Hiding that Eraser has been used.

Concerned

New Member
1/ Am I right that Eraser's uninstall will "delete" all traces of Eraser, but "delete" here is to be taken in the sense of Windows "delete"?
The former presence of Eraser will not be immediately obvious, but a file recovery program might exhibit parts of the files/filenames like "eraser.exe", right?
Only full solution to that would be to NOT install Eraser on the machine's disk. A bootable CD with Eraser on it has been suggested, but that seems complicated.
How about installing Eraser on an external USB hard-drive?

2/ After Eraser-ing unused space, doesn't the disk exhibit patterns that are un-natural for a used machine (too clean to be completely honest)?
Wouldn't it be a good idea to generate a lot of legitimate but innocuous hard-disk activity, like copying large amounts of large and small files around, deleting them and recreating others in semi-random order? That way, prying eyes would find the expected large number of recoverable files, but these wouldn't matter.

Comments?
 

Overwriter

Active Member
1/ Am I right that Eraser's uninstall will "delete" all traces of Eraser, but "delete" here is to be taken in the sense of Windows "delete"?
Yes

2/ After Eraser-ing unused space, doesn't the disk exhibit patterns that are un-natural for a used machine (too clean to be completely honest)?
Wouldn't it be a good idea to generate a lot of legitimate but innocuous hard-disk activity, like copying large amounts of large and small files around, deleting them and recreating others in semi-random order? That way, prying eyes would find the expected large number of recoverable files, but these wouldn't matter.
Eraser already follows the users delete overwrite pattern and then copies a randomly selected windows DLL as a last pass to provide a little plausible deniability for the user.

I had some ideas about making Eraser more stealthy but I think it would take a determined effort at the very beginning of the development stage of V6 to make it plausible. Eraser is predominantly an erase tool not a deception tool so I doubt my ideas would get much support.
 

Concerned

New Member
Thanks for the answers, Overwriter.

Regarding the leftover patterns, that sounds good enough for me. I'll maybe add some manual legitimate hard-disk activity as a last pass.

Do you have anything to say about my suggestion that installing Eraser on an external USB hard-disk instead of the internal HD will leave less evidence of its having been used, on the machine itself, after uninstallation?
 

Overwriter

Active Member
Hi Concerned

There is actually a portable version of Eraser, but it is an old “buggy” version.

Unfortunately Eraser V6 will not be portable at all.

I think you may be better trying some portable hex editors, there are many free and commercial ones available. This should help you achieve what you are trying to do.

If you are so “concerned” about privacy / plausible deniability have you considered using Truecrypt ? There will be a whole disk encryption version soon.
 

Concerned

New Member
Thanks, Overwriter.

The current concern I have is that I need to return a computer to its owner, but want to keep potential prying eyes from detecting too easily (1) what's been on there, and (2) that I went to some trouble hiding it (which also precludes physical destruction or complete wipeout of the hard drive).

I don't know how paranoid I need to be in this situation. Actually, I guess that if I really needed to be paranoid, then it's too late already and whatever I do doesn't matter too much. :-/
 

Overwriter

Active Member
Concerned said:
Thanks, Overwriter.

The current concern I have is that I need to return a computer to its owner, but want to keep potential prying eyes from detecting too easily (1) what's been on there, and (2) that I went to some trouble hiding it (which also precludes physical destruction or complete wipeout of the hard drive).

I don't know how paranoid I need to be in this situation. Actually, I guess that if I really needed to be paranoid, then it's too late already and whatever I do doesn't matter too much. :-/

This may be of use to you to remove, MRU’s, temp files, etc.

CCleaner

:wink:
 

Concerned

New Member
Thanks for that tip too. I had made a note to use spiderbite, but I guess I can use both, belt and suspenders...
 

Overwriter

Active Member
This is supposed to be good, never tried it myself though.

sweepi
 
Top