Forensic and Data Recovery Experts Eraser Challenge !

What is more oppressive to a victim of crime The crimes or the laws preventing the crimes? I don't understand the comment about losing my hands. I don't think a lot of that happens in the US and I don't suspect anyone to come here and try, but I'll keep my doors locked just in case.

I do not use a paper shredder as I find it suspect to shred documents.

No, I do not support giving the military or any other institution the right to destroy information. I believe in making such things public when the information does no longer put the civilian/government/military population in harms way. I believe the people have a right to know the truth.

There is no need to have a data shredder whilst format or fdisk does the job quite well already. It isn't that you want to clean a disk, you want to destroy evidence of something. Anything worth hiding is worth finding.

The only worth this application has is to hide evidence. It is overkill to wipe a disk with it, do you really feel it is necessary to wipe a disk in such a way before giving it to someone? If you have become so paranoid then perhaps your psychological state is suspect.

You can call it what you want and give reasons for its usefulness all day long but by the end of the day we realize the destructiveness of this application and witness its malevolent nature as threatening. Such things should not be allowed to develop any further and in fact should be illegal.

However, I am not the one to pass such judgments nor to write such laws to banish them. I am only capable of adapting to this ever changing environment and discovering new ways to progress with each step toward a more civil and safer world. If it must be a fact that there are such persons on this planet that choose to use their skills to do harm, then I suppose that all I can continue to do is to first except that and then do whatever I can to help those effected by it find justice through vindication if not by prevention alone.

First - wow. Simply wow.

You can call it what you want and give reasons for its usefulness all day long but by the end of the day we realize the destructiveness of this application and witness its malevolent nature as threatening. Such things should not be allowed to develop any further and in fact should be illegal.

So we now we need to get rid of format and fdisk? Since they are used for destructive purposes as well. After all, by your own admission, they work as well as eraser…

bj

Jamie

In all seriousness, there are legitimate (and important) uses for such a tool, perhaps it's useful to list some of them here?

Thank you Jamie, I was a little concerned when I first joined here but I see you are more thoughtful than most “other people” are on forensic forums. Perhaps I did pick the most forward thinking forensic forum to post on after all.

As for those pesky kids, if I could have hidden my projector and dodgy beard I would have gotten away with it too !! lol

Hi BitHead

EDIT I have been an Eraser user for years.

Ha ha, thank you BitHead !! Your post was great !

Its rather like an alcoholics anonymous meeting, everyone has to confess to using booze before they are accepted into the group !! Welcome BitHead all your previous sins are forgiven !! Ha ha !! lol

Hi bjgleas D

Again thank you for your post, top quality. I am glad to see that professionals such as yourself see the pros and cons of such software. Only with an open mind such as yours will the truth become clear !

You will make a fantastic investigator if you are not already.

Also you posted some deep quotes, very deep. I will think about them.

Hi Newwave (

Even though you probably dislike me and everything about me I am very interested in you. I want to learn more about you and why people such as yourself hold such views. Eraser helps good people, otherwise I wouldn’t be involved with it.

Only to continue this as a discussion, because I think it's an interesting one.

I do not use a paper shredder as I find it suspect to shred documents.

There is no need to have a data shredder whilst format or fdisk does the job quite well already. It isn't that you want to clean a disk, you want to destroy evidence of something. Anything worth hiding is worth finding.

The only worth this application has is to hide evidence. It is overkill to wipe a disk with it, do you really feel it is necessary to wipe a disk in such a way before giving it to someone? If you have become so paranoid then perhaps your psychological state is suspect.

You can call it what you want and give reasons for its usefulness all day long but by the end of the day we realize the destructiveness of this application and witness its malevolent nature as threatening. Such things should not be allowed to develop any further and in fact should be illegal.

Here are some rationales to come back to your statements

1) Paper shredder - Credit card applications, junk mail, etc. People will go through your trash, get these items, fill them out as though they are you. Next thing you know someone has screwed up your credit report. I have a lot of paperwork just at home that I get and don't need anymore, but I don't just want to put it in the trash. Right now I have in my "To shred" folder a list of phone numbers and email addresses for my wife's co-workers. I don't want to just throw that away.

2) Wiping Drives - fdisk and format do not necessarily get rid of the data that is on them. How many stories out there about people buying used hard drives on eBay and finding company information (or even someone's personal information) on them? It has it's place.

(Again I want to state I'm not trying to sound like I'm attacking you in any way, I'm just moving the debate forward.)

The best example of all of this is why we have the right to privacy in the US to begin with. How many times have law enforcement or government officials used the excuse of "If someone doesn't want X, then they must have something to hide." That's become more prevalent since the terrorist attacks in 2001 than at any time. The uproar over the NSA phone taps, all the new security they want to implement at the airports, etc. There are a lot of comparisons that can be drawn to this.

Again just my nickel….
Tom

No, I do not support giving the military or any other institution the right to destroy information.

Sorry, but we have to destroy information to keep it out of enemy hands - the non-destruction and improper handling of information is causing a lot of problems for the military.

The US DOD has a Data-at-Rest policy dealing with the encryption of laptops and USB sticks.

The US DOD spec for the destruction of data is DoD 5220.22-M, available at http//www.dtic.mil/whs/directives/corres/html/522022m.htm

But that has been been superceded by NIST Special Publication 800-88 at http//csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

This is the US government itself that is trying to protect national secrets, and making these techniques available to the public. And most organization who work with the government have to abide by these rules as well. And quite frankly, proper disposal of personal / senstive / classified information fall under due-diligance and best practices.

And there are many commerical vendors who create products based on these standards.

My problem is that people think files are unrecoveable once it's deleted from the recycle bin, and then they put them in the hands of people who can use undelete programs to recovered deleted information…

Even the BBC says that Hard drive destruction 'crucial', based on the report from Which? Computing Magazine which recommends phyical destruction (tho the BBC believes that a simple disk wipe should be good enough) http//news.bbc.co.uk/2/hi/technology/7816446.stm

Obviously we need to get rid of the programs criminals can use to undelete things - that's the real problem! Cause the only thing they are used for is to retrieve stuff that we have already deleted! 😯

bj

To say that all data wiping/hiding/encrypting programs are evil is silly and I'm surprised the discussion has come to this. They are tools, the same way a hammer is. it can be used to build a house or it can be used to bash in someone's head. Hypothetically speaking, if it were a statistically more significant phenomenon for people to use hammers to bash in people's heads than build houses is irrelevant, it's still just a tool which has many uses both good and bad.

That wasn't really my point, my position was simply this

1) Eraser's primary function is to HIDE/REMOVE data.
2) Our primary function (as forensic analysts) is to FIND data.

ergo

3) Why would we want to participate in the process of making something else more efficient, which in turn, makes us less efficient?

Jeff

The US DOD spec for the destruction of data is DoD 5220.22-M, available at http//www.dtic.mil/whs/directives/corres/html/522022m.htm

But that has been been superceded by NIST Special Publication 800-88 at http//csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

Superceded for whom? It has not been superseded if you're the ISSO for a military network.

Jeff

Superceded for whom? It has not been superseded if you're the ISSO for a military network.

Superceded was a bad choice of words… the NIST document (9/06) was published after the DoD document (2/06).

bj

Everyone behave or I'll confiscate your dongles. lol

My take on the "use" of wiping software
I use Eraser for my job sometimes. I work on cases involving sensitive information (sensitive client data, HIPPA, you name it). It’s nice to be able select old files and securely delete them from my forensic workstation. It’s nice to delete my files normally and schedule my computer to wipe my unallocated space on a recurring basis. While this is nice, it is not mandated. A normal deletion would be fine.

Eraser is an obstacle for examiners, much like encryption. We are, and will definitely see more encryption out there. Yes, it makes our jobs harder, but that's part of "THE JOB". We evolve with technology, learn from new advances, and develop ways to conduct forensic examinations with those obstacles. That is why we get paid to examine and not the average IT guy. We are certainly not out there telling encryption providers not to develop encryption solutions. I think protecting your data, systems, and information is vital. How many stories have we heard recently about people losing their laptops with thousands of employee records contained on them? It’s absurd. When conducting offsite images, all my drives are encrypted to protect the data in the event anything ever happened to it. I think encryption is more of a problem for us than Eraser. When you run a program, you leave traces that it was run, some leave logs, and with some wiping programs you can see patterns when observing the disk in a hex editor. I consider that information more valuable than a HDD that has full disk 256 Bit AES encryption.

“Testing” vs. “Using” Eraser
While I use Eraser personally and respect data privacy, I'm not going to do testing. I honestly do not have the time nor do I feel morally right about doing it. Someone mentioned CP before and while you didn't want to talk about it, I felt it was still a valid point. This app could really remove data that could be used to put away the bad people you do not want around your kids. I use Eraser because it is out there, and even if Eraser was not there, something else just like Eraser would be. But with that said, I’m not going to test Eraser to find flaws that could one day provide me with critical evidence.

Could not agree anymore with Jeff's statement
1) Eraser's primary function is to HIDE/REMOVE data.
2) Our primary function (as forensic analysts) is to FIND data.

3) Why would we want to participate in the process of making something else more efficient, which in turn, makes us less efficient?

Relationships with Developers
I think that the fact that a developer is reaching out to us is a good thing. I'd rather have the edge than play catch up. I think these relationships need to be made more often. We are seeing more of them taking place. EnCase and FTK now support the ability to attach encrypted devices encrypted with Safeboot. Until recently, this was not the case. These encryption providers are now partnering with our vendors to make our jobs easier. I think we are moving towards the right direction. I would rather have Eraser develop a positive relationship with this community that could help both sides. I do not think testing Eraser for bugs is positive for the reasons many of us have stated. Instead of us testing this software for bugs, I’d rather you gave us the program to test for fingerprints in the forensic aspect (as a good faith gesture) prior to a mass release. I’d also rather discuss the methods you are using to erase data and any algorithms used. As long as Eraser is “erasing the data”, I would think you are accomplishing the goal of your app. I do not think you need us to tell you if Eraser is “erasing” properly as you seem to have a successful prior version and this testing can be done with a Hex editor.

I'm with the people who simply state 'why would i want to develop something that can only make my life that little bit harder'. (without going any further to say potentially making it easier for someone get away with something)
Having said that, some of the overwriter guy's posts have been quite funny, providing a welcome distraction from my current bout of man-flu. )