Eraser 5.84 - Vista Release 28-July-2007

Eraser updates will be posted to this forum.

Moderators: Eraser DevTeam, Eraser Moderators

Eraser 5.84 - Vista Release 28-July-2007

Postby garrett01 » Wed Aug 08, 2007 7:15 pm

What has changed:
Installer and Exe's digitally signed for Vista
Help system conversion to chm (contents and context help)
After the final erase pass Eraser now overwrites the erased
file with a random exe/dll from your OS.
Standby feature in scheduler
Wildcard support (c:\*\dir\...) in scheduler
User interface enhancements
Memory stick support - if it detects, then use an ini file instead of registry

Download from Sourceforge or here:

http://www.heidi.ie/download/eraser/eraserSetup584x32.exe
http://www.heidi.ie/download/eraser/eraserSetup584x64.exe

Garrett
garrett01
 
Posts: 983
Joined: Tue Dec 31, 2002 4:06 pm
Location: Ireland

Re: Eraser 5.84 - Vista Release 28-July-2007

Postby jackjack » Tue Aug 14, 2007 1:46 pm

admin wrote:After the final erase pass Eraser now overwrites the erased
file with a random exe/dll from your OS.


Is there a way to disable this feature? Can never be too sure what random exe that is being used contains...
jackjack
 
Posts: 295
Joined: Tue May 16, 2006 11:58 am

Postby Overwriter » Sat Sep 22, 2007 10:29 am

Hi Garrett :)

After the final erase pass Eraser now overwrites the erased file with a random exe/dll from your OS.


Can I ask what this feature is for please ?

Also I would like for this to be optional if possible. I like the idea of simply having random data in my free space as it helps plausible deniability when using encryption.

Also I think some users “testing” Eraser may believe they have recovered data after using Eraser because they can find DLL’s !

Thanks.
User avatar
Overwriter
Eraser DevTeam
 
Posts: 1068
Joined: Wed Nov 15, 2006 4:48 pm

Postby garrett01 » Sat Sep 22, 2007 11:09 am

The idea of this feature is to mask the erasing process from analysis.

Having it optional is a feature for the next release then :)

Garrett
garrett01
 
Posts: 983
Joined: Tue Dec 31, 2002 4:06 pm
Location: Ireland

Postby Overwriter » Sat Sep 22, 2007 1:03 pm

Hi Garrett, :D

Thanks for your reply.

The idea of this feature is to mask the erasing process from analysis.


Ahh I see, that’s a good idea.

As Eraser is installed on the host computer ( and obvious to an investigator that our protagonist uses Eraser ) I assume this would only work when erasing data on a separate external drive ? My first concern is I don’t understand how a DLL would be written to an external drive / flash drive / floppy etc under normal circumstances and so does it offer any realistic deniability?

I really like the idea of this feature but I think there are a couple of things that might improve it, all in my humble opinion and I admit I am no expert !

Simply having Eraser installed on a computer gives away the plot. I like the idea of portable Eraser and this would greatly assist in the stealth aspect as long as Eraser didn’t leave any tracks that is !

Even if the above could or couldn’t be achieved then my second suggestion would be to allow the user to select a folder for the final (plausible deniability) pass. The user could pre prepare their own final pass documents. This could be filled with MP3’s, Mpeg’s or even word documents etc. I believe this may be more believable to an investigator to find remnants of these files on a flash drive say rather than a DLL.

As it is I personally like to use the random pass. I believe this gives me a rather good plausible deniability as I can simply say that before I loaded my OS I wiped the drive with DBAN. I must stress at this point that DBAN does a final zero pass so you must say that you stopped it during the process. I can then say the random data found on the disk has simply not been written to yet. I realise that in some cases this may not be believable but it is pretty good for my needs. I hope Eraser will one day be able to wipe an external drive “physically” and completely like WinHex and leave random data there. This would also be a great help to Truecrypt users.

I suppose a zero pass for external usb flash drives and floppies etc would be good as the “I haven’t used that space yet” argument could be used.

Another point I think that needs to be considered is that inexperienced users may think that Eraser isn’t working because they are able to recover data (the copied DLL) from an erased drive. We may start to get a whole load of people claiming they are able to recover data even after Eraser has wiped a file and God knows there are enough of these claims as it is !!! With this in mind would it be a good idea to make this feature disabled by default ? Then only people who enable it will find DLL or file remnants on their wiped drives and hopefully they will understand why.

I have just written these ideas down quickly before I forgot them (ha ha) and I admit I haven’t thought this through properly just yet. I would be very interested in this feature being developed if you are also interested in it and think it is a worthwhile addition to Eraser.

Anyway thank you very much for considering to make the present DLL final pass optional !

Thanks.
User avatar
Overwriter
Eraser DevTeam
 
Posts: 1068
Joined: Wed Nov 15, 2006 4:48 pm

Postby jackjack » Wed Oct 03, 2007 6:33 pm

admin wrote:Having it optional is a feature for the next release then :)


Thank you for this... :)
jackjack
 
Posts: 295
Joined: Tue May 16, 2006 11:58 am


Return to Eraser Update Alerts

Who is online

Users browsing this forum: No registered users and 0 guests