Re: Are computer forensics people as stupid as they seem?

Anonymous <mix@xxxxxxxxx> wrote in
news:0d864553211d0ba235471b2d186af80f@xxxxxxxxx:

In article <Xns9944603847858abcxyzcom@xxxxxxxxxxxxxxx>
"nemo_outis" <abc@xxxxxxx> wrote:

PPS Not only are erasers a poor approach to the problem, their *mere
existence* on your computer can itself be incriminating. It wouldn't
take much of a prosecutor to convince a jury that a fellow who has a
program called "evidence eliminator" installed does not have clean
hands. You can bleat "but that's not proof!" all you want; men have
hanged for less.

Full OTFE, on the other hand, while it does have its own "something
rotten in Denmark taint" can more easily be justifed as protection
against identity theft, etc. than something with a name like EE.

That doesn't make any sense. A secure deletion program sitting on your
computer is enough to convince a jury that you should go to jail, but
an entirely encrypted hard drive isn't and can be justified as
protection against identify theft?!

If you're in such a legal jurisdiction that a file eraser on your
computer and no evidence of any criminal activity is enough to
convince a jury to send you to jail, an entirely encrypted hard drive
is going to be treated either the same or probably worse.


Paradoxical though it may seem, having bombproof full-HD OTFE is far more
defensible in court than some (far less effective) file eraser -
especially one called "evidence eliminator!"

To see why one has only to visit the websites of those selling such
products as Securedoc. These are professionals marketing to big
corporations and even government itself. They speak of standards and
quality. The rationale for using their products is presented - often in
formal white papers - in the context of data security, not criminality.
Their clients are a who's who of big important companies. They reek of
professionalism, not the "nudge, nudge, wink, wink" seediness of hiding
porn from your wife and kids.

In short, they are professional, above-board, and respectable. It is far
easier to say to a court that you, as an individual, have been persuaded
of the need to also apply the same security measures than to frame the
matter in terms of "erasing your tracks." You are emulating the pros,
piggybacking on security industry "best practices," not furtively erasing
evidence like a criminal.

Regards,

PS And to put additional nails in the coffin of file erasing, here're
more points against it:

1. There are zillions of programs which "leak data" all over the place.
To know *what* to erase you must keep track of all these possible leakage
places, a herculean task that is almost certain to be done incompletely.
And it's a task that must be redone every time you install a new program.
In short, it's a bitch to know *what* to erase aside from any question of
how thoroughly.

2. The purpose of a hard disk is data storage. If you must always erase
what you have on it you have foregone the ability to store the
information you wish.

3. And here's the clincher! Even if erasing were perfect you only erase
what you can do without. But there are many repositories of leaked info
that can bite you on the ass that you DON'T want to erase. One example
(of many!) is Microsoft Word files - such files have metadata embedded in
them that could prove very embarrassing (ask Tony Blair about that one!).
Or for the ultimate example of a "file" which cannot be erased but
contains untold amounts of leaked data, much of it highly sensitive,
there is the REGISTRY! Hell, some of the leaked data in the registry is
even encrypted (weakly so, but encrypted nonetheles - e.g., userassist).

.

Relevant Pages

  • Re: Security progs.
    ... I'm not a fan of erasing. ... tools that, through some kind of database/list, do manage what to erase. ... (Evidence Eliminator works but is ... good file recovery program. ...
    (alt.privacy)
  • Re: free OS instead of windows?
    ... ERASER, which runs from a floppy and wipes everything on the ... Eraser - Free secure data erase tool to wipe files on your ... Eraser is a secure data removal tool, ...
    (microsoft.public.windowsxp.basics)
  • Re: Permanent data removal
    ... version of WDDIAG or Lifeguard tools for Western Digital drives, ... etc.) and do a full erase & ... BCWipe but Tolvanen's Eraser or something similar would also do). ... abandoning the erasing policy and revert to my ...
    (alt.computer.security)
  • Re: Erasing contents and leaving the formula
    ... How are you erasing the numbers/formulas now? ... You have a cell that you typed EMPLOYEE NAME into and of course ... "Octavio" wrote: ... Then I want to reuse the same form for the following week, so I erase all ...
    (microsoft.public.excel.newusers)
  • Re: cannot erase cdrw disc using xp cd writing wizard or windows m
    ... second or two of erasing. ... >>I am not trying to erase individual files, I am trying to erase the cdrw ...
    (microsoft.public.windowsxp.general)
Loading