locked
Windows leaks deleted sensitive files. How to erase ? RRS feed

  • Question

  • Good afternoon ladies and gentlemen,

    I am using an encryption program to encrypt a few sensitive files (like Quicken and Turbotax).  Someone brought to my attention that Windows Vista can leave traces or copies of these files lying around in different places, even after emptying the recycle bin.

    Is there a website (preferable) or book that talks about where Windows Vista can leave traces or copies of these files, and how to delete them ?

    Note that I am familiar with Powershell and have written a few scripts with it.  I could write a WMI or COM script to clean things up.  I just need to know where to look and how to gracefully and properly delete them.

    I don't need volume encryption, since it is just a few files.

    One of those places that I managed to find was "C:\users\<username>\.thumbnails\normal" keeps copies of thumbnail images (including large thumbnails) of certain types of files.

    Thanks for your time and information,

    Peter


    • Edited by Bagassa Friday, December 9, 2011 4:44 PM
    Thursday, December 8, 2011 4:15 PM

Answers

  • First, I suggest contacting with the encryption program support to check if there are any trace left in the computer in your scenario.

     

    Also, as this issue related with the scripts, it is recommended to submit your question on The Official Scripting Guys Forum.

     

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.


    Sabrina

    TechNet Community Support

    • Marked as answer by Sabrina Shen Friday, December 16, 2011 6:20 AM
    Tuesday, December 13, 2011 7:49 AM
  • It depends on how it is overwriting the files. If it merely saves it under
    the same name the data will remain on disk until another file uses the space
    and accessible with a disk editor.
    See http://www.google.com.au/search?q=disk+editor
     
    Also the data in memory when you open your file can be written to the swap
    file. You can configure Windows to zero the swap on shutdown. This is under
    Local Policies\Security Options in Local Security Policy (in Administrative
    Tools). This will make shutdown take longer.
     
    --
    ..
    --
    "Bagassa" wrote in message news:3186035f-196d-4b2a-be8a-e8b38809bf54...
    >I forgot to clarify one thing ...
    >
    > The encryption program overwrites the original files with the encrypted
    > version. There are no files for "Eraser" to delete; the encryption
    > program already deletes the files.
    >
    > I originally thought that this would "leave no trace", but a couple of
    > experts told me that it does not.
    >
    > One suggested that I encrypt the entire drive because of the traces that
    > windows leaves lying around. But that takes too long, and it gets in the
    > way of a few real-time programs. I only need to encrypt a few files. I
    > was wondering whether or not I could "clean up the traces" from a
    > powershell script, hence the above post.
    >
    > Thanks,
    >
    > Peter
    >
    >
    >
    >
     
     
    • Marked as answer by Sabrina Shen Friday, December 16, 2011 6:20 AM
    Tuesday, December 13, 2011 8:51 AM

All replies

  • Friday, December 9, 2011 6:11 AM
    Moderator
  • I forgot to clarify one thing ...

    The encryption program overwrites the original files with the encrypted version.  There are no files for "Eraser" to delete; the encryption program already deletes the files.

    I originally thought that this would "leave no trace", but a couple of experts told me that it does not.

    One suggested that I encrypt the entire drive because of the traces that windows leaves lying around.  But that takes too long, and it gets in the way of a few real-time programs.  I only need to encrypt a few files.  I was wondering whether or not I could "clean up the traces" from a powershell script, hence the above post.

    Thanks,

    Peter

     


    • Edited by Bagassa Friday, December 9, 2011 7:26 PM
    Friday, December 9, 2011 7:20 PM
  • First, I suggest contacting with the encryption program support to check if there are any trace left in the computer in your scenario.

     

    Also, as this issue related with the scripts, it is recommended to submit your question on The Official Scripting Guys Forum.

     

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.


    Sabrina

    TechNet Community Support

    • Marked as answer by Sabrina Shen Friday, December 16, 2011 6:20 AM
    Tuesday, December 13, 2011 7:49 AM
  • It depends on how it is overwriting the files. If it merely saves it under
    the same name the data will remain on disk until another file uses the space
    and accessible with a disk editor.
    See http://www.google.com.au/search?q=disk+editor
     
    Also the data in memory when you open your file can be written to the swap
    file. You can configure Windows to zero the swap on shutdown. This is under
    Local Policies\Security Options in Local Security Policy (in Administrative
    Tools). This will make shutdown take longer.
     
    --
    ..
    --
    "Bagassa" wrote in message news:3186035f-196d-4b2a-be8a-e8b38809bf54...
    >I forgot to clarify one thing ...
    >
    > The encryption program overwrites the original files with the encrypted
    > version. There are no files for "Eraser" to delete; the encryption
    > program already deletes the files.
    >
    > I originally thought that this would "leave no trace", but a couple of
    > experts told me that it does not.
    >
    > One suggested that I encrypt the entire drive because of the traces that
    > windows leaves lying around. But that takes too long, and it gets in the
    > way of a few real-time programs. I only need to encrypt a few files. I
    > was wondering whether or not I could "clean up the traces" from a
    > powershell script, hence the above post.
    >
    > Thanks,
    >
    > Peter
    >
    >
    >
    >
     
     
    • Marked as answer by Sabrina Shen Friday, December 16, 2011 6:20 AM
    Tuesday, December 13, 2011 8:51 AM
  • Okay, I will post to the "Scripting Guys Forum"

    I just thought this was more a windows file security question than a scripting question.

    Contacting the encryption program support is a good point; I did not think of that.

    • Edited by Bagassa Friday, December 16, 2011 4:11 PM
    Friday, December 16, 2011 4:08 PM
  • Thanks David, I will check these these two things.
    Friday, December 16, 2011 4:09 PM