by Isis Software (http://isis-software.com);} ◗ _{Nuker by Genio.}

Because disk cleaning can take many hours, it is self-evident that a security-conscious user cannot use it against an imminent threat. If one is in such an environment (e.g., a totalitarian regime), one must disk clean on a

veryregular basis on the assumption that the door could be broken down by an intruder at any time.