Preventing access and moving the file

sajoner

New Member
Hello guys.

I apologize if this thread was not posted in right section of the forum and if this topic has been already somewhere commented.

I have two questions:


1) I was wondering... let's say, there is no Eraser. And you want to prevent someone to get some kind of data. Let's say you have a txt file.

So, would there be any help if you would delete the text in txt file and than delete the file (without Eraser!) just to the Recycle Bin and empty it after?

Similar with let's say images, you would edit them, or sound, you would make the silence etc. to prevent the access.


2) My next question is does moving the files (Ctrl+x) makes the problem, since the file was copied and then deleted by windows explorer (and not Eraser) I suppose?
 
sajoner said:
1) I was wondering... let's say, there is no Eraser. And you want to prevent someone to get some kind of data. Let's say you have a txt file. So, would there be any help if you would delete the text in txt file and than delete the file (without Eraser!) just to the Recycle Bin and empty it after? Similar with let's say images, you would edit them, or sound, you would make the silence etc. to prevent the access.
This would make the data less easy to recover than simply deleting the file, but in many cases the files could be reconstructed by recovery programs. Recovery would be almost certain if you have shadow copies enabled in the drive properties. The only way to put data beyond recovery is to overwrite it (and any shadow copy) completely, and this is what Eraser does.

sajoner said:
2) My next question is does moving the files (Ctrl+x) makes the problem, since the file was copied and then deleted by windows explorer (and not Eraser) I suppose?
No. If you move a file, the data may be left in the previous location (the same applies to disk defragmentation, incidentally). That is why, in the development builds of Eraser 6, a Secure Move command has been implemented; this was also provided in Eraser 5.

David
 
DavidHB said:
sajoner said:
1) I was wondering... let's say, there is no Eraser. And you want to prevent someone to get some kind of data. Let's say you have a txt file. So, would there be any help if you would delete the text in txt file and than delete the file (without Eraser!) just to the Recycle Bin and empty it after? Similar with let's say images, you would edit them, or sound, you would make the silence etc. to prevent the access.
This would make the data less easy to recover than simply deleting the file, but in many cases the files could be reconstructed by recovery programs. Recovery would be almost certain if you have shadow copies enabled in the drive properties. The only way to put data beyond recovery is to overwrite it (and any shadow copy) completely, and this is what Eraser does.

First of all, thank you for all the info. I wanted to check if I have shadow copies enabled by running vssvc.exe file but it didn't start. I suppose it's not enabled by default in XP SP2?

DavidHB said:
sajoner said:
2) My next question is does moving the files (Ctrl+x) makes the problem, since the file was copied and then deleted by windows explorer (and not Eraser) I suppose?
No. If you move a file, the data may be left in the previous location (the same applies to disk defragmentation, incidentally). That is why, in the development builds of Eraser 6, a Secure Move command has been implemented; this was also provided in Eraser 5.

So Eraser handles even the Ctrl+X moves in Explorer? It overwrites the files on primary locations (locations from which the files were moved) and then delete them after Explorer copied the files into the new location??
 
sajoner said:
I wanted to check if I have shadow copies enabled by running vssvc.exe file but it didn't start. I suppose it's not enabled by default in XP SP2?
Check whether you have system restore enabled for the drive(s) in question. Shadow copies is an additional option (with a check box) in System Restore. I can't check for XP just now, but in Vista and Windows 7 it is, I think, enabled by default. Incidentally, my practice is normally to turn off System Restore for all non-system drive - but I do have automatic backups!

sajoner said:
So Eraser handles even the Ctrl+X moves in Explorer? It overwrites the files on primary locations (locations from which the files were moved) and then delete them after Explorer copied the files into the new location??
No; the 'Secure Move' command is quite separate from the Explorer move command (just as the erase commands are sparatefrom the Explorer delete commands), though it can be accessed via the Explorer context menu.

David
 
DavidHB said:
Check whether you have system restore enabled for the drive(s) in question. Shadow copies is an additional option (with a check box) in System Restore. I can't check for XP just now, but in Vista and Windows 7 it is, I think, enabled by default. Incidentally, my practice is normally to turn off System Restore for all non-system drive - but I do have automatic backups!

System Restore was by default ON on all drives. The only checkbox there was to turn on or off System Restore. No Shadow Copies there. So I turned off all except C drive. Would that be enough? What about for the "past", when System Restore was ON, and Eraser was NOT used for deleting / moving? :? How could I solve that (past)?

DavidHB said:
No; the 'Secure Move' command is quite separate from the Explorer move command (just as the erase commands are sparatefrom the Explorer delete commands), though it can be accessed via the Explorer context menu.

I just can't find the Secure Move command. Can you please tell me where to find it and how to use it?
 
sajoner said:
System Restore was by default ON on all drives. The only checkbox there was to turn on or off System Restore. No Shadow Copies there. So I turned off all except C drive. Would that be enough?
I discover that shadow copies are not enabled by default in XP; apparently, you need to have the VSS addon installed. In the Eraser context, that's one less thing for you to worry about. Your configuration is the one I use, not least because it makes things easier for Eraser on the non-system drives. I also try to keep all confidential data on non system drives (for example, I have moved my documents folders to Drive E:) for similar reasons.

sajoner said:
What about for the "past", when System Restore was ON, and Eraser was NOT used for deleting / moving? :? How could I solve that (past)?
Erase the free space on the drive(s) in question; the Restore Points (but not the System Restore folder) should have been deleted when you turned System Restore off; this will generate a warning in the Eraser Task Log. You might find it advantageous to defragment the drive(s) first. The whole job is quite lengthy, but you don't need to do it all that often

sajoner said:
I just can't find the Secure Move command. Can you please tell me where to find it and how to use it?
It's only in the 6.1 builds; I am currently using 2241 without significant problems. The option exists in the context menu, and also in the add/edit task dialog in the Schedule.

David
 
DavidHB said:
I discover that shadow copies are not enabled by default in XP; apparently, you need to have the VSS addon installed. In the Eraser context, that's one less thing for you to worry about. Your configuration is the one I use, not least because it makes things easier for Eraser on the non-system drives. I also try to keep all confidential data on non system drives (for example, I have moved my documents folders to Drive E:) for similar reasons.

Good. I have my documents on non system drives as well.

DavidHB said:
sajoner said:
What about for the "past", when System Restore was ON, and Eraser was NOT used for deleting / moving? :? How could I solve that (past)?
Erase the free space on the drive(s) in question; the Restore Points (but not the System Restore folder) should have been deleted when you turned System Restore off; this will generate a warning in the Eraser Task Log. You might find it advantageous to defragment the drive(s) first. The whole job is quite lengthy, but you don't need to do it all that often

So the only thing I can do is to defragment the drives. Correct?


DavidHB said:
It's only in the 6.1 builds; I am currently using 2241 without significant problems. The option exists in the context menu, and also in the add/edit task dialog in the Schedule.

OK thanks!!!! I was thinking as an alternative to Move oparation I could copy the file into the new location and then delete it on the primary location with Eraser.
 
sajoner said:
So the only thing I can do is to defragment the drives. Correct?
No; the important thing to do is to erase the free space on the drive, so that all previously deleted items are overwritten.

If the drive has not recently been defragmented, doing this helps the erasing process by giving Eraser more contiguous free space to work with. Arguably, it also slightly improves security; as the unused entries in the MFT are cleared at the end of the free space erase, defragmenting before erasing may make it a bit more difficult for any opponent to discover the original location of a target file. That said, current thinking is that even the default single pass erase of free space makes data unrecoverable, except possibly by an exceptionally capable and well resourced opponent - the sort of opponent with which ordinary law-abiding users will not have to deal.

David
 
Back
Top