Forensic Analysis?
Moderators: Eraser DevTeam, Eraser Moderators
19 posts
• Page 2 of 2 • 1, 2
Re: Forensic Analysis?
by Joel » Fri Aug 17, 2012 2:33 pm
You can see the test - System Restore can be on, but if there are no images, it's as good as off, isn't it?
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.
I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
-
Joel - Eraser DevTeam
- Posts: 3688
- Joined: Sat Aug 19, 2006 12:16 am
- Location: Singapore
Re: Forensic Analysis?
by ZCode » Fri Aug 17, 2012 5:35 pm
Joel wrote:You can see the test - System Restore can be on, but if there are no images, it's as good as off, isn't it?
Where is the test?
I actually just tested this myself. When eraser erases the unused space, Windows does not delete ALL the restore points all the time. Sometimes it left one, sometimes it left two. Sure enough the older restore points are erased, but the fact that there might be one or two left still poses a security threat.
- ZCode
- Posts: 8
- Joined: Sat Aug 04, 2012 5:07 pm
Re: Forensic Analysis?
by DavidHB » Fri Aug 17, 2012 7:08 pm
Did Joel mean 'text', I wonder?
The warning appears in the task log, if Eraser detects that System Restore is or has been enabled.
And I repeat: Eraser does not remove extant restore points.
David
The warning appears in the task log, if Eraser detects that System Restore is or has been enabled.
And I repeat: Eraser does not remove extant restore points.
David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
- DavidHB
- Eraser Wizard
- Posts: 2166
- Joined: Sat Jan 23, 2010 8:10 pm
- Location: Isle of Wight, UK
Re: Forensic Analysis?
by Joel » Sat Aug 18, 2012 10:37 am
In the source code file you pointed out. I meant test - the test which will determine if Eraser thinks Shadow Copies are "enabled" (currently we're only equating existance of shadow copies with it being enabled). I don't think there's a way to determine if it's just enabled for the drive if there are no shadow copies currently enabled.
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.
I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
-
Joel - Eraser DevTeam
- Posts: 3688
- Joined: Sat Aug 19, 2006 12:16 am
- Location: Singapore
19 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 1 guest