Accountability and auditing

markfarey

New Member
We have a requirement for secure erasing of data files that includes the need to document all activity. Eraser looks like it will do the job apart from the logging. It appears that logging is only available through a scheduled task (which is OK) but even then, there is no logging of successful activity, even under the Informational heading. Can anyone put me straight on this, or point me at a product or method that might have better audit capabilities?

Regards to all,
Mark
Ottawa, Canada.
 
There is good news and bad news, but I fear that the bad will outweigh the good.

The good news is that all Eraser tasks generate a log, though the log of tasks initiated by drag and drop or through the context menu is deleted immediately. But the logs of all tasks run from the schedule, including tasks that are run on demand, are maintained. Log entries can be highlighted and copied and pasted to text files, though this is a cumbersome process.

The bad news is that Eraser (both v5 and v6) logs are really designed for error reporting, and do not specify the actions taken. This, I think, rules them out of court for your purpose.

I can't know the logic of your requirement, of course, but there is an argument that logging erasures via the erasing program is in any case potentially exceedingly misleading. There are circumstances (e.g with a flash drive or SSD) where Eraser will report that it has successfully completed a file erasure when it has in fact done nothing of the kind. IMO, the only valid way to be sure that erasing has taken place is to run a file recovery program on the target drive. Sadly, I don't know one that generates a log of its scans.

I'm sorry I could not be of more help.

David
 
David,

Thank you, you have been very helpful.

I'm surprised this isn't a more common requirement since usually the first thing out of a client's mouth after, "how do you securely erase files?" is "prove it!" Your comments about flash drives and SSDs is well taken, but at the end of the day our client just wants reassurance that we have done more with their files than simply deleting them, and giving them a list of erased files will go a long way towards that. I think I'll take a look at commercial products next and Cyberscrub Privacy Suite caught my eye, unless I get bad vibes from yourself or other readers on that.

Thanks again,
Mark.
 
To be honest, my needs have always been met by Eraser, so I have no need for a paid for product and have never investigated the alternatives. The Cyberscrub product looks OK. and presumably had to do something right to get DoD endorsement. But apart from its logging capabilities (which I know you need), it really only does what Eraser and CCleaner (both free) used together can do.

In relation to your client's 'prove it', I would still rather do that with with a file recovery program. And, in relation to auditability, Eraser does have the significant advantage of being an open source program. Because the code is freely available, it can be reviewed and if need be challenged by anyone.

David
 
Back
Top