[feature] User-defined prefix for file name obscuration

Discuss proposed patches here.

Moderators: Eraser DevTeam, Eraser Moderators

[feature] User-defined prefix for file name obscuration

Postby maddes » Tue Feb 01, 2011 8:39 pm

New option: User-defined prefix for file name obscuration

When erasing unused space, then also the file names of deleted files are obscured so no conclusions can be drawn from them.
In general this is good for security, but if you have to recover files, that got accidentally deleted, then it is hard to find them in that mess.

Therefore provide a new option where the user can define an obscuration prefix, which is placed in front of the totally random file names.
This way all erased files will be listed en-block when undeleting, e.g. ZZZZ will put them at (or near) the end of the files/folders list.
Although there is now a constant prefix still no conclusions can be drawn from the new file names.
If the prefix is left empty, then the result will be as it is now.

Kind regards
Maddes

P.S:: Posted as a forum topic due to TRAC issues with sending mails.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby DavidHB » Wed Feb 02, 2011 1:13 pm

After erasing unused space, files will not be recoverable (with or without recognisable names); that is the whole idea. Any files that are recoverable will not be in space marked as unused, and as such are not affected by the erasure one way or the other.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Wed Feb 02, 2011 2:22 pm

Sorry I didn't expressed myself clearly enough.

Situation where this option can be useful:
* Erase unused space with Eraser. (so all unused file entries get random file names)
* Work with the system for a long time.
* Accidentally delete some files. (Edit: was incorrectly "erase" before)
* Try to undelete them.

Now you get an unmanageable list in your recovery tool.
Due to the random file names of the previous wipe it's nearly impossible to find the files you want to recover.
If Eraser would allow to put a prefix before the random part of the file names, then this would be much easier.
And it should be an option (not mandatory), so the user can decide if he wants to use it or not.

Does this help to understand this feature request?
Last edited by maddes on Mon Feb 07, 2011 12:04 pm, edited 4 times in total.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby DavidHB » Wed Feb 02, 2011 6:45 pm

If you accidentally erase files, they will be non-recoverable. Erasing is not, and is not supposed to be, reversible.

If you are trying to recover accidentally deleted files, and are finding the list of recoverable files hard to deal with, there are a couple of ways of reducing the problem. In Eraser you can use the plausible deniability feature, and use a known set of files on your machine as the erasing files; you will then know which deleted files were used for erasing. Actually, I find the default randomly generated file names easy to spot, precisely because they are so random.

Another approach is to use a file recovery tool, such as Recuva, which gives you the option to filter the random file names from the list of 'recoverable' files, and also allows you to order the list by date/time. This is what I do; I don't usually have any difficulty in finding files to recover.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Mon Feb 07, 2011 11:58 am

Changed my previous post to use "erase" and "delete" correctly. Sorry and thanks for the hint.

Plausible deniability would not help me, as I still had to wade through several hundreds or thousands of files to find the right ones.
Also according to the docs it seems that it is only used when erasing explicit files/folders and not when erasing unused space.

Last time that miscue happened to me, there were 12.000 deleted files on my hard disk (for working/downloads/temp) and I knew that around 1000 files got deleted by accident.
I didn't know all the names of the 1000 files, so I had to check each and every entry of the list if it could be a file that I accidentally deleted.
The completely random names of the erased file entries made this task "a pain in the a**".
I still think that this feature request would add a very useful option to Eraser.

Will also have a look at Recuva to use this as a workaround, or as a replacement for the currently used PC Inspector File Recovery.
Will also re-check the date/time of erased files, but I think they were random too.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby DavidHB » Tue Feb 08, 2011 12:02 am

I find that the way Recuva filters its results is quite helpful. Bear in mind, also, that the way the NTFS file system works is such that file recovery programs do not use just the MFT to identify potentially recoverable files; they often find and reconstruct files simply from the traces remaining on the drive. Many of your 12,000 entries will have been of that kind, and most of those, I guess, will have been spurious.

I think that what you are asking for is an option not to clear the MFT entries after a free space erase. I'm not sure that would help, because you would still get all the spurious entries from the recovery program.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Tue Feb 08, 2011 8:38 pm

Haven't tested Recuva yet, but found another workaround to reduce the problem for me (btw it doesn't make this feature request obsolete).
Unfortunately it requires a commercial product: Either Paragon's Total Defrag (TD) or Partition Manager (PM).

  • Defrag/Optimize MFT with TD or PM (all valid entries are moved to the beginning of the MFT)
  • Erase unused space with Eraser (obscures all unused/invalid MFT entries)
  • Compress/Truncate MFT with TD or PM (all invalid entries at the end of MFT are truncated and therefore gone)
This way I can get rid of those obscure file names with Paragon's TD or PM, while keeping privacy with Eraser in the unused MFT entries.

P.S.:
If there's an open-source program that can Defrag/Optimize/Compress/Truncate MFT, then please let me know.
Last edited by maddes on Tue Feb 08, 2011 9:03 pm, edited 4 times in total.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Tue Feb 08, 2011 8:50 pm

DavidHB wrote:I think that what you are asking for is an option not to clear the MFT entries after a free space erase. I'm not sure that would help, because you would still get all the spurious entries from the recovery program.

No, not exactly.
I really just want a user definable prefix for the random file names used by Eraser when invalidating MFT entries with "erasing unused space".

Maybe an example makes it more clear.

Example without a prefix, just like current Eraser:
Code: Select all
.LMrRJGXMdZwX-mV
5pzEK_PgQoN5.qBU
6dollar_bill.txt
D3wbfhskDWVkDE5c
hoYY3soXeDGgSP5M
iamarealfile.xls
iePwP_WnLPF9AsLm
jU93Fo3Xm4W-N2dD
makefile_old.bak
MAmVp2xJ9ue4kDFD
wgaLNzsCNmJ5BZ6Y
ypsilon-letter
zLpX3ymW8E_rjhMF

Same example with a user-defined prefix of "ZZZZ":
Code: Select all
6dollar_bill.txt
iamarealfile.xls
makefile_old.bak
ypsilon-letter
ZZZZ.LMrRJGXMdZw
ZZZZ5pzEK_PgQoN5
ZZZZD3wbfhskDWVk
ZZZZhoYY3soXeDGg
ZZZZiePwP_WnLPF9
ZZZZjU93Fo3Xm4W-
ZZZZMAmVp2xJ9ue4
ZZZZwgaLNzsCNmJ5
ZZZZzLpX3ymW8E_r

You see the prefix makes it much easier to find deleted files after the last erase of unused space.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby Joel » Sat Mar 19, 2011 2:07 am

It would make the plausible deniability aspect a little worse than it is now, but as David always points out, having Eraser installed is condemning enough :)

You can file a ticket for this, summarising the thread, but I think this would be lower in priority for the moment.
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.

I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
User avatar
Joel
Eraser DevTeam
 
Posts: 3688
Joined: Sat Aug 19, 2006 12:16 am
Location: Singapore

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Sat Mar 19, 2011 7:07 pm

Should be easy to implement, and default would be empty for highest plausible deniability.

Note that most users do not need the most highest plausible deniability, they just need to be sure that no one else can recover deleted files which contain private or company data.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby DavidHB » Sat Mar 19, 2011 7:36 pm

maddes wrote:Note that most users do not need the most highest plausible deniability, they just need to be sure that no one else can recover deleted files which contain private or company data.

Quite so, and the Eraser default methods do provide this assurance. While Eraser is not perfect (what program is?), in all my use and testing I have never encountered a situation in which Eraser has claimed to erase a file and it has subsequently proved to be recoverable.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Sat Mar 19, 2011 7:43 pm

This was not about Eraser, it was about Eraser's users and a note to Joel's comment about plausible deniability.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby maddes » Sun Mar 20, 2011 2:30 pm

TRAC ticket is #391.
Not a member of the Eraser team. - Coder and experienced Windows user. - Eraser FAQ.
maddes
 
Posts: 23
Joined: Mon Jan 24, 2011 11:24 am
Location: Germany

Re: [feature] User-defined prefix for file name obscuration

Postby DavidHB » Sun Mar 20, 2011 10:13 pm

maddes wrote:This was not about Eraser, it was about Eraser's users and a note to Joel's comment about plausible deniability.

Fair enough; I too was making my point to provide more general assurance. Ironically, on the Support Forum, a user has just reported a case where files in a folder that was being erased have not been, and Eraser has generated no error message. That will certainly need looking into.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK


Return to Eraser Programming

Who is online

Users browsing this forum: No registered users and 0 guests