While doing some research into a topic of interest to me, I ran across a program and, having downloaded it, was reminded of something that I had forgotten.

So, while using a hex-editing program, I had occassion to examine a floppy disk that I had PGP-wiped earlier.

I found out that, while the data itself was garbled gibberish like it's supposed to be, that the names of the deleted and wiped files are left pretty much intact!

'So what if They know what the name of the file was? As long as they can't recover the contents, it doesn't matter, right?'

On the contrary!

Attached is a screenshot from the floppy, as viewed through a hex-editor.

If you can do a crossword puzzle, you can recover such things as 'p-dichlorobenzene' and 'steganography' from the untouched sectors. :mad:

That could be enough to give Them a clue you don't want Them to follow.

After checking other disks, I found the same problem.

A solution is to remove all the contents from the disk, format it, and THEN do the PGP freespace wipe. This fills the entire disk up with random gibberish, thus removing ALL traces. :)

This is fine for small removable media like floppies and ZIP disks, but what about your hard drive? I've got half a terabyte on four drives, how the fuck am I supposed to shuffle it all around off of one drive so I can totally wipe it? :(

As a matter of routine, I wipe one drive each night, with 3 overwrites. So the data is unrecoverable, but I have to use very descriptive filenames, otherwise I'd never be able to find a particular file amoung the hundreds of thousands I have, so even just being able to recover the filenames might be enough to help the piggies. :mad:

While I was at it, I used another program that extracts the URLs and opened file names from the windows Index.dat file.

EVERY file you open in windows, the file name (including extension) and location is recorded in the Index.dat file, for I don't know how long. Probably since the O/S is installed.

This includes files in PGP volumes, so even if it is encrypted, They'll know the name and type of any files you access in there. I've included a screenshot showing this. The 'NBK PDF' folder is on an encrypted PGP volume (K:\), but the names of the files are clearly visible (or would be if I hadn't obscured them :p).

It's possible to erase the Index.dat file by booting up with a prompt, and manually finding and deleting it, but how often can you do that?

I have thought (in the past) about a program that would generate a serial number for a folder, with sub-numbering of the files contents.

For instance, instead of a folder being named 'Global Domination' ;), with files within being named 'Africa', 'America', 'Asia', etc., it would be called '1215478214', with the contents being '1215478214-1', '1215478214-2', etc.

Doesn't help you find them, but that's where the master index comes in. It's a linked index that keeps track of what serial number belongs to whatever name you assign to it, and stored in a PGP encrypted volume.

So you can search for the folder named 'Global Domination', and click on it to open it, and the contents are listed as 'America', etc to your eyes, but to the computers file handling routines, it's named '1215478214-2'.

When you type in the name in the 'Save As...' dialog and hit 'OK', the program intercepts the name, translates it into the appropriate serial number, transparently inserts that in place of the name you typed, and updates the index.

So, with the contents locked up in an encrypted volume, there's no files they can access, and with the serial index, no recognizable names to even hint at the contents. :p

While doing some research into a topic of interest to me, I ran across a program and, having downloaded it, was reminded of something that I had forgotten.

So, while using a hex-editing program, I had occassion to examine a floppy disk that I had PGP-wiped earlier.

I found out that, while the data itself was garbled gibberish like it's supposed to be, that the names of the deleted and wiped files are left pretty much intact!

'So what if They know what the name of the file was? As long as they can't recover the contents, it doesn't matter, right?'

On the contrary!

Attached is a screenshot from the floppy, as viewed through a hex-editor.

If you can do a crossword puzzle, you can recover such things as 'p-dichlorobenzene' and 'steganography' from the untouched sectors. :mad:

That could be enough to give Them a clue you don't want Them to follow.

After checking other disks, I found the same problem.

A solution is to remove all the contents from the disk, format it, and THEN do the PGP freespace wipe. This fills the entire disk up with random gibberish, thus removing ALL traces. :)

This is fine for small removable media like floppies and ZIP disks, but what about your hard drive? I've got half a terabyte on four drives, how the fuck am I supposed to shuffle it all around off of one drive so I can totally wipe it? :(

As a matter of routine, I wipe one drive each night, with 3 overwrites. So the data is unrecoverable, but I have to use very descriptive filenames, otherwise I'd never be able to find a particular file amoung the hundreds of thousands I have, so even just being able to recover the filenames might be enough to help the piggies. :mad:

While I was at it, I used another program that extracts the URLs and opened file names from the windows Index.dat file.

EVERY file you open in windows, the file name (including extension) and location is recorded in the Index.dat file, for I don't know how long. Probably since the O/S is installed.

This includes files in PGP volumes, so even if it is encrypted, They'll know the name and type of any files you access in there. I've included a screenshot showing this. The 'NBK PDF' folder is on an encrypted PGP volume (K:\), but the names of the files are clearly visible (or would be if I hadn't obscured them :p).

It's possible to erase the Index.dat file by booting up with a prompt, and manually finding and deleting it, but how often can you do that?

I have thought (in the past) about a program that would generate a serial number for a folder, with sub-numbering of the files contents.

For instance, instead of a folder being named 'Global Domination' ;), with files within being named 'Africa', 'America', 'Asia', etc., it would be called '1215478214', with the contents being '1215478214-1', '1215478214-2', etc.

Doesn't help you find them, but that's where the master index comes in. It's a linked index that keeps track of what serial number belongs to whatever name you assign to it, and stored in a PGP encrypted volume.

So you can search for the folder named 'Global Domination', and click on it to open it, and the contents are listed as 'America', etc to your eyes, but to the computers file handling routines, it's named '1215478214-2'.

When you type in the name in the 'Save As...' dialog and hit 'OK', the program intercepts the name, translates it into the appropriate serial number, transparently inserts that in place of the name you typed, and updates the index.

So, with the contents locked up in an encrypted volume, there's no files they can access, and with the serial index, no recognizable names to even hint at the contents. :p

While doing some research into a topic of interest to me, I ran across a program and, having downloaded it, was reminded of something that I had forgotten.

So, while using a hex-editing program, I had occassion to examine a floppy disk that I had PGP-wiped earlier.

I found out that, while the data itself was garbled gibberish like it's supposed to be, that the names of the deleted and wiped files are left pretty much intact!

'So what if They know what the name of the file was? As long as they can't recover the contents, it doesn't matter, right?'

On the contrary!

Attached is a screenshot from the floppy, as viewed through a hex-editor.

If you can do a crossword puzzle, you can recover such things as 'p-dichlorobenzene' and 'steganography' from the untouched sectors. :mad:

That could be enough to give Them a clue you don't want Them to follow.

After checking other disks, I found the same problem.

A solution is to remove all the contents from the disk, format it, and THEN do the PGP freespace wipe. This fills the entire disk up with random gibberish, thus removing ALL traces. :)

This is fine for small removable media like floppies and ZIP disks, but what about your hard drive? I've got half a terabyte on four drives, how the fuck am I supposed to shuffle it all around off of one drive so I can totally wipe it? :(

As a matter of routine, I wipe one drive each night, with 3 overwrites. So the data is unrecoverable, but I have to use very descriptive filenames, otherwise I'd never be able to find a particular file amoung the hundreds of thousands I have, so even just being able to recover the filenames might be enough to help the piggies. :mad:

While I was at it, I used another program that extracts the URLs and opened file names from the windows Index.dat file.

EVERY file you open in windows, the file name (including extension) and location is recorded in the Index.dat file, for I don't know how long. Probably since the O/S is installed.

This includes files in PGP volumes, so even if it is encrypted, They'll know the name and type of any files you access in there. I've included a screenshot showing this. The 'NBK PDF' folder is on an encrypted PGP volume (K:\), but the names of the files are clearly visible (or would be if I hadn't obscured them :p).

It's possible to erase the Index.dat file by booting up with a prompt, and manually finding and deleting it, but how often can you do that?

I have thought (in the past) about a program that would generate a serial number for a folder, with sub-numbering of the files contents.

For instance, instead of a folder being named 'Global Domination' ;), with files within being named 'Africa', 'America', 'Asia', etc., it would be called '1215478214', with the contents being '1215478214-1', '1215478214-2', etc.

Doesn't help you find them, but that's where the master index comes in. It's a linked index that keeps track of what serial number belongs to whatever name you assign to it, and stored in a PGP encrypted volume.

So you can search for the folder named 'Global Domination', and click on it to open it, and the contents are listed as 'America', etc to your eyes, but to the computers file handling routines, it's named '1215478214-2'.

When you type in the name in the 'Save As...' dialog and hit 'OK', the program intercepts the name, translates it into the appropriate serial number, transparently inserts that in place of the name you typed, and updates the index.

So, with the contents locked up in an encrypted volume, there's no files they can access, and with the serial index, no recognizable names to even hint at the contents. :p

That is definately worth knowing!

I think the index.dat file is only kept if you use the disk indexing search tool, but I might be wrong.

Also, don't forget that most programs have a drop-down list that stores the last opened files, including the path, which could give away things such as a wireless SAN concealed in another room!

That is definately worth knowing!

I think the index.dat file is only kept if you use the disk indexing search tool, but I might be wrong.

Also, don't forget that most programs have a drop-down list that stores the last opened files, including the path, which could give away things such as a wireless SAN concealed in another room!

That is definately worth knowing!

I think the index.dat file is only kept if you use the disk indexing search tool, but I might be wrong.

Also, don't forget that most programs have a drop-down list that stores the last opened files, including the path, which could give away things such as a wireless SAN concealed in another room!

That's good to know about PGP....I recently used it to delete some sensitive information that I wouldn't want anyone have the filenames of. As for index.dat, having to delete it from console each time is definitely an annoying problem, I think i'll write a little program that hacks the windows file protection mechanism to allow deletion of that file. I'll post the code sometime in the next few days.

That's good to know about PGP....I recently used it to delete some sensitive information that I wouldn't want anyone have the filenames of. As for index.dat, having to delete it from console each time is definitely an annoying problem, I think i'll write a little program that hacks the windows file protection mechanism to allow deletion of that file. I'll post the code sometime in the next few days.

That's good to know about PGP....I recently used it to delete some sensitive information that I wouldn't want anyone have the filenames of. As for index.dat, having to delete it from console each time is definitely an annoying problem, I think i'll write a little program that hacks the windows file protection mechanism to allow deletion of that file. I'll post the code sometime in the next few days.

As a thought, be aware that things like Google desktop search also build a big index file with a lot of things in it - including HTTPS web pages and password "protected" Word and Excel files.

As a thought, be aware that things like Google desktop search also build a big index file with a lot of things in it - including HTTPS web pages and password "protected" Word and Excel files.

As a thought, be aware that things like Google desktop search also build a big index file with a lot of things in it - including HTTPS web pages and password "protected" Word and Excel files.

There is a "feature" of windows that will ask if it can index all your files for faster searching. Obviously it has already been mentioned that this is bad, and should be turned off, or told no. I believe it can be changed in the search options menu of the search window. Then click on Index searching, and change from there.

There is a "feature" of windows that will ask if it can index all your files for faster searching. Obviously it has already been mentioned that this is bad, and should be turned off, or told no. I believe it can be changed in the search options menu of the search window. Then click on Index searching, and change from there.

There is a "feature" of windows that will ask if it can index all your files for faster searching. Obviously it has already been mentioned that this is bad, and should be turned off, or told no. I believe it can be changed in the search options menu of the search window. Then click on Index searching, and change from there.

I wouldn't recommend using PGP as any version past 6.0 is not open source(including pgp disk). which by standards in cryptography is not secure unless its open source.

It has now been determined that the only real secure method of wiping on modern hds is at least 8 passes of a PRNG stream, I always use 10. Guttman has come out and said his method of wiping will not work very well on modern HDs but people still use his method in their programs.

Another thing to remember is: when you wipe one file on NTFS file system you have to wipe the whole drive. To wipe one file on FAT you just have to wipe one file.

I wouldn't recommend using PGP as any version past 6.0 is not open source(including pgp disk). which by standards in cryptography is not secure unless its open source.

It has now been determined that the only real secure method of wiping on modern hds is at least 8 passes of a PRNG stream, I always use 10. Guttman has come out and said his method of wiping will not work very well on modern HDs but people still use his method in their programs.

Another thing to remember is: when you wipe one file on NTFS file system you have to wipe the whole drive. To wipe one file on FAT you just have to wipe one file.

I wouldn't recommend using PGP as any version past 6.0 is not open source(including pgp disk). which by standards in cryptography is not secure unless its open source.

It has now been determined that the only real secure method of wiping on modern hds is at least 8 passes of a PRNG stream, I always use 10. Guttman has come out and said his method of wiping will not work very well on modern HDs but people still use his method in their programs.

Another thing to remember is: when you wipe one file on NTFS file system you have to wipe the whole drive. To wipe one file on FAT you just have to wipe one file.

I don't know much about PGP or cryptography etc.
but I have some experience with Google and Copernic desktop search engines. Google is faster, but have a his simple interface that lacks some option Copernic has that makes organisation of your files easier. The main problem with Google is that it index everything even CD's you sometime ago started on your computer which is anoying and that early versions had security issues. It index all files in unprotected folder on your HD...a dream of all hackers has come true. Copernic is slow as a snail but if you give up finding file manualy, just start indexing and chill out until the next day when he will finish that job but you will have fantastic result.

I don't know much about PGP or cryptography etc.
but I have some experience with Google and Copernic desktop search engines. Google is faster, but have a his simple interface that lacks some option Copernic has that makes organisation of your files easier. The main problem with Google is that it index everything even CD's you sometime ago started on your computer which is anoying and that early versions had security issues. It index all files in unprotected folder on your HD...a dream of all hackers has come true. Copernic is slow as a snail but if you give up finding file manualy, just start indexing and chill out until the next day when he will finish that job but you will have fantastic result.

I don't know much about PGP or cryptography etc.
but I have some experience with Google and Copernic desktop search engines. Google is faster, but have a his simple interface that lacks some option Copernic has that makes organisation of your files easier. The main problem with Google is that it index everything even CD's you sometime ago started on your computer which is anoying and that early versions had security issues. It index all files in unprotected folder on your HD...a dream of all hackers has come true. Copernic is slow as a snail but if you give up finding file manualy, just start indexing and chill out until the next day when he will finish that job but you will have fantastic result.

I'll attempt to not be an asshole, but I wasn't aware that this was "news". I've known this for at least four years, when someone (compsci Ph.D.) told me about it.


Although, NBK, I really like the idea of an index with serial numbers, while the master index is the only file you'd have to worry about after deleting things.

I'll attempt to not be an asshole, but I wasn't aware that this was "news". I've known this for at least four years, when someone (compsci Ph.D.) told me about it.


Although, NBK, I really like the idea of an index with serial numbers, while the master index is the only file you'd have to worry about after deleting things.

I'll attempt to not be an asshole, but I wasn't aware that this was "news". I've known this for at least four years, when someone (compsci Ph.D.) told me about it.


Although, NBK, I really like the idea of an index with serial numbers, while the master index is the only file you'd have to worry about after deleting things.

Well, it may not have been 'news' to the larger internet community, it is to me, as I've never heard of this specific situation as relates to PGP.

Yes, I've known for years about the Index.dat problem with Windows, but I never knew it extended to the removable media!

A person would assume that, when you're doing a secure wipe of a file, that the filename would also be securely deleted.

But, RTPB "Trust, but verify" was used, and lo' and behold! PGP does NOT securely wipe the filename.

Even if the contents aren't recoverable, the fact that you had a file named 'Synthesis of Novichok A123.pdf' on your disk, may be enough to hang you.

Well, it may not have been 'news' to the larger internet community, it is to me, as I've never heard of this specific situation as relates to PGP.

Yes, I've known for years about the Index.dat problem with Windows, but I never knew it extended to the removable media!

A person would assume that, when you're doing a secure wipe of a file, that the filename would also be securely deleted.

But, RTPB "Trust, but verify" was used, and lo' and behold! PGP does NOT securely wipe the filename.

Even if the contents aren't recoverable, the fact that you had a file named 'Synthesis of Novichok A123.pdf' on your disk, may be enough to hang you.

Well, it may not have been 'news' to the larger internet community, it is to me, as I've never heard of this specific situation as relates to PGP.

Yes, I've known for years about the Index.dat problem with Windows, but I never knew it extended to the removable media!

A person would assume that, when you're doing a secure wipe of a file, that the filename would also be securely deleted.

But, RTPB "Trust, but verify" was used, and lo' and behold! PGP does NOT securely wipe the filename.

Even if the contents aren't recoverable, the fact that you had a file named 'Synthesis of Novichok A123.pdf' on your disk, may be enough to hang you.