The Compass DeRose Guide to Computer Histories as Security Risks
Written by Steven J. DeRose, September of 2005.
Computers keep a dizzying variety of information about what you've been doing. With the prevalence of viruses, trojan horses, and other "malware", you never know who will be reading (and using) what. This page simply lists some kinds of information your computer is probably keeping track of. It is surely far from complete, but it may help you jog your memory if you're wiping your sysem to give away, or whatever.
- For each separate browser you ever use:
- Browser history
- Downloaded files log
- Recently used applications
- Recently opened documents (in many specific applications)
- Files in the Trash
- The clipboard
- Application signatures in the Windows registry
- Recently deleted files. Emptying the trash normally just adds the relevant parts of the disk as unused -- the information is still there. Even a full disk format may not rewrite the whole disk, or may not rewrite it enough times to block sophisticated attempts to recover erased data. Disk space containing parts of deleted files may be re-assigned to new files, which might happen to only write in a few bytes of them, leaving the rest findable for a determined searcher.
To really securely remove data, those parts of the disk must be repeatedly overwritten. On Mac OS X, simply use "Secure Empty Trash." Disk de-fragmenting will also scramble things around enough to make it much harder to extract previously deleted information; and many disk de-fragmenters and other utilities provide an "erase unused space" option to do an even better job.
- Automatic backups made by document editors, game programs, etc.
- Multimedia thumbnails such as created by iTunes, iView Multimedia, etc.
- Temporary files created by scanners, recording software, sound/video editors, etc.
- System log files (on Mac OS X, in user/Library/Logs)
- Physical copies on roll film used in some fax machines, printers, and all-in-one machines.
- Favorites for LAN or WAN connections
- User accounts and passwords in preference and setup panes for networked applications.
- Any indexes of file content, such as created by Mac OS X 10.4's "SpotLight" feature. Content can sometimes be reverse-engineered from lists of what words occur in it and approximately where.
- Passwords in saved "locations" for configuring network connections.
- Backups of handheld computer files
- /tmp files (/tmp is invisible in the Mac OS X finder, but it's there just like on all other Un*x systems).
- Unemptied trash folders in mail programs such as Eudora.
- Your backups
Back to home page of Steve DeRose
or The Bible Technologies Group.
or The Bible Technologies Group Working Groups.
Or, contact me via email (fix the punctuation).