filename remains after wiping??

  • Thread starter Thread starter Anonymous
  • Start date Start date
A

Anonymous

Guest
I may have missed this on this forum:

I have spent many hours on this and other security forums to learn about the various file wiping tools and or methods. I was playing around with a trial version of Cyberscrub 3.5 and Eraser and made a custom wipe with 12 passes that alternates ISSAC byte and characters up to 255 per wipe.

I found this Directory Snoop tool and started explore its options. I read that by using a filter for ONLY deleted files and uncheck "none" on NameSpace setting it would show all the deleted files in red. That is exactly with it did they all showed up in red. I selected all of the red files and used the purge feature. All the red deleted files were purged except for the ones that are currently in use. Now I have a bunch of place-holders that say "none" with 0kb. I cannot figure out how to make those go away and be gone once and for all so they show NO traces of a file deleted?

It is discouraging to use a free or purchased product to see later on that the files although securely deleted still show up using Directory Snoop. Are these just ghost filenames? Afterall the snoop program is software and many companies boast they can prevent software and hardware recovery.

I did an experiement:

1) created a txt file with just a single repeated letter.
2) saved to a new folder with the filename test.txt
3) deleted with both wiping programs
4) ran Directory Snoop with above filters
5) saw the new folder and file with RED deleted status.
6) the filename was XCHDUTEK.HDH
7) then I selected and purged that file
8) now it says none and 0kb.

Why do these secure wiping even leave ghost traces of these files?

Thanks
 
I cannot figure out how to make those go away
Click to expand...
Run defrag.

Why do these secure wiping even leave ghost traces of these files?
Click to expand...
Because nobody thought about security when they wrote the operating system, so it's a tad difficult for an outsider to completely fix it?
 
Tried your suggestion

I wiped the files then ran Directory Snoop with the above mentioned filters once again I saw all the deleted files in RED. I highlighted all of them and purged. I was left with a bunch of "none" and 0kb.

I then ran defrag as you suggested.

I checked the Diriectory Snoop again and all the file ghosts were still there. Your suggestion did not work.
 
Update

Here is an update after I contacted the programmer that made directory snoop:

> How do you remove "none" status so the file does not look like it was
> deleted?

Those are empty slots in the Master File Table. You can't delete
them but eventually Windows will fill those slots as new files are
created.

> Why do these secure wiping even leave ghost traces of these files?

Windows does not include any API functions to purge file names. Some
programs make a crude attempt at it by creating a bunch of temporary
files in hopes of overwriting the old ones. Directory Snoop works
because it bypasses the O/S completely and does direct cluster writes.
 
I then ran defrag as you suggested.
Click to expand...

Using the defrag method to remove deleted filenames only works on FAT drives, I believe. The only way I know to remove filenames from NTFS drives is Directory Snoop; I haven't found anything else that actually clears the MFT entry of ALL INFORMATION, including the random hash that Eraser uses to obscure the real filename.
 
You must log in or register to reply here.
Back
Top