Hi all

This 'Wipe Free Space' option is a bit of a joke, isn't it? Any good intelligence or recovery professional could unencrypt this. I use Kill Disk, which wipes pre-boot, for obvious reasons.

Why was this option even added to the latest versions of CCleaner?

Just out of interest, how would any recovery professional 'unencrypt' overwritten data, and who advertises that they do this? I agree that for the overwhelming majority of the human race this is a waste of time, but people love gadgets and tweaking stuff.

It's not hard, just like trying to hear the sounds of a tape you have recorded over.

Like, one wipe, not secure, two wipes, more secure..etc etc. CCleaner is like a half wipe.. Kill Disk is one , if not the only, secure deletion method. CCleaner is no better than Webroots 'shredder', or heaps of others.

And also, re un-encrytption, you may wish to refer to reported events in the news media, where 'so-called' deletion methods have been 'reversed', and contents shown.

With Mute selected its good to fall asleep with though if the volume is turned up.

Helps to block out the beeping horns, partying neighbors that don't invite you to their party and construction trucks

I was going to insert the one that begins with "a" but I thought better of it.

I prefer the sounds of waves gently breaking at the beach lounging in a chair with a cold beverage on a table beside me.

Please quote where.

A quick flick on Google with 'recover overwritten data' shows nobody is offering this service. To quote one hit, from Sean Barry (Ontrack's Remote Data Recovery Manager), “There is no chance of recovery with overwritten clusters. The bit density on hard disk drives is so great now that when the magnetics are rewritten, the data is gone." Ontrack.com claims to be the world leader in data recovery.

Sure, have a read of this: (LINK)

Reasons for Concern

Widely available disk overwriting software is one of the main reasons why data leaks continue to occur. Many corporate IT departments use these disk overwriting software tools to mitigate potential business risks and legal liabilities but these tools may have significant drawbacks which could compromise an organization's security.

According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process:

* The ability to purge all data or information, including the operating system (OS), from the physical or virtual drives, thereby making it impossible to recover any meaningful data by keyboard or laboratory attack.
* A compatibility with, or capability to run independent of, the OS loaded on the drive.
* A compatibility with, or capability to run independent of, the type of hard drive being sanitized (e.g., Advanced Technology Attachment (ATA)/Integrated Drive Electronics (IDE) or Small Computer System Interface (SCSI) type hard drives).
* A capability to overwrite the entire hard disk drive independent of any Basic Input/Output System (BIOS) or firmware capacity limitation that the system may have.
* A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.
* A method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern

If you are that paranoid why are you using a computer?

Of course, a typical, predictable, yet useless interruption to the conversation.

We were discussing the different wipe methods available, and in particular the usefulness/performance of the CCleaner Wipe Free Space function, but hey, thanks for the input..buddy.

That article discusses shortcomings in the disk wiper's ability to access every area of the disk (bad sectors etc), the bios not reporting the full size of the disk, and problems with raid configurations.

I don't think there's much doubt that, with the right tools and a little work, fragments of data can be retrieved from otherwise inaccessible areas on a disk that the user thought secure. There is a quote somewhere to the effect of "The pagefile is the policeman's friend." However there is no evidence or example of any data - barring a few isolated bits - being recovered after it has been overwritten by anyone anywhere.

I don't how CC's free space wipe works, and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular.

"and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular."

That was a good answer, however, any recovery professional will tell you that a single wipe of free space area is probably quite useless, but as you mention, it seems to be a popular option with CCleaner users, for whatever reason.

* A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.

NOTE: As a mentionable tip, if anyone is interested in wiping out free space or old data prior to selling or throwing out their old PC, or for any reason, I'd suggest this: http://www.killdisk.com/

If we concentrate on just one aspect, where is the evidence that any data has ever been recovered after being overwritten? One wipe will do.

PS Off to the pub now. Expect wit and wisdom when I return.

Hi

I thought you may have found the wit and wisdom at the pub! (Kidding).

Anyway, I came across THIS, which seems to be related to the issue you have raised.

PS Anticipating a rebuttal.

I found that the advice Don't argue with an idiot; people watching may not be able to tell the difference works well and they are of the Ferrous Cranus type of troll:
http://redwing.hutman.net/~mreed/warriorsh...erouscranus.htm

After slumping in front of a Top Gear rerun (the Vietnamese trip - excellent) thers's not much wit and wisdom left now.

The link you posted has nothing to do with whether you can recover overwritten data, but appears to be some misuse or malfunction of Eraser. Indeed the last but one post indicates that overwriting data (by using any method) makes it unrecoverable.

One overwrite of data makes that data unrecoverable. That's all there is to it.

This is complete FUD. Where did you get this info? There is no reputable data recovery company who will claim to be able to recover data that has been overwritten.

The fact that you compare analog audio tapes to a computer HDD, and refer to recovering overwritten data as "unencrypting" it, should be a warning to anyone reading this thread that you have a limited grasp of the technology.

Instead of spreading misinformation, maybe you should concentrate on the more important question - whether or not CCleaner does overwrite all of the data it claims to.

Here are some links for you to think about, John:

http://www.nber.org/sys-admin/overwritten-data-guttman.html
http://www.h-online.com/news/Secure-deleti...-do-it--/112432
http://www.springerlink.com/content/408263ql11460147/
http://16systems.com/zero.php
http://sansforensics.wordpress.com/2009/01...ard-drive-data/
http://www.securityfocus.com/brief/888?ref=rss

john_a, how does the ccleaner DOD & NSA deletion options factor into this thread topic. Does that mean they're no more effective than the normal option? (:/

thank you in advance!

Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable, then any more than one would be superfluous. I guess the DOD etc are just super cautious, or perhaps Mr Gutmann was on board as an advisor.

Err.., sure.



"Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable.."

Where did I say that?

"According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process: -

A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium. "

I guess we'll have to leave it to them to recheck their research, I'm sure there will be an amendment if they come across this thread.

I made that statement, John.

Funnily enough the DoD did check their research, and no version of the manual since 1997 specifies any method of data sanitisation, as they call it. The responsibility for this lies with the Cognizant Security Authority: one of these, The Defense Security Service, provides a Clearing and Sanitization Matrix which does specify methods. In the June 2007 edition of the DSS C&SM (phew!) overwriting is no longer acceptable for sanitisation of magnetic media; only degaussing or physical destruction is acceptable. A problem with disk-wiping is that it can't clean hard drives that have physically failed, presumably why degaussing or physical destruction is specified.

Furthermore in late 2004 the U.S. National Security Agency (NSA Advisory LAA-006-2004) found that a single 'DoD' overwrite instead of the three passes is sufficient to render electronic files unrecoverable.

There is no way on God's earth that a hypothesis is true because an authority, no matter how high, guards against it. It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays', and if it were it is statistically impossible to recover a single error-free byte.

Too much noise, so I appear... LOL

The thingy is simple.

1- Wiping free space is not necessary unless you are giving away your computer as it is (and even so).

2- You should only wipe your entire disk if you are selling it, throwing it away or giving it to someone else.

3- You shouldn’t go to the extremes unless you have threatened somebody you shouldn't have messed with.

I mean, there's no need of wiping the free space of your drive. This can cause a lot of wear and tear and can shorten its lifespan.

If you really want to get rid of your data, just take a hammer and make it dirt.

Anyways, great topic, great posts. Thank you all for the great information.

Data peace.

I'm not going to fire a flame war, Just want to say that if you sell a PC should really do a system factory recovery, as that way the new owner can set up their Personal Computer their way!

I have used the Wipe space on one PC as a test but Windows displayed a low virtual memory error, but that was the first version with Wipe space.

There's a lot in there that needs addressing, but I haven't the time atm. I'll get back with a better reply later tomorrow.

But for one, lets start with this:

"It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays.."

I refer to THIS article, and quote:

"Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover."

So I would presume, if the article is to bare any credence, that recovery is in fact possible.

My apologies again, but I'm a bit pressed for time right now, I'll get back with a more thorough reply shortly.

And here's the full quote:

Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover. Yet, in the most common case, where the drive has been used and written to multiple times, a user can be assured of their privacy by a single pass.

"In many instances, using a MFM (magnetic force microscope) to determine the prior value written to the hard drive was less successful than a simple coin toss."

I'm bemused. I would have used the article in John's link (which is titled 'Single drive wipe protects data, research finds'), and the two links that article refers to, as an indication that data overwritten once cannot be recovered by any means.

To quote guru Gutmann, from a link in John's article,

'On using a Magnetic Force Microscope to recover data from offtrack writes,'

'Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging. OTOH if you're going to use the mid-90s technology that I talked about, low-density MFM or (1,7) RLL, you could do it with the right equipment, but why bother? Others have already done it, and even if you reproduced it, you'd just have done something with technology that hasn't been used for ten years.'

The point stands. Provide any evidence that any data has ever been recovered after being overwritten once, or any company that purports to do this. Although Gutmann says that it has been done on old technology, he cites no examples of it being done for more than a few bits. Where's the oft-quoted missing gaps on the Nixon tapes, technology that's older than Methusela?

"Provide any evidence that any data has ever been recovered after being overwritten once.."

"Gutmann says that it has been done on old technology.."

So obviously it can be done, there's next to nothing written about it, but I would assume newer technology would make the job even easier.

The original point I was making, and stand by, is that a single wipe of free space, as used by CCleaner, achieves next to no security (or purpose), if you so desire it.

Unless my previously mentioned methods of secure deletion are employed, the whole exercise would seem a waste of time, and a
mere gimmick for people who feel the need for this type of data security.

How can you put forward an article entitled 'Single drive wipe protects data' as evidence that it wont?

How can you say that newer technology would make the job even easier when Gutmann says that 'Any modern drive will most likely be a hopeless task'?

How would your 'good intelligence or recovery professional' even start to recover overwritten data?

Why do you say that CC's overwrite 'achieves next to no security' when recovery professionals say that recovery can't be done?

My gosh I was just browsing through this topic and my head hurts. Looks advanced to me. I think for the most part I'm okay with 1 secure wipe thank you.

a 1 pass secure wipe is probably sufficient. Unless your computer contains state secrets then the idea behind using a free space wipe is surely just to add an extra layer of security by deleting files that are "dumped" by Windows into free space. I can't see what a 3 pass or 7 pass could achieve that a 1 pass overwrite couldn't. If it does contain state secrets then I think something a bit more permanent than CCleaner would be used anyway...

That said, I do use the 7 pass secure wipe for secure deletion but I don't know if this method applies only to the normal running of CCleaner (when the Windows and Applications normal operation is ran, such as Internet Explorer, Firefox etc) or whether it also applies to the free space wipe either. I've only ran the free space wipe on CCleaner a very small handful of times anyway, mainly to test it out, and it didn't take that long to run that I had to think about 1 pass, 3 passes or 7 passes.

In all fairness, both sides of this argument are/were correct IF you could ignore time and technology advancement.

Gutmann's original paper indicated that data should be overwritten 35 times to accomplish a safe wipe. However Gutmann has amended that based on how newer hardware stores data, and now says that a simple scrubbing is sufficient for most situations.

So it would appear that john_a's info was correct in the past, but that it is flawed today.

Jim

Good Grief!

Go lookie here: http://forum.piriform.com/index.php?showto...mp;#entry126929

Then just burn the hard drive, pound the ashes with a wooden mallet, and soak'em in battery acid.

As a newbie just looking for a couple of answers, I find this conversation interesting. Anyone note how someone is trying to compare a "free" program to a $60 program? You get what you pay for folks. Personally, I'm happy with CCleaner - it has helped me keep a lot of junk off the HD and keep my PC working fine. Just thought you all should know.

You reckon? So if you won a Ferrari in a competition it would be a worse than if you'd just forked out a hundred grand on one?

I suspect that most of us realize two things:

• A multi-function programme, such as CCleaner, is not as good at cleaning your HD as a dedicated application, such as Eraser.
• A single wipe is not going to give you the best clean.

However, I have a question that I don't think has been discussed here: If I run the Wipe Free option 2 or 3 times a month, will that give me the same protection as using a more advanced cleaner and selecting the "Clean SEVEN times" option?

I have read this forum im a dutch guy but i dont understand what happens when i activate: Wipe Free Space?
can anyone please explain to me? will i lose files or something? or is it like a FORMAT but only for free space?

First, you will not lose any files. Actually, it is a little like the Format utility in Windows, the difference is that it formats only the free space on your hard drive.

Simply speaking, as you use your computer you are adding and deleting files. However, the deleted files are not really deleted, they are marked as "available for use" in the File Allocation Table; this allows other programmes to write fresh data over the old `deleted`data. So, anyone with a little knowledge can recover your "deleted" data.

Wipe Free Space checks your hard drive to find all the free space (some of which will have your "deleted" information) and then it writes random over the top of it. This makes your computer much more secure.

However, the Wipe Free Space included in CCleaner is quite basic, and there are experts who can still recover your data. So programmes, such as Eraser, write over your "deleted" data as much as 35 times making it impossible for anyone to recover--albeit you will hear claims from some who say they know how to do this!

Hope this helps.