Is data stored anywhere but on the hard drive of a computer?

[durundal]

For anyone who might know, I am wondering if data is stored anywhere but on the hard drive of a computer and how much data is stored there. Does eraser have the capabilities of reaching this data, if so how do i use it?

Does anyone have links to information on how and where such data is stored and how to access it and delete it with programs bootable from a floppy or cd (there is no hard drive in my computer)?

 

[jackjack]

Data can also be sorted in RAM temporarily. As it is volatile rebooting your PC will clear it. But note that as long as your machine is running Ram can store information such as passwords to programs

 

[durundal]

Data can also be sorted in RAM temporarily. As it is volatile rebooting your PC will clear it. But note that as long as your machine is running Ram can store information such as passwords to programs

Is that the only place it is stored? I have heard that it is also stored in the "CPU cache" and some other places. Would these also be cleared when the computer is shut off?

 

[Glenn]

Aside from media (harddrive, CD, DVD, floppy, etc.) data can be in:

Volatile memory (RAM, various hardware caches) which loses data on shutdown. Supposedly they can dismantle the chip, acid etch the memory strata and read it bit-by-bit, but let's be realistic ...

Non-volatile memory (EPROMs, etc.) retains data but usually the boring stuff such as BIOS, device firmware, etc. USB flash drives are a special case (see the Sticky: Erasing USB key Drives) and decide for yourself.

 

[jackjack]

Just heard an interesting anecdote while listening to a Jesse Kornblum interview on Cyberspeak. The interview was about recovering data from ram in which they were able to extract binaries of apps that were run and once extracted they ran like to original. Interestingly they mentioned that when checking ram right after a machine was rebooted they were able to see parts of data from prior to the reboot.


Any one want feel like porting THC's secure memory wiping tool (part of THC-SecureDelete)to windows ;-)

 

[spy1]

Interesting podcast (thanks).

When you say that the THC SecureDelete program would need to be "ported" - does that mean that it doesn't run on Windows?

Also, I'm just a touch leery of trusting a d/l from an outright hacker site like that. Pete

 

[Carver]

I'm just a touch leery of trusting a d/l from an outright hacker site like that. Pete

Just visting the site could give you a trojan dropper or something.

 

[jackjack]

Spy1, yes it is a Unix only tool at the moment. It basically allows you to securely delete files as well as securely wipe RAM, swap and free disk space.

THC are a well respected Security/Hacker research group, I think you may be confusing the term hacker that they use with the general FUD that the media give the term.

All there programs are open source so if in doubt you can inspect it to ensure that it does what it really says on the tin.

Just visting the site could give you a trojan dropper or something.

Carver, in all fairness, that's just spreading FUD

 

[Carver]

Just visting the site could give you a trojan dropper or something.

Carver, in all fairness, that's just spreading FUD[/quote]

I had a trojan dropper in my temp file and several in my browser cashe and picked up several Java parisites from just surfing.

 

[garrett01]

Interesting thread. On a PC it might be possible to wipe the ram on shutdown by allocating a memory block big enough to force page file swapping.

This might have the added benefit of wiping the disk cahe as well.

Garrett

 

[jackjack]

An interesting blog entry (or 3) about binary reconstruction

http://computer.forensikblog.de/en/2006 ... inary.html
http://computer.forensikblog.de/en/2006 ... ary_2.html
http://computer.forensikblog.de/en/2006 ... ary_3.html

note: site is 100% safe

 

[barticula]

Try BCWipe

There's software called BCWipe that will destroy the data on a hard drive. It meets U.S. DoD guidelines, so it should do the trick. Won't do anything about RAM, though.

Bart

 

[durundal]

Spy1, yes it is a Unix only tool at the moment. It basically allows you to securely delete files as well as securely wipe RAM, swap and free disk space.

Well, I don't have windows on my computer as my computer can no longer read the hard drives I put into it, but I do have a linux boot cd, do you think that THC secure delete could securly delete my ram from this without causing the OS to crash (it loads from RAM)?

I really don't know much about computers.

Non-volatile memory (EPROMs, etc.) retains data but usually the boring stuff such as BIOS, device firmware, etc.

I'm just curious as to what you mean by "usually"? You seem to know a lot more then me, would you happen to know how someone would go about accessing this data?

 

[spy1]

That's way over my head, sorry - but probably, someone else here will know. Pete

 

[Glenn]

I probably should have said "mostly" rather than "usually".

BIOS and firmware for CD/DVD burners, printers, access point/routers, etc. is often stored in non-volatile memory. Since that kind of stuff is virtually the same for every unit made of a particular make/model, it's harmless from a privacy/security standpoint.

Some devices, however, log activity. Most of this is harmless, e.g., a printer may record the number of copies since last toner replacement, a router may record time/volume of network traffic.

It depends on what kind of data is of concern.

 

[Ingo]

Supposedly they can dismantle the chip, acid etch the memory strata and read it bit-by-bit, but let's be realistic ...

Why is this possible?
Is this also possible after the machine has been switched off for a certain time?

Interestingly they mentioned that when checking ram right after a machine was rebooted they were able to see parts of data from prior to the reboot.

Is this also possible after the machine was switched off?

 

[Glenn]

Read Gutmann's paper at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html