I just used Eraser then fired up an old version of Encase, granted it did wipe about 2/3 of the information there was still a lot that was retrievable. I know Encase is the mother of all forensic tools, but what's the point of trusting a "file shredder" program if it fails against any software.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Eraser Fails Against Encase
- Thread starter nim6us
- Start date
Eraser almost certainly did not 'fail', in the sense that, if it completed the task you set it, that task will have been completed as specified. I would need to know a lot more about the particular sequence of events in your case to be more specific, but Eraser can only work on (1) file data that is actually available for deletion or (2) space that Windows has actually marked as free. There may be other locations, not directly accessible to Eraser, in which sensitive data resides.
It is now well documented, on this forum and elsewhere, that Windows keeps copies of deleted (whole or part) files in Restore Points and other protected locations within the file system. Any half decent file recovery program (I use Recuva) 'knows' about these locations and can find data in them. These locations can be dealt with in various ways (I use a combination of Eraser, CCleaner, and Recuva, which also has an erasing function), but you need to do this explicitly, and it seems from your description that you did not do so.
David
It is now well documented, on this forum and elsewhere, that Windows keeps copies of deleted (whole or part) files in Restore Points and other protected locations within the file system. Any half decent file recovery program (I use Recuva) 'knows' about these locations and can find data in them. These locations can be dealt with in various ways (I use a combination of Eraser, CCleaner, and Recuva, which also has an erasing function), but you need to do this explicitly, and it seems from your description that you did not do so.
David
ForensicsGuy
New Member
nim6us said:I just used Eraser then fired up an old version of Encase, granted it did wipe about 2/3 of the information there was still a lot that was retrievable. I know Encase is the mother of all forensic tools, but what's the point of trusting a "file shredder" program if it fails against any software.
I'm working on some test cases for Eraser and Encase is one of my tools. Can you provide some information on the issue you found including the OS, file system, and whether the data was found in the deleted file space or somewhere else?