|
srm |
|
*nix |
elleron |
http://srm.sourceforge.net/ |
|
srm is a secure replacement for rm(1).
Unlike the standard rm, it overwrites the data in the target files before
unlinking them. This prevents command-line recovery of the data by examining
the raw block device. It may also help frustrate physical examination of the
disk. |
|
GPL |
Information Updated:28 May 2003 |
|
The Defiler's Toolkit |
|
Linux |
The Grugq |
http://www.totse.com/en/hack/hack_attack/167627.html |
|
The file system (supposedly) contains a
record of file I/O activity on
a computer and forensic analysts attempt to extract this record for
examination. Aside from their forensic tools incorrectly reporting on the
data, these tools are useless if the data is not there to be reported on.
This section will present methodologies for thoroughly eradicating evidence
on a file system. These methodologies have been implemented in The
Defiler's Toolkit (TDT) which accompanies this article.
|
|
GPL |
Information Updated:28 May 2003 |
|
wipe |
|
*nix |
nester |
http://wipe.sourceforge.net/
|
|
ya-wipe is a tool that effectively
degausses the surface of a hard disk, making it virtually impossible to
retrieve the data that was stored on it. This tool is designed to make sure
that sensitive data is completely erased from magnetic media. |
|
GPL |
Information Updated:28 May 2003 |
|
fwipe |
|
*nix |
Len Budney |
http://jeenyus.net/~budney/linux/software/fwipe.html
|
|
fwipe0 reads a list of filenames on
standard input, each one followed by a 0-byte. If a filename refers to a
regular file, then fwipe0 attempts to overwrite the file n times with 0's
and 1's. If successful, fwipe0 attempts to delete the file. After each pass
overwriting a file, fwipe0 syncs the data to disk. That makes sure that your
data is really overwritten on disk, not just in some memory buffer. This
should even work if your files are mounted over NFS. |
|
GPL |
Information Updated:12 Oct 2006 |
|
overwrite |
|
*nix |
Salvatore Sanfilippo |
http://www.kyuzz.org/antirez/overwrite.html |
|
Overwrite is a UNIX utility that try to
make harder data recovering. What overwrite does is to overwrite files using
random patterns and deterministic patterns, as suggested in the Peter
Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State
Memory".
|
|
GPL |
Information Updated:31 Mar 2003 |
|
Runefs |
|
Linux |
The Grugq |
http://www.totse.com/en/hack/hack_attack/167627.html |
|
The first inode that can allocate block
resources on a ext2 file system
is in fact the bad blocks inode (inode 1) -- *not* the root inode (inode
2). Because of this mis-implementation of the ext2fs it is possible to
store data on blocks allocated to the bad blocks inode and have it hidden
from an analyst using TCT or TASK. To illustrate the severity of this
attack the following examples demonstrate using the accompanying runefs
toolkit to: create hidden storage space; copy data to and from this area,
and show how this area remains secure from a forensic analyst. |
|
GPL |
Information Updated:28 May 2003 |
|
 |
|
DBAN |
|
ANY |
Dark Horn |
http://dban.sourceforge.net/
|
|
Darik's Boot and Nuke ("DBAN") is a
self-contained boot floppy that securely wipes the hard disks of most
computers. DBAN will automatically and completely delete the contents of any
hard disk that it can detect, which makes it an appropriate utility for bulk
or emergency data destruction. |
|
GPL |
Information Updated:28 May 2003 |
|
Diskzapper |
|
ANY |
Phil Howard. |
http://diskzapper.com/ |
|
Diskzapper Dangerous automatically begins
erasing all the disks as soon as the booting process is completed. No user
action is required. This was intended to be used on computers for which it
is not convenient to plug in a keyboard and monitor.
Diskzapper Extreme generates a random
sequence of bits and writes every sector with a different sequence. It
repeats this process with different sequences on each of ten passes through
every sector on the disk. This will likely prevent two major techniques of
forensic analysis that could recover data from the disk. Those techniques
involve looking at residual data either between tracks or minute leftover
magnetic states. By writing several different random sequences, any
recovered data will likely be confused with the various random bits that
will have been written.
In order to ensure compatibility with disk partitioning programs, once
Diskzapper Extreme has written all the sectors with random data, it then
writes the first several sectors with binary zeros so that partition tables
will appear empty, rather than garbled with random bits.
|
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
bcwipe |
|
Win32 |
Jetico |
http://www.jetico.com/ |
|
BCWipe can be run from My Computer as
well as from a command-line prompt. BCWipe v.3 is a powerful set of
utilities which complies with the US DoD 5200.28-STD standard and Peter
Gutmann wiping scheme. You can also create and use you own customized wiping
scheme to shred sensitive information from storage devices, installed on
your computer.
|
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
Many Assorted Tools... |
|
Win32/CE |
Arne Vidstrom |
http://ntsecurity.nu/toolbox/
|
|
Many tools including:
- file encryption tools that can encrypt with either 3-DES or IDEA,
- ClearLogs clears the event log (Security, System or Application) that you
specify. You run it from the Command Prompt, and it can also clear logs on a
remote computer.
- others... (Including forensics tools) |
|
Freeware |
Information Updated:28 May 2003 |
|
SecureIT 2000 |
|
Win32 |
Cypherix Encryption Software |
http://www.cypherix.co.uk/prods.htm |
|
Secure IT 2000 is an easy to use, feature
packed, file and folder encryption program based on 448-bit strong
encryption using the Blowfish algorithm. It includes a customizable
file shredder, and the ability to generate self decrypting email
attachments. |
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
CryptoMite |
|
Win32 |
BAxBEx Software |
http://www.baxbex.com/products.html |
|
CryptoMite enables you to encrypt,
decrypt, and wipe files and folders of any type. It supports various
encryption engines, along with ZIP compression. Functions to build
self-extracting encrypted ZIP files and e-mail capabilities are also
included. |
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
Evidence Eliminator |
|
Win32 |
Robin Hood Software Ltd. |
http://www.evidence-eliminator.com/product.d2w |
|
Evidence Eliminator destroys:
Windows SWAP file, Windows Application logs, Windows Temporary Files,
Windows Recycle Bin, Windows Registry Backups, Windows Clipboard Data, Start
Menu Recent Documents history, Start Menu Run history, Start Menu Find Files
History, Start Menu Find Computer History, Start Menu Order Data, Start Menu
Click History, Microsoft Internet Explorer temporary typed URLs, index
files, cache and history, Microsoft Internet Explorer AutoComplete memory of
form posts and passwords, Microsoft Internet Explorer Cookies (Selective
cookie keeping for versions 5 and above), Microsoft Internet Explorer
Internet components (Selective keeping of components), Microsoft Internet
Explorer Download Folder memory, Microsoft Internet Explorer Favorites List,
Microsoft Outlook Express v5+ database of (Selective keeping of mail and
news groups), Windows Media Player History, Windows Media Player PlayLists
in Media Library, America OnLine Instant Messenger contacts, Netscape
Navigator temporary typed URLs, files, cache and history, Netscape Navigator
Cookies (Selective cookie keeping for versions 4 and above), Netscape Mail
v4+ sent and deleted e-mails, Netscape Mail hidden files, Customizable lists
of files and folders, with or without their contents, Customizable scan
lists of file types in specific folders, Customizable scan lists of file
types on all drives, Deleted filenames, sizes and attributes from drive
directory structures, Free cluster space ("Slack") from all file tips,
Magnetic remenance from underneath existing files/folders, All free
unallocated space on all hard drives, Evidence of activity in many other
programs, using Plug-In modules, Slack space and deleted entries in the
Windows registry, Created and modified dates and times on all files and
folders, Windows Registry Streams, Common Dialog load/save location history,
Instant secure deletes of Windows registry data (NT4/2000/XP) |
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
Steganos Security Suite 2006 |
|
Win32 |
Steganos GmbH. |
https://www.steganos.com/en/products/sss2006/ |
|
Why do you need Steganos Security Suite?
Your privacy is always in danger - without you noticing it: If you share your computer with others or use a laptop. If pest programs
record your credit card number. If confidential data is stored on your hard disk. If your PC needs to be repaired or sold and you
want to clear the hard disk first. If you use a USB stick or CDs for data transport – your privacy is at stake. You are leaving
traces – on the Internet and offline: The acquisitiveness of today's programs knows no bounds. Windows XP also sends data to
Microsoft. Spyware is installed unnoticed and secretly transmits your address and account information. Thus, fraudsters can apply
for credit cards, purchase products at online auctions on your behalf, pay by directly debiting your bank account or incur debts -
and everything in your name!
How does Steganos Security Suite work?
Steganos Security Suite combines ten powerful tools for protecting your privacy:
Steganos Safe protects your sensitive data - it serves as your encrypted hard disk. You open the safe with a password,
USB stick or your ActiveSync-capable SmartPhone: via Bluetooth or even wireless.
Laptop lost or stolen? With Steganos AntiTheft, you increase your chance of restoring it. Your valuable data will definitely
not be accessible. USB sticks, too, can be turned into portable safes: now even rewritable.
Steganos AntiSpyware reliably removes about 100,000 pest programs like Adware and Spyware.
Steganos Shredder destroys sensitive data without a trace - even retroactively, if necessary.
For free: Updates for Steganos Security Suite are available for free within a generation.
Spyware database updates are included for 1 year. |
|
COMMERCIAL |
Information Updated:11 Sep 2006 |
|
|
|
Tracks Eraser Pro |
|
Win32 |
Naval Criminal Investigative Service (NCIS) |
http://www.acesoft.net/features.htm |
|
Tracks Eraser Pro is designed to protect
you by cleaning up all the tracks of Internet activities on your computer.
With only one click, Tracks Eraser allows you to erase the cache, cookies,
history, typed URLs, autocomplete memory, index.dat from your browser and
temp folder, run history, search history, open/save history, recent
documents, and so on.
With Tracks Eraser Pro's free plug-ins, you can easily erase the tracks of
up to 100 popular applications, such as the playlists of Realplayer,
Mediaplayer, and QuickTime, and recent files of Office, Acrobat, WinZip, and
so on. Tracks Eraser Pro has the Custom Item, which lets you erase files and
Registry entries. With Tracks Eraser Pro's Securely Erasing feature enabled,
Tracks Eraser Pro will overwrite files a set number of times with random
data. |
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
Declasfy |
|
WIN32 |
Mares and Company, LLC |
http://www.dmares.com/maresware/df.htm |
|
The program is designed to "wipe" hard
disks to meet Department of Defense standards from the Rainbow series
concerning declassification (wiping) of hard disks and cleansing of floppy
disks. Declasfy writes the entire disk with hex 0s, then 1s (0xff), then
random characters or symbols. DOD standards currently specify a minimum of 5
overwrites; Declasfy defaults to perform 3 overwrites each time, so it
should be instructed to run twice (-w option) to meet current DOD standards.
Declasfy finishes the wiping job completely, finding sectors on the drive
that many other wipe programs may not report. It uses LBA addressing
whenever possible to "search out" those sectors. With LBA drives, there are
often extra sectors( from 1 to a few thousand) on the drive after the
formatting process. These extra sectors could contain information that
Declasfy finds and wipes.
|
|
COMMERCIAL |
Information Updated:28 May 2003 |
|
Invisible Secrets |
|
Win 32 |
NeoByte Solutions |
http://www.neobytesolutions.com/invisiblesecrets/ |
|
Invisible Secrets 4 not only encrypts your data and files
for safe keeping or for secure transfer across the net, it also hides them
in places that on the surface appear totally innocent, such as picture or
sound files, or web pages. These types of files are a perfect disguise for
sensitive information. Nobody, not even your wife, boss, or a hacker would
realize that your important papers or letters are stored in your last
holiday pictures, or that you use your personal web page to exchange
messages or secret documents. With Invisible Secrets 4 you may encrypt and
hide files directly from Windows Explorer, and then automatically transfer
them by e-mail or via the Internet.
Invisible Secrets 4 features strong file encryption algorithms (including
AES - Rijndael), a password management solution that stores all your
passwords securely and helps you create secure passwords, a shredder that
helps you destroy beyond recovery files, folders and internet traces, a
locker that allows you to password protect certain applications, the ability
to create self-decrypting packages and mail them to your friends or business
partners, a tool that allows you to transfer a password securely over the
internet, and a cryptboard to help you use the program from Windows
Explorer. Invisible Secrets 4 is shell integrated and offers a wizard that
guides you through all the necessary steps needed to protect your data.
|
|
COMMERCIAL |
Information Updated:08 June 2006 |
|
Last page update:
01 Nov 2007 |
|
Computer Network Defence Ltd
Information Security Consultancy and Recruiting
enquiries@securitywizardry.com
Copyright © 2004 Computer
Network Defence Ltd. All Rights Reserved.
|
PO Box 2680, Corsham, Wiltshire, SN13 0ZR, UK
Phone 0870 3219014
International +44 (0) 1225 811806
|
|
