Erasing free space on encrypted partition

phkhgh

Member
Eraser help says it erase free space on encrypted drives. It says the encryption is transparent to Eraser. However, when I try to erase free space on a whole partition encrypted w/ True Crypt 7, Eraser 6.1.0.2278 crashes, and one of lines in error msg is "directory not found."

This partition isn't hidden - has an assigned drive letter.

Don't know how / if it relates, but a partition encrypted w/ True Crypt appears to be unformatted to Vista & other prgms.

I'm running Eraser in Admin mode under Vista x64 SP2.

Description:
Stopped working

Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: eraser.exe
Problem Signature 02: 6.1.0.2112
Problem Signature 03: 4cf9bec4
Problem Signature 04: Eraser.Util
Problem Signature 05: 6.1.0.2112
Problem Signature 06: 4cf9be74
Problem Signature 07: 122
Problem Signature 08: 4d
Problem Signature 09: System.IO.DirectoryNotFound
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
 

DavidHB

Active Member
I assume that the 'partition' is actually seen as a file by the OS. I suspect that there is no free space, as the term is normally understood, within this file; as the file is protected by encryption, there should in any case be no need to do a free space erase in the associated drive. What Eraser can do is erase the whole file, or the free space on the host drive if the file is deleted.

David
 

phkhgh

Member
David, no - the OS sees the encrypted drive (partition) as an unformatted volume, w/ an assigned letter.
Real issue in my mind is Eraser crashing & reporting error when erasing free space on encrypted drive, when Help says shouldn't be a problem. The error given (see post 1) may / may not be actual error encountered by Eraser.

A possible reason to erase free space might be before moving to same or another disk, or when resizing (I recently did both).

Don't know what would result, for instance, if files w/in encrypted whole partition were erased (or just deleted), then encrypted drive is shrunk. Part of orig HDD space formerly inside encrypted drive would then be outside it.

Since Eraser 6.1.0.x doesn't seem to work erasing encrypted drives for me, as Help file indicates it can, that seems would force me to erase slack space on drive(s) next to the resized encrypted drive. Appears either Help file is incorrect or there's a problem w/Eraser & encrypted drives.
 

DavidHB

Active Member
phkhgh said:
David, no - the OS sees the encrypted drive (partition) as an unformatted volume, w/ an assigned letter.
Real issue in my mind is Eraser crashing & reporting error when erasing free space on encrypted drive, when Help says shouldn't be a problem. The error given (see post 1) may / may not be actual error encountered by Eraser.
My mistake; I hadn't picked up what is a recent change in the manual. Actually, the error is one I seem to recall on non-encrypted drives, and suggests to me that it might be worth checking for a file system error on the drive. I don't know whether Truecrypt provides a utility to do this, or whether it is transparent to the disk checker in any case.

phkhgh said:
A possible reason to erase free space might be before moving to same or another disk, or when resizing (I recently did both).
And those are the kind of circumstances in which file system errors can arise.

phkhgh said:
Don't know what would result, for instance, if files w/in encrypted whole partition were erased (or just deleted), then encrypted drive is shrunk. Part of orig HDD space formerly inside encrypted drive would then be outside it.
As I read the Truecrypt documentation, the encrypted drives can be file- or partition-hosted. In the former case, the file would, I guess, change in size, and the free space would accrue to the containing drive, and would be erasable there. In the latter case, I'd guess that the partition size remains unchanged, so the free space would be in the encrypted drive.

phkhgh said:
Since Eraser 6.1.0.x doesn't seem to work erasing encrypted drives for me, as Help file indicates it can, that seems would force me to erase slack space on drive(s) next to the resized encrypted drive. Appears either Help file is incorrect or there's a problem w/Eraser & encrypted drives.
Or, as I indicated, the problem may not be related to encryption as such. But I also suggest that Joel comments; my instinct is that free space erasing should work in an encrypted partition (as suggested in the manual), but I am still unsure whether it works in a file-hosted 'drive' that varies in size, so I'd be grateful for his advice on that point.

David
 

phkhgh

Member
Thanks. Do you have any idea of type system file issue might cause the problem I'm having? Vista itself & all other apps I use seem fine, but... May not mean anything, but this is only partition I've recently had errors erasing free space. It's also the only encrypted partition.
I can run sfc just to see if something pops.

The Eraser error rpt alluded to directory not found
Problem Signature 09: System.IO.DirectoryNotFound
Can enable the blackbox plugin & see what it show if error repeats.
** BTW, where is the Eraser black box log file found (assume it generates one)? Search doesn't find it. I enabled blackbox plugin, restarted Eraser. Crashed again, but can't find any log file. Eraser pgrm files are installed to non default location D:.

The partition itself / True Crypt are working fine. Honestly, I didn't try erasing free space on any encrypted partitions before, w/ this or any previous Eraser ver, so don't know if it's a recent development.
 

phkhgh

Member
Update: I thought about the error "directory not found" and what I'd mentioned that True Crypt encrypted volumes appear as unformatted, empty space to windows. On a hunch, decided to mount the volume, then erase free space of virtual volume letter assigned by True Crypt, instead of actual encrypted vol letter. This time seems to have worked - haven't run any file recovery apps to see if anything's left, but will. If didn't work, I'll post back.

Guessing ? the "directory not found" msg is because the volume appears unformatted to eraser, same as windows. Though I wasn't specifying a directory, guessing it was a generic msg that didn't really describe the prob it encountered. BTW, black box never did create a log file in the App Data\Local\Eraser 6 folder, as I read it should, though Eraser crashed several times. Not under admin or regular user accts.

May be way off, but seems Eraser help file just doesn't give enough info about erasing encrypted volumes. It's only a couple of lines. Maybe my test above was a fluke & not the real solution. Or maybe it's so obvious to everyone but me that an encrypted volume would have to be mounted before anything could be erased.
 

Joel

Active Member
phkhgh said:
Update: I thought about the error "directory not found" and what I'd mentioned that True Crypt encrypted volumes appear as unformatted, empty space to windows. On a hunch, decided to mount the volume, then erase free space of virtual volume letter assigned by True Crypt, instead of actual encrypted vol letter. This time seems to have worked - haven't run any file recovery apps to see if anything's left, but will. If didn't work, I'll post back.
Correct, you hit the nail on the head. Erasing unused space only works for volumes with a formatted filesystem. However, the new "partition erase" feature in Eraser 6.1 should erase the partition and its file system structures, making the entire disk unrecoverable for almost all intents.

One thing though, How are you able to obtain the "encrypted" volume letter? TrueCrypt mounts the volume decrypted before access, and the filesystem holding the TrueCrypt file would only see the file, not the free space within it?

phkhgh said:
Guessing ? the "directory not found" msg is because the volume appears unformatted to eraser, same as windows. Though I wasn't specifying a directory, guessing it was a generic msg that didn't really describe the prob it encountered.
Correct again.

phkhgh said:
BTW, black box never did create a log file in the App Data\Local\Eraser 6 folder, as I read it should, though Eraser crashed several times. Not under admin or regular user accts.
I've added you to the Eraser Beta Users group, if you are using a beta you should post there instead as most users may not be able to distinguish what applies to them and what doesn't. Within the forum, there is a post describing how to enable the BlackBox Crash Reporting plugin, follow that for the crash reports to be made.

phkhgh said:
May be way off, but seems Eraser help file just doesn't give enough info about erasing encrypted volumes. It's only a couple of lines. Maybe my test above was a fluke & not the real solution. Or maybe it's so obvious to everyone but me that an encrypted volume would have to be mounted before anything could be erased.
Don't be so self-deprecating :) The documentation isn't perfect, especially since it's written by technical people (myself) so it's probably the least useful document on earth. I'm hoping to assemble a team of documentation gurus (hint, hint David :)) to help maintain the docs and ensure its relevance. Perhaps, you can ticket this on Trac so that we can work on this.
 

phkhgh

Member
Thanks Joel, we'll see how effective erasing the free space of encrypted volume actually was.
One thing though, How are you able to obtain the "encrypted" volume letter? TrueCrypt mounts the volume decrypted before access, and the filesystem holding the TrueCrypt file would only see the file, not the free space within it?
1) When encrypting an entire volume w/ TC, one way is to create a new vol (or guess take an existing one), then select it thru TC's encrypted vol creation wizard. Letter for "real" encrypted vol is assigned by user before or during encryption.

2) When mounting the encrypted vol, you select the encrypted volume in TC's UI, then it gives options of unassigned letters for the "virtual" volume to mount the encrypted volume. I don't know all the details of what happens behind the scenes, but obviously TC isn't decrypting & writing all the data into newly created real volume (strictly virtual). Not sure how Eraser could then see the free space on orig encrypted vol. Suspect because of same reason that Eraser (or any other app / OS) can't see ANY data on the encrypted vol until opened / decrypted w/ TC.

Then all folders / file names are visible in Explorer or other, but the folders / file names show up in the NEW volume letter chosen during mounting process. Apparently, Eraser can then see the files & free space, because it no longer appears to be an unformatted vol.

Orig encrypted vol (letter) still appears unformatted to the OS, while encrypted vol is mounted. Even though TC asks to pick a "new" volume letter to mount the encrypted vol to, I'm sure it's still reading all data from the orig vol letter, not creating an actual new vol. Most likely for security than functional reasons?? After all, if had 100 GB of encrypted data & little unallocated space left on HDD, there'd be no room for TC to create an actual temp volume & the time involved would be prohibitive. On my box, it mounts the vol almost instantaneously.

Yes, Eraser's documentation, along w/ about 95% or all commercial, free / open source prgms could stand improvement. Eraser's better than many - some well developed commercial ones are dismal. "A little knowledge is a dangerous thing."
 

Joel

Active Member
phkhgh said:
Thanks Joel, we'll see how effective erasing the free space of encrypted volume actually was.
1) When encrypting an entire volume w/ TC, one way is to create a new vol (or guess take an existing one), then select it thru TC's encrypted vol creation wizard. Letter for "real" encrypted vol is assigned by user before or during encryption.

2) When mounting the encrypted vol, you select the encrypted volume in TC's UI, then it gives options of unassigned letters for the "virtual" volume to mount the encrypted volume. I don't know all the details of what happens behind the scenes, but obviously TC isn't decrypting & writing all the data into newly created real volume (strictly virtual). Not sure how Eraser could then see the free space on orig encrypted vol. Suspect because of same reason that Eraser (or any other app / OS) can't see ANY data on the encrypted vol until opened / decrypted w/ TC.

Then all folders / file names are visible in Explorer or other, but the folders / file names show up in the NEW volume letter chosen during mounting process. Apparently, Eraser can then see the files & free space, because it no longer appears to be an unformatted vol.

Orig encrypted vol (letter) still appears unformatted to the OS, while encrypted vol is mounted. Even though TC asks to pick a "new" volume letter to mount the encrypted vol to, I'm sure it's still reading all data from the orig vol letter, not creating an actual new vol. Most likely for security than functional reasons?? After all, if had 100 GB of encrypted data & little unallocated space left on HDD, there'd be no room for TC to create an actual temp volume & the time involved would be prohibitive. On my box, it mounts the vol almost instantaneously.
Yes, the TrueCrypt driver will redirect all I/O operations and still flush it to the same disk. The "physical" partition appears unformatted as the OS is unable to find any disk structures describing its parameters. And I also see why you can get both the physical and virtual drives, you're doing a partition level encryption.

phkhgh said:
Yes, Eraser's documentation, along w/ about 95% or all commercial, free / open source prgms could stand improvement. Eraser's better than many - some well developed commercial ones are dismal. "A little knowledge is a dangerous thing."
Could you be so kind as to extend some help? :)
 

DavidHB

Active Member
joel said:
1 I'm hoping to assemble a team of documentation gurus (hint, hint David :)) to help maintain the docs and ensure its relevance ...
This is actually something I'd like to help with. I'm no guru, but for really useful documentation that's an advantage.

I strongly believe that the best documentation comes from extensive interaction between users, programmers and that writing team. Eraser 6 is only now achieving the degree of maturity at which there is a clear body of evidence about what users actually need to know. To some extent, the FAQ posts have been an experimental response to user concerns.

As someone who has not contributed to the writing of the user manual, I would say that, as a reference manual for the program, it does rather well (apart from the fact that certain gaps need to be filled). What it does less well is introduce users (particularly new users and those coming from Eraser 5) to Eraser 6. That would be my first priority.

David
 
Top