• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Evidence eliminator and such programs

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
Guest







PostPosted: Thu Sep 08, 2005 4:09 pm    Post subject: Evidence eliminator and such programs Reply with quote

Hi!

What's the best program of all those aps who claim to remove all evidence of files/activities?

Do they work even against the best forensic methods?

Love, Andy
Back to top
sam.spade
Just Arrived
Just Arrived


Joined: 03 Sep 2005
Posts: 0


Offline

PostPosted: Thu Sep 08, 2005 4:36 pm    Post subject: Reply with quote

http://ee-sucks.tripod.com/ee-lies.html

There's a bunch of sites, you can search google yourself for more. Basically, Evidence Eliminator is a giant scam.

As for wiping data, I'd suggest Eraser.
Back to top
View user's profile Send private message
MarYo
Just Arrived
Just Arrived


Joined: 12 Aug 2004
Posts: 0


Offline

PostPosted: Thu Sep 08, 2005 7:33 pm    Post subject: Reply with quote

I agree to stay away from Evidence Eliminator.

I suggest the following products:

- CCLEANER www.ccleaner.com - Effective, reliable, free but without secure file delete/shredding. Crying or Very sad

- CleanUp www.stevengould.org/software/cleanup/download.html - Just discovered, it feature secure file delete, free, never tested.

- PrivacyEraser www.privacyeraser.com - Commercial, with lot's of feature. At the moment I don't know about a free software that match it.

I'm also interested in other user opinion.
Back to top
View user's profile Send private message
TCM
Just Arrived
Just Arrived


Joined: 08 Sep 2004
Posts: 0


Offline

PostPosted: Fri Sep 09, 2005 5:36 pm    Post subject: Reply with quote

Has anyone uses SDelete from Sysinternals. I tried it couples with Restoration and although all of the file names were still intact (like SDelete's readme says) I couldn't actually recover any of the information. And you can also select the number of passes for SDelete. 40 works like a charm.
Back to top
View user's profile Send private message
MarYo
Just Arrived
Just Arrived


Joined: 12 Aug 2004
Posts: 0


Offline

PostPosted: Fri Sep 09, 2005 7:56 pm    Post subject: Reply with quote

For secure file delete IMHO the best freeware is Eraser
http://www.heidi.ie/eraser/

Fast and safe, nothing to except
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Fri Sep 09, 2005 9:07 pm    Post subject: Reply with quote

hang on - was this thread started by the_psycho, or our own ThePsyko? or just a psycho? I'm confused (a very tiny bit) Confused
Back to top
View user's profile Send private message Visit poster's website
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Fri Sep 09, 2005 9:33 pm    Post subject: Reply with quote

Wasn't me. Smile
Back to top
View user's profile Send private message Send e-mail
comrade
Just Arrived
Just Arrived


Joined: 15 Feb 2005
Posts: 0


Offline

PostPosted: Sun Sep 25, 2005 12:36 pm    Post subject: Reply with quote

Use a livecd and store anything that sensitive in RAM.

Secure deletion through software methods on modern hard drives is risky at best.
Back to top
View user's profile Send private message
OddOne
Trusted SF Member
Trusted SF Member


Joined: 24 May 2004
Posts: 0


Offline

PostPosted: Fri Nov 04, 2005 9:27 pm    Post subject: Reply with quote

FYI: I write data destruction software.

First off, Evidence Eliminator is a joke. HIDEOUSLY overpriced for what it does, and if your serial number is compromised it PRETENDS to destroy data without actually doing so (and the author's documentation even brags about this).

Second, Sami Tolvanen's Eraser is the best freeware destruction app out there.

Third, data destruction software CAN prove useful for sensitive info up to the level where governments and militaries are involved. Certainly there are tough enough products to thwart anything shy of a nation's security apparatus going after the data, and I've personally tested (and written) apps that thwart software-level recovery, including forensics software used by law enforcement.


The "big three" commercial tools from my tests are CyberScrub 3.5, EastTec's Eraser 2005, and Terminus 6. These actually do comply with current U.S. military recommendations and do appear to perform the types and natures of overwrites they advertise.

Of course, if your data is really sensitive it shouldn't be stored on a drive.

oO
Back to top
View user's profile Send private message
MarYo
Just Arrived
Just Arrived


Joined: 12 Aug 2004
Posts: 0


Offline

PostPosted: Sat Nov 05, 2005 6:20 am    Post subject: Reply with quote

Never heard of Terminus 6. It show impressive features!
Back to top
View user's profile Send private message
namidua
Just Arrived
Just Arrived


Joined: 23 Sep 2005
Posts: 0


Offline

PostPosted: Sat Aug 19, 2006 9:12 am    Post subject: Reply with quote

sam.spade wrote:
http://ee-sucks.tripod.com/ee-lies.html

There's a bunch of sites, you can search google yourself for more. Basically, Evidence Eliminator is a giant scam.

As for wiping data, I'd suggest Eraser.


I'll bump this! I just used it today and am THRILLED!!!

I am buying it for sure, gotta support the programmers. Try the 30 day eval, you won't be dissapointed. you have lots of oprions as to what to over-write. I have a drive that was a raptor 74gb FULL. I started out with the Gruthman (sp?) 35 Pass, but that would have taken a day, I dropped it down to DoD (department of Defense) grade of 7 passes. Worked awesome.

I had erased everything from my XP pro on theat drive using Shft + del, then YES. So it skips the recycle bin. I ran 4 differnet recovery programs and they found 99% of the files. the names weren't totally right, but the info inside was.

I ran Eraser (7 wipes)and then I tried to run the other 4 recovery programs, and they took 10x longer than before. 2 days straight of them running and they just pulled upp some INI files of my pagesys file that I have since disabled and Erased..

TRY it outit is easy!!
Back to top
View user's profile Send private message
namidua
Just Arrived
Just Arrived


Joined: 23 Sep 2005
Posts: 0


Offline

PostPosted: Sat Aug 19, 2006 9:16 am    Post subject: Reply with quote

Here is a GREAT one. Open source and can do 100 disks at a time!! It is called Darik's Boot and Nuke or DBAN. It is available at http://dban.sourcefogre.net.

It only is good for boot and wiping ALL disks attached to the PC (iDE and SCSI) not firewire or USB..

It cna be run from CD/DVD or floppy or USB drive.

It's free
Back to top
View user's profile Send private message
namidua
Just Arrived
Just Arrived


Joined: 23 Sep 2005
Posts: 0


Offline

PostPosted: Sat Aug 19, 2006 9:18 am    Post subject: Reply with quote

MarYo wrote:
I agree to stay away from Evidence Eliminator.


I agree with this 100%. They gave LE the software to recover all data that was "destroyed" from EE. I know this for a FACT, but can't say how...

Also, Acronis isn't the best either, they are in big brother's pocket too, to some extent
Back to top
View user's profile Send private message
Sam Miller
Just Arrived
Just Arrived


Joined: 19 Dec 2006
Posts: 0


Offline

PostPosted: Wed Dec 20, 2006 12:39 am    Post subject: Re: Evidence eliminator and such programs Reply with quote

I must say and I know a little about this as my previous day job was to do security audits... well, it's really hard to keep your data secure. Well, actually find shredders do their job, BUT:
1) They wipe only files that you send to them
2) They cannot get inside cache files or swap files as they are actually not deleted;
3) They cannot wipe files they don't know about, for instance temporary files created by MS Word

Finally, wiping free space once a week or one a day will not do a trick as .. files are changed more often and there will be a lot of data that is still available for recovering.

How can you make your files a little bit more secure?

1) Consider using background mode file shredder, these tools catch all deleted files, not just you see in Recycle been.
2) Consider putting your secret files at encrypted disk (TrueCrypt is freeware, PGP is also good).
3) Don't give your files clear names, I mean it's better to name something like "Doc1" than "MyTopSecrets".

This will be enough to keep your business in secure way.
P.S.
An off course, clear sometime your history in IE or Mozilla.


Anonymous wrote:
Hi!

What's the best program of all those aps who claim to remove all evidence of files/activities?

Do they work even against the best forensic methods?

Love, Andy
Back to top
View user's profile Send private message Visit poster's website
bknows
Just Arrived
Just Arrived


Joined: 11 Jul 2003
Posts: 5


Offline

PostPosted: Mon Jan 01, 2007 7:10 am    Post subject: Reply with quote

Quote:
For secure file delete IMHO the best freeware is Eraser
http://www.heidi.ie/eraser/


Yes, it is good software, but make sure you go to Options and up the # of wipes. It defaults to only 7 passes.

Also, Tolvanen is now "Heidi"
Back to top
View user's profile Send private message
sargeantdave919
Just Arrived
Just Arrived


Joined: 11 Feb 2007
Posts: 0


Offline

PostPosted: Mon Feb 12, 2007 12:13 am    Post subject: Reply with quote

Just thought i would share sum info i know about Evidence eliminator.

i used to help with forensic work with one of the uks leading computer forensic analysts (not gonna name names)who has done many major cases from child porn to fraud.he is one of the main men for the police to call in on important cases.
I worked with him in his lab (has one amazing setup)on several cases as a observer.i learnt alot of things about this field but one thing i do remember asking him is what if any could beat him when it came to data recovery and he said the only peice of software that if used properly could stump him is evidence eliminator.

ive seen there web site and how gimiky it looks and all the bad press about it but this guy is one of the best in his feild in europe and the main case i was working on fell through down to the fact a unnamed kid hacker had used EE regularly and so he was unable to get any tangable evidence.

dont get me wrong, almost every thing i read about it says nothing but bad things, but ive seen first had how it stumps UK law forensic people and i dont care what is said about it because i know it works and wouldnt use anything else.

Just thought id share that with you
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register