CCLEANER´s erasing ...
 
Notifications
Clear all

CCLEANER´s erasing accuracy compared to other softwares?

33 Posts
7 Users
0 Likes
3,738 Views
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

hello. I would like to know if for secure erasing purposes, Ccleaner (1 pass overwritting) could be considered "profesionally" safe, compared with other erasing available software?

 
Posted : 08/02/2013 6:26 pm
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

I am speaking of recent versions like v3.23.1823.

 
Posted : 08/02/2013 6:28 pm
(@belkasoft)
Posts: 169
Estimable Member
 

Do you mean Piriform CCleaner? It's about as "professional" as any housewife's computer tool. No offence to housewives.

 
Posted : 08/02/2013 7:12 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

hello. I would like to know if for secure erasing purposes, Ccleaner (1 pass overwritting) could be considered "profesionally" safe, compared with other erasing available software?

I'd think that this would be easy to test…

 
Posted : 08/02/2013 7:36 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I'd think that this would be easy to test…

Sure, just run CCleaner and then see what you can get back with Recuva wink
http//www.forensicfocus.com/Forums/viewtopic/t=10194
http//www.forensicfocus.com/Forums/viewtopic/t=9821/

jaclaz

 
Posted : 08/02/2013 8:29 pm
TuckerHST
(@tuckerhst)
Posts: 175
Estimable Member
 

To be fair, CCleaner is a very thorough and powerful end-user tool. Dave Cowen used it as an example in his anti-anti-forensics talk – related to his $Logfile research. It's not just a joke. And, as Harlan points out, it's easy enough to test, which is what Dave did.

A couple of weeks ago, I
suggested that williamsonn should look into it.

Did you?

 
Posted : 08/02/2013 9:29 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

To be fair, CCleaner is a very thorough and powerful end-user tool.

Sure it is ) , still it is not aimed at secure erasing a device, it is aimed to erase a filesystem or, more correctly parts of the filesystem (files or free space or even unused/old $MFT entries), just like Recuva is aimed to recover deleted files on a filesystem
http//www.piriform.com/docs/ccleaner/ccleaner-settings/changing-ccleaner-settings

In my perverted mind, if all I can find, with *whatever* methods, on *any* sector of the device is 00's then that is "secure erase", and most if not all "secure erase" programs are aimed to the device and not at the filesystem, so I wouldn't know with what to compare, possibly sdelete
http//technet.microsoft.com/en-us/sysinternals/bb897443.aspx

jaclaz

 
Posted : 08/02/2013 11:21 pm
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

To be fair, CCleaner is a very thorough and powerful end-user tool. Dave Cowen used it as an example in his anti-anti-forensics talk – related to his $Logfile research. It's not just a joke. And, as Harlan points out, it's easy enough to test, which is what Dave did.

A couple of weeks ago, I
suggested that williamsonn should look into it.

Did you?

Yes, I did )

Thanks for your answer 😉

Then, I suppose they are not right in some forums when some say that piriform ccleaner is not a secure rool for secure deleting?

 
Posted : 09/02/2013 2:27 am
TuckerHST
(@tuckerhst)
Posts: 175
Estimable Member
 

It's a question of semantics. Without context, there's no way of knowing if we're talking about wiping specific files, free space, or the entire drive.

Don't underestimate CCleaner; I would be skeptical if people say they can recover files CCleaner has wiped. If configured to wipe files, it does an effective job. However, it's not intended to do a forensic wipe of an entire drive. That is probably exactly the opposite of what most CCleaner end users would want.

As for comparing it to other tools, it depends on what kinds of tools you're comparing it to. There are other wiping tools that are effective at overwriting files, too. Unless you want to compare it to something like DBAN, or, as I already suggested, DiskPart.

If you happen to download a few, try them, and post your findings, I'm sure we would all be interested to read about it.

 
Posted : 09/02/2013 10:25 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

There is nothing to under or over estimate. 😯

Once a tool, *any* tool has filled a "target" with 00's nothing will be recovered (if not some 00's) from the "target".
It is pretty much binary, a given tool either is capable of effectively writing 00's to a given "target" or it is not.
Of course all such tools are capable of writing 00's, so there is not any "estimation" possible on this, maybe there could be if *any* tool would not deliver what it promises (but then that would be a bug in the tool).

All the differences might be in

  • which "targets" can be overwritten by the tool (disk - WHOLE disk, drive/filesystem, file,
  • free space in filesystem, including HPA/DCO, etc.)
  • how efficient is the tool (how fast it is)
  • how convenient it is (which environment it needs to run, how user friendly it is, etc.)

jaclaz

 
Posted : 09/02/2013 5:01 pm
Page 1 / 4
Share: