Wipe & Preserve data in place?


New Member
Here's a question I've had for awhile about all data shredders/erasers, etc. I'm working with the following assumptions:

*The point of the program is to defeat software and hardware forensics from discovering current and/or previous contents.
*A machine upon which sensitive programs & data reside will invariably create and delete temporary files which may or may not contain some or all of the sensitive data upon which work is being done.
*The location and nature of these temporary files is not always known nor controllable.

If these assumptions are correct, wouldn't it be possible, or even probable that a particular region of a disk is used for a temporary file containing sensitive data, then erased by the system (non-securely), then overwritten with valid data, or even a newly installed program? If so, couldn't the forensic programs which are targeted by the repetive overwriting methods such as Gutmann detect the previous state of the drive in the relative location?

Would this necessitate a "wipe and preserve" mechanism where the "good" data is moved to an alternate location, the location is wiped, and then the "good" data restored? I know much of this issue can be combated with a strongly encrypted drive, but was wondering if this could indeed be a problem.



Staff member
What you say is correct but it can be mostly resolved by keeping sensitive data on a separate partition and temp files on another partition and never running defrag.



New Member
That's pretty much what I thought, but trying to isolate data from programs by partitioning is difficult in Windows (why can't you specify a root directory for "My Documents"?), plus so many temp files are created and destroyed by apps and the OS that there is likely going to be short-lived sensitive data overwritten and thus detectable by forensics.

At least the only thing I have to worry about on my machine is the shame of someone discovering my horrible investing history...



why can't you specify a root directory for "My Documents"?),
I don't know about Win9x, but in Win2k and XP you can do this. Right-click the "My Documents" icon, choose "properties", in the dialog box there's "Target folder location". Enter a new path or browse with the "Find target" button