Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Notepad


  • Please log in to reply
12 replies to this topic

#1 swingarm

swingarm

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Colorado
  • Local time:09:41 AM

Posted 02 August 2015 - 10:41 PM

Lately I've become concerned with security and privacy.  When I use Windows Notepad to create/edit/view a file then later delete it what evidence about it is left behind?  I'm using Windows 10.



BC AdBot (Login to Remove)

 


#2 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:12:41 PM

Posted 03 August 2015 - 01:17 PM

Nothing is ever totally deleted when right clicking and then clicking "delete" on a file. This is why there is dedicated computer forensics departments at large companies, FBI, CIA, etc, etc.

 

One can retrieve just about anything via computer forensics if you have the right tools and knowledge of how to do so. There are ways to completely wipe drives, but even those methods aren't totally safe. A lot of times data can still be retrieved (all though it does take considerably longer to do so).


Edited by DeimosChaos, 03 August 2015 - 01:17 PM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#3 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:11:41 AM

Posted 03 August 2015 - 04:58 PM

as far as I know, deleting a file removes the end-of-file marker from that file, but leaves all of the rest of the file intact. Without that marker, your OS doesn't see the file anymore and considers all of the bytes occupied by that file as free space it can write to. So eventually all of that data will probably be over-written.

 

there are various utilities that attempt to find and recover deleted files, but I don't know the particulars.



#4 gigawert

gigawert

  • Members
  • 1,304 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:41 AM

Posted 03 August 2015 - 05:20 PM

Doesn't "shredding" files get rid of them completely?


John 3:16

 "God loved the world so much that He gave His uniquely-sired Son, with the result that anyone who believes in Him would never perish but have eternal life."


#5 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:12:41 PM

Posted 03 August 2015 - 06:08 PM

Doesn't "shredding" files get rid of them completely?

Shredding paper files? Sure.. for the most part... unless you are in a spy movie and they paste them back together!


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#6 saw101

saw101

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great Pacific Northwest
  • Local time:09:41 AM

Posted 03 August 2015 - 07:52 PM

Ccleaner offers a wipe of free space. It's under Tools > Drive Wiper. You can select anywhere from 1 to 35 overwrites from the drop down. Personally I have never made use of that feature. Perhaps someone who has will offer some information.

 

 


I never make the same mistake twice....I always make it 5 or 6 times just to be sure!


#7 gigawert

gigawert

  • Members
  • 1,304 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:41 AM

Posted 03 August 2015 - 07:54 PM

But it is NOT good to use the registry cleaner feature of CCleaner because it can cause system instability and crashes.


John 3:16

 "God loved the world so much that He gave His uniquely-sired Son, with the result that anyone who believes in Him would never perish but have eternal life."


#8 swingarm

swingarm
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Colorado
  • Local time:09:41 AM

Posted 03 August 2015 - 08:08 PM

I'm more concerned with a deleted txt file still being mentioned in 1+ places in the Windows OS after it's long gone.



#9 swingarm

swingarm
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Colorado
  • Local time:09:41 AM

Posted 03 August 2015 - 08:12 PM

Changed my mind about this reply.



#10 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:11:41 AM

Posted 04 August 2015 - 02:55 PM

I don't use 10, and I am not completely sure what you are asking about.

 

In Win 8.1, Control Panel >> Taskbar and Navigation >> Jump Lists   gives 2 options that you can check or uncheck about storing recently opened programs and displaying recently opened items. 



#11 rp88

rp88

  • Members
  • 2,980 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:41 PM

Posted 04 August 2015 - 03:58 PM

In regards to deletion of a file, on a computer hard-drive a deleted file is not deleted, rather it has the thing telling the computer "where to look on the disk for myfile.txt" erased. So the computer can't easily "see" the deleted file, but data recovery programs (there are some free ones for really basic recovery, then there are professional ones and then there are expert data recpvery services and forensics specialists) can find them, or fragments of them. However, if it has been long enough since the deletion or since the deletion a wipe of all free space has been performed, then the deleted remains of the file might have been overwritten by other things and hence unrecoverable.

Also it is possible that pieces of the file may remain within the windows OS, temp files and such can hang around and record traces of the file, these would have to be first found and then erased in the same way the file itself was.

You also mention that the computer you are asking this about is running windows 10, in this case it is highly probable that there are more traces of the file left than there would have been on previous windows operating systems (and far more traces than would be on a linux system), and there might be traces stored online if you are using an ms account. Most indications suggest windows 10 is far less private than previous versions, although there is uncertainty and dispute about exactly how much less private.

For destruction of a file to a reasonable extent: first making a system image on external media* (before the file in question ever exists), then making the secret file and doing whatever must be done with it, then deleting it (preferably with secure deletion tools, there are some programs which let you overwrite a file rather than delete it, so it is unrecoverable, avg antivirus had (it might still have) a feature which let you do this), then clearing the recyle bin, then wiping the free space on the disk, then using the computer some more and filling the disk with files to further ensure the file is overwritten, then restoring from the system image... might do it, but ofcourse you need to make tht system imnage before the file you want to delete ever exists, or else there could be traces of it within the image.

For certain destruction you would have to do this, and then afterwards wipe the free space a few more times, then wipe the whole disk a few times, then reinstall the OS, then wipe the disk some more, then smash up the hard-drive with a hammer and heat it until it melts. These levels of certain destruction are performed by governments and militaries (and probably large companies also) when disposing of machiens which once held secret data, they are perhaps more than is necessary (a few wipes of the disk and a reinstall of the OS should be sufficient to stop all but the very most skilled and well equippped of snoopers, infact sometimes it might even stop them) but as those governments/militaries/companies can afford to destory a computer far more than they can afford for the information it once held to ever get out, they take the most certain route.



Post #5, this doesn't just happen in movies. Some years ago there was an article in the news about how the east german secret police (the stasi) had shredded all their files when the cold war came to and end, but then in about 2010 some historians took all these old shredded papers and fed them into a computer with an image recognition program. The program was able to identify where the fragments of shredded paper fitted together, and the historians were able to reconstruct almost all of the shredded documents. This took a while, it wasn't the sort of thing which could be done easily for any pile of shredded paper but...
If you need to destroy paper don't shred it, either burn it, or use water soluble ink and then submerge it.


*There are may other reasons you should make a system image if you have not already, mainly that it will let you restore your system to s state you like it in (all your programs working and installed, all your operating system settings as you like them, minimal temp files clogging things up, no viruses about) after a crisis, and it will let you do this far faster than a reinstall of windows (because after reinstalling windows you would have to reinstall all your programs, and reset all your setttings...). If you do not already have one made, here is how http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/#manual note that on windows 8.1, and 10 the options to make the image might be in different places (within "file history" or "windows file recovery" or "windows 7 file recovery" or recovery") within control panel, but they are there somewhere.

Edited by rp88, 04 August 2015 - 04:20 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:12:41 PM

Posted 04 August 2015 - 06:17 PM

Post #5, this doesn't just happen in movies. Some years ago there was an article in the news about how the east german secret police (the stasi) had shredded all their files when the cold war came to and end, but then in about 2010 some historians took all these old shredded papers and fed them into a computer with an image recognition program. The program was able to identify where the fragments of shredded paper fitted together, and the historians were able to reconstruct almost all of the shredded documents. This took a while, it wasn't the sort of thing which could be done easily for any pile of shredded paper but...
If you need to destroy paper don't shred it, either burn it, or use water soluble ink and then submerge it.

 

I know, I was being... facetious.  :devil:

 

It is pretty cool what can be done know a days... slightly scary, but cool.


Edited by DeimosChaos, 04 August 2015 - 06:21 PM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#13 saw101

saw101

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great Pacific Northwest
  • Local time:09:41 AM

Posted 04 August 2015 - 07:31 PM

Perhaps one of the most famous incidents of shredded documents being pieced back together..........

 

During the 1979 Iranian Revolution, students and militants who took over the U.S. Embassy in Tehran turned to local carpet weavers to reassemble classified CIA documents they found that had been shredded. These pages were later published in a set of about 60 volumes called Documents From the U.S. Espionage Den.

 

On another note, in 2002, former FBI agent William Daly took about an hour to reassemble a shredded page from the dictionary on Good Morning America.


I never make the same mistake twice....I always make it 5 or 6 times just to be sure!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users