How to Prevent a Computer Forensic From Accessing Sensitive Information
Computer and Data Protection
To respond to the question presented in the article’s title, perhaps it’s better to start by understanding the reality of how the forensic computers work; these specialists are in charge of obtaining confidential information that has supposedly been erased. The key to this very specific type of forensic work is the analysis of hard discs, removable discs, SCSI discs, and other storage media. These analyses look for valuable files like passports and traces of internet activity. After working for some time and if the users haven’t been careful, then there appears, and not by magic, all of the files and folders that we have sent to the recycle bin and later, also supposedly, we have emptied this space.
It’s clear that there are many ways to look for evidence in hard discs and forensic computers take advantage of the fact that we don’t all know how computers function to easily recover information. Despite all of the warnings, articles and commentaries published in internet forums, people still don’t understand that when using Windows, or erasing a file, that the information isn’t completely erased, but rather traces remain and these can be taken advantage of by forensic computers to restore files and folders.
Obviously, it’s not a simple process, nor can it be done by just anyone, but the specialists know what they do and for this reason they can use special tools to look for “deleted” files that aren’t really erased. One of the first things they look for are “slack files”, that’s to say, the data storage space that exists from the end of the file to the end of the cluster, that is one of the principal sources of information recovery because it contains octets of data randomly selected from the computer memory.
But logically, the “slack file” isn’t the only thing that they look for. There are also “swap files” created by Windows. These are special files, like a “notebook” for writing pieces of information down when access to additional random memory is needed and its size can range from 20MB to 200MB. This space can contain files left over from the processing of word processors, emails, Internet activity (cookies) and almost any kind of other work that had been done during the last sessions. It is not necessary to be a specialist to understand that with “swap files”, forensic computers have an excellent backdoor for recovering information that we don’t want anyone to see.
The user’s lack of knowledge offers forensics many advantages. Another application that many don’t know about is called “Unallocated File Space”. We will return to the same subject one more time: when files are erased or deleted, there remains an area called non-assigned storage space. Furthermore, the data continues to exists, hidden, we could say; however, they can be detected by means of powerful tools that forensic computers possess.
After explaining all of this, how do we make it so that our information never remains exposed to the prudent eyes of forensic computers? The answer is that there is special software that offers a high level of security in the process of elimination of erased data. One of the most popular and successful is Window Washer.
This software is presented as a simple and rapid way to protect the privacy of its clients by erasing internet search activity; it also erases completely the addresses contained in the address bar, and it eliminates the cookies that the use doesn’t want to save. But the features don’t stop there: Window Waster overwrites the traces of the user’s activity up to 100 times. Furthermore, it removes thousands of unnecessary files, can be programmed to clean the computer according to a regular calendar, erase internet search activities and, furthermore, increase the computer’s performance. There is also the option of a “free space cleaner”: the software detects and erases parts of old and already eliminated files and documents, which causes the forensic computers’ tools to not be able to restore the contents.
We have already said that the specialists look search traces to restore our itinerary, and for this reason, Window Washer allows the elimination of cookies; however, it is not complete because some cookies can be useful and because of this the program allows us to save those that are of interest to us. Another valuable option of Window Washer is the option of erasing the entire system. Sometimes, when we get rid of a computer, we think that by only “reformatting” the hard drive, all of the information contained will disappear. In reality it doesn’t happen this way, and for this reason, Window Washer include, amongst its many other features, a “complete system erase” that allows a complete cleaning of the hard drive, files, programs and operating systems, with the goal of completing the formatting process in an easier way.
The computer forensics will have more work to the extent that users continue to work without all the protection they need. While there remain naïve people that believe that with an antivirus or antispyware program their information is secure, then the specialists will continue to have backdoors to access the contents that we want to keep private with. Therefore, it’s essential to be proactive and set up our computers with software that will really make us feel safer.