Thanks for your reply.
The idea of this feature is to mask the erasing process from analysis.
Ahh I see, that’s a good idea.
As Eraser is installed on the host computer ( and obvious to an investigator that our protagonist uses Eraser ) I assume this would only work when erasing data on a separate external drive ? My first concern is I don’t understand how a DLL would be written to an external drive / flash drive / floppy etc under normal circumstances and so does it offer any realistic deniability?
I really like the idea of this feature but I think there are a couple of things that might improve it, all in my humble opinion and I admit I am no expert !
Simply having Eraser installed on a computer gives away the plot. I like the idea of portable Eraser and this would greatly assist in the stealth aspect as long as Eraser didn’t leave any tracks that is !
Even if the above could or couldn’t be achieved then my second suggestion would be to allow the user to select a folder for the final (plausible deniability) pass. The user could pre prepare their own final pass documents. This could be filled with MP3’s, Mpeg’s or even word documents etc. I believe this may be more believable to an investigator to find remnants of these files on a flash drive say rather than a DLL.
As it is I personally like to use the random pass. I believe this gives me a rather good plausible deniability as I can simply say that before I loaded my OS I wiped the drive with DBAN. I must stress at this point that DBAN does a final zero pass so you must say that you stopped it during the process. I can then say the random data found on the disk has simply not been written to yet. I realise that in some cases this may not be believable but it is pretty good for my needs. I hope Eraser will one day be able to wipe an external drive “physically” and completely like WinHex and leave random data there. This would also be a great help to Truecrypt users.
I suppose a zero pass for external usb flash drives and floppies etc would be good as the “I haven’t used that space yet” argument could be used.
Another point I think that needs to be considered is that inexperienced users may think that Eraser isn’t working because they are able to recover data (the copied DLL) from an erased drive. We may start to get a whole load of people claiming they are able to recover data even after Eraser has wiped a file and God knows there are enough of these claims as it is !!! With this in mind would it be a good idea to make this feature disabled by default ? Then only people who enable it will find DLL or file remnants on their wiped drives and hopefully they will understand why.
I have just written these ideas down quickly before I forgot them (ha ha) and I admit I haven’t thought this through properly just yet. I would be very interested in this feature being developed if you are also interested in it and think it is a worthwhile addition to Eraser.
Anyway thank you very much for considering to make the present DLL final pass optional !