No trace behind

In the spirit of my going dark post, I wanted to continue down the road of some security tools that I have found particularly useful.  In today’s episode, some basics of good disk management.

1.) Delete isn’t really delete

Everyone knows this, to delete a file isn’t to really to delete it.  It can be retrieved using a variety of forensic tools.  The only way to remove said file is to write over it.  Often when the government or private business want to get rid of old disks, the will do exactly that.  So, why not use the tools they would?

Enter Eraser.  This tool uses a variety of signatures to try and overwrite information on your disk.  It’s one of the first things I install on a box.  After install, you can right click on any file and do “Erase” or Secure move.  This will clean up any link files that might incriminate you.  Further, you can empty the whole recycle bin with a right click –> Erase.  This will give you a bunch more options.  Bear in mind that the more stuff you have, the longer it will take to finish.  Some of these methods will overwrite the info 6 times each!

Finally, you can set it up as a task to run every night.  I find this to be the best option.  It goes through all your empty space on the HDD and overwrites it.  It’s easy to setup, and you don’t have to waste your time while it deletes stuff.

This is a good start.

2.) Files remember stuff the ought not to.

When you publish a file to the internets, it usually is attached with some metadata surrounding who created it.  This generally isn’t the sorta stuff you want to share with people.  Things can include: username, computer name, network, printer’s used, etc… stuff that we would generally consider sensitive.  There are settings in various tool creators to remove this, but it’s hard to setup for everyone.

FOCA is a tool I ran into @defcon last year.  This tool will enumerate your files for you and strip out much of that information.  It also has the ability to search websites for files too.  So if you have a public facing site you, you might want to check it with this to verify you aren’t giving away half your network infrastructure in metadata.  I watched them run this against the FBI’s website.  Not a pretty picture.

3.) Encrypt stuff that is private

If you can afford the cost in IO to encrypt your hard drive, you should consider it.  Especially for laptops you travel with.  Do you really think your information is safe just because a person can’t login to the box?  If I take the hard disk out, I wont need to.  Encrypting the whole disk is generally best, but performance is dog slow.  Sometimes a RADICAL drop in performance. 

I don’t encrypt my whole disk.  I do, however, encrypt sections of it that contains private stuff.  This is generally faster and doesn’t effect my normal disk operations unless I need to.  Things like projects, account details, private chats, etc… all stuff that are ripe candidates for an encrypted file system.

There are a few options for this, but I generally use TrueCrypt for this.  It’s free, which is a good start :)  This tool has a few options.  The easiest to do is to setup an encrypted, mountable file.  What this does is create an encrypted file, then mounts it (like your C: drive) to access it.  Once it’s mounted you can dump whatever you want in there. 

You can also encrypt a whole disk, but this is generally frowned upon. It is likely not worth it for you.

Lastly, and as a quick legal disclaimer – I am not advocating support or not of you doing this, you can hide encrypted files inside of other things.  Why would you ever want to do this?  Well, in short if you encrypt something and have a passcode to do it, that passcode is the weakest link.  If the government ever wanted anything on your encrypted filesystem, refusing to give it to them is obstruction.  (or anyone else who means to get in your stuff and do you harm for that matter) So what are your options? How about they just don’t know about it?  Hiding the filesystem is good for the ultra secretive stuff you don’t ever want to share.  If they don’t know, they can’t ask.  I just hope you have a good reason for hiding it.

This isn’t a fully extensive list of things to hide your tracks, but I think it’s some of the basics you should consider.  I may follow up on this later to talk about how the filesystem itself keeps records of things you do.  It’s different by OS type, so it’s hard to write up entirely.  This would be useful if you would prefer that even your OS not keep a record of the things you do.  I am generally not that paranoid.  If I was that concerned, I’d wipe the whole disk. 


Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: