Hello. )
I assume most security minded people here at forensicfocus.com have heard of the secure overwriting tool called Eraser. As with most classics Eraser V5 has reached a point in its life where it has to concede to a younger and more agile successor.
The Eraser Project Team has been developing Eraser V6 this last year and it is nearing completion. Eraser V6 is a complete rewrite of the classic Eraser V5. This is not a simple patching or updating task but a 100% fresh start written with all the knowledge gained from the original V5 and all the advantages that brings with it.
As Erasers developers take the secure deletion of data very seriously they are asking anyone with an interest in security particularly in the forensic and data recovery fields to assist in confirming Erasers unrivalled ability to securely overwrite data. This is what is known as peer review and as every security conscious individual will tell you without peer review there is no security !
To save valuable development time The Eraser Project Team ask that anyone wishing to assist in peer reviewing Erasers code, performance and functionality would be of good standing within the industry of computer forensics or data recovery. This is why you, the members of forensicfocus.com are being asked by the Eraser Project Team to assess our work.
The Eraser Project Team understand that well meaning individuals may wish to assist in testing but may not possess the adequate qualifications or skills to perform a competent analysis of Erasers performance and output. Although very grateful for any analysis The Eraser Project Team ask that enthusiastic amateurs perhaps post their findings on the Eraser forum for discussion rather than trying to contact the developers directly.
If you are someone who is qualified to assess Erasers performance, would like to volunteer your services to the open source community and enjoy a good humoured challenge please join the Eraser forum and contact me (Overwriter) via PM.
Thank you.
I see the benefit in having a computer forensics professional QA a product which performs secure file deletion, however the problem is that with every benefit there is for the software/developer, there is an equal disadvantage for the computer forensics professional.
Speaking for myself, though I'm sure this goes for most everyone on this board, the less effective programs like these are, the more effective our examinations are - so why would we want to help you make your program more effective?
Jeff
Hi Jeff )
Thank you for your reply.
so why would we want to help you make your program more effective?
Well I did say “and enjoy a good humoured challenge”.
But seriously not everyone who uses Eraser is a criminal you know 😯 ! We have addressed this misconception in our
Yes criminals can use Eraser to hide their tracks etc they could also use encryption. Would you like encryption banned or crippled in some way ? If so I believe we will end up with only the criminals having secure deletion and strong encryption and the poor old “nice guy” will enjoy little if any privacy.
If you have a moral or professional objection to Eraser working well and protecting its legal users then that is fine and I accept your point of view. However I prefer to take a different view and I hope Eraser is protecting decent law abiding people from criminals, also I hope our efforts have already protected reporters / human rights workers etc in oppressive countries from torture or imprisonment.
With encryption the best way to learn how to write good encryption algorithms and programs is to try to break others first and learn from their mistakes. I believe it may be similar with our project. You might have learned something from the exercise but I understand you don’t want to help.
If you ever change your view on this then you will always be very welcome to join in at the Eraser forum or here if you like. I am sure you “know your stuff” and you would be able to help us greatly. I hope you change your opinion of Eraser and what we are trying to do.
Thanks for your reply anyway. )
May ask you to provide some details on the whatever "better" features of "Eraser" at the light of these
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=2065
and expecially of the "Epilogue" added to the updated version of the original paper that is addressed on the Eraser site
http//
Updated paper address
http//
(BTW Prof. Peter Gutmann has only one "t" in his surname)
http//
Also, I would like your comments on these
http//
http//
And particularly on this
http//
As per today, the Great 0 challenge has not been accepted
http//
Mind you ) , I am not in the least trying to "put down" or "criticise" the Eraser approach, only looking for any evidence that anything more than a single 00's pass is needed, or, just like the Great 0 challenge, that anything has ever been recovered after a single 00 pass on a modern hard drive.
jaclaz
May ask you to provide some details on the whatever "better" features of "Eraser" at the light of these
Better as in more features, ability to wipe an entire attached drive, stego option, plausible deniability for Truecrypt users, Vista compatible, 32 and 64 bit, better pseudorandom data (cryptographically) thanks to Svante the creator of Axcrypt, better scheduler, better (more neatly) written code, more aesthetically pleasing interface, more areas covered, ability to add plug-ins and a few more things we would like to surprise our users with when V6.2 is out.
As for the voodoo overwriting patterns, I agree with you and so does the Eraser team. The default settings on Eraser are set to a single pass.
Are you interested in helping test our work ?
As for the voodoo overwriting patterns, I agree with you and so does the Eraser team. The default settings on Eraser are set to a single pass.
It does not seem to me, judging from the homepage
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
…..
The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.
Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting methods.
……
The file remains on the disk until another file is created over it, and even after that, it might be possible to recover data by studying the magnetic fields on the disk platter surface.
….
Uses the Guttmann (Default), Pseudorandom Data and US DoD 5220-22.M methods.
(Bolding is mine)
It seems to me as the "Eraser team" is contributing to "spread the Myth" 😯
i.e. exactly the opposite of my current beliefs on the matter (and again I am not asking anything but being proved - even partially - wrong)
Are you interested in helping test our work ?
Sure, how could I? roll
jaclaz
It does not seem to me, judging from the homepage
Ahh you got me, yes that is an old page / site. Things have moved on a little since then and it does need updating. There is a new site starting up
It seems to me as the "Eraser team" is contributing to "spread the Myth"
Oh dear, you are a real campaigner aren’t you ! ? ……. lol
I see your point and I have read the bits in bold you have very kindly supplied. The default method has been a single pass for probably over a year or so now. As I said that is the old site and it does need some attention.
To be fair to the old site and information on it, it did say “which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.” Which is true, that is what it does. Also it said “it might be possible to recover data by studying the magnetic fields on the disk platter surface.”. Which I suppose is a true statement, we cannot say for certain and we are on the side of caution. PGP which I am sure you will agree is hardcore encryption only claims to be “Pretty Good Privacy” which has to be the understatement of the century. So I believe the old Eraser statement to be true and justified, the author was just being careful.
Sure, how could I?
Thank you for the offer !
Well, we need competent Beta testers although I have just recruited the Beta tester from hell “chris12923” who is currently picking our poor old V6 Beta apart ! But the more the merrier !
I guess where you could help seeing as you have an interest in forensics is to try to find fault with Erasers performance. Does it truly erase all traces of a file, does it wipe all the free space properly, MFT and FAT records cleared properly etc. Does it perform well on hard drives, floppies and flash drives etc ?
With your forensic knowledge you could perhaps write a list of areas or targets Eraser should pay attention to. We have a small and modest forensic section in our forum I would love you to contribute to. There will be plug-ins soon for V6 so it would be great if you could tell us where you think plug-in writers should focus their attention in order to protect Eraser user’s privacy.
As you are very keen on our website text would you be interested in writing some information for it ?
Are you able to check the Truecrypt plausibility feature in Eraser ? We have had a crypto expert (Svante) check the CSPRNG and its implementation to make sure it is truly random, I myself have used diehard etc but you may be more skilled in this area.
Can you provide code ? Please take a look at the Eraser source and let us know if you could do better.
We also need someone to help write a very easy to understand user guide and we could also do with some translators.
Two very skilled people from this forum have offered to help with the forensic tests of Eraser but it would be great to have more. You may each have a special interest or particular technique so we could ask each of you to let us know the areas in which you would like to test so we avoid doubling up.
So as you can see there is plenty you could get involved in so please join our forum and Trac and PM when you are there. If you decide to register with a different username than you have here in case “jeff caplan” has a go at you for switching to the dark side, then please let me know who you are. I will keep your identity private.
Thanks. )
"I’ll never write to my mistress using the wife’s PC again!"
You could if you used Eraser lol , come on Jeff step over to the dark side for a while and tell us where we could improve Eraser ! We will keep your identity a secret, I promise. wink
Since I'm going for some 15 days abroad, I'll download the latest version, and if I have some time (like rainy days and the like) I'll try playing dummy-user with it.
I will be back and report around 20th of January, joining the Eraser Forum.
jaclaz
P.S. A simple statement like
"For the last few years we have been induced to wrongly think that several passes were needed.
It seems that we were overcautious, as it became evident, in the words of the same Author of the original paper that one single pass is enough for all practical uses.
We apologize for all the time wasted with the several passes and possibly for the stress on hard disks we contributed to create.
Though you are perfectly free to use any number of passes and any kind of voodoo rites, the new default for Eraser is one SINGLE pass, and we believe that anything more is not needed."
Would do nicely. 😉
I will be back and report around 20th of January, joining the Eraser Forum.
That will be fantastic, thank you very much for your help. D