Augeas
-
Posts
4,542 -
Joined
Posts posted by Augeas
-
-
I have changed my secure delete to 7 passes and analysed and then deleted temp files. On both analysis and deletion CC stated 7 pass used. Does your analysis say multiple pass or one overwrite?
-
What makes you think that you're only getting one pass? Is it the time it takes, or what's left in the file after deletion?
-
CC isn't a virus detector or cleaner, otherwise it would be 50 mb and called AVG. I would get advice on cleaning this or any virus from your a/v software vendors or from Google, and then put it in effect. It appears that your virus is self-installing, you need to find the source and zap it.
-
Secure delete with Recuva has been discussed many times, a forum search may provide you with more info.
If I use Recuva doing a deep scan on the file type "other: show all file types" and "I'm not sure: search everywhere on this computer" will I find all the pre-CCleaner-deleted-files?Yeessssss, Recuva will read all used sectors and if it can interpret a file header it will flag it as a deleted file (I think that's how it works). The long yes is because there may still be data fragments left, as well as data in windows system files. Recuva is primarily a data recovery tool, not a disk washer.
I can then set the options of Recuva to do a secure delete. Will this clean the pre-CCleaner-deleted files? Will it also delete the names or rename the files?Yep, but it will take a month of Sundays to run. Filenames will remain unchanged.
If I selet all files that show up in a scan type above, will there be any undesirable results?None that I can see, apart from the time taken
-
I think that there are a number of things to consider, and some of these I am not sure exactly what the process is.
Firstly CC will only delete the data that the filename entry in the MFT points to at the time of deletion. I'm not sure of CC's secure deletion process, but possibly the data is overwritten, the file renamed to ZZZ.ZZZ, and the file then deleted. The point is that any other data for the filename that exists, for whatever reason, is not overwritten.
Secondly, when the file is overwritten by CC, does Windows create an 'undeleted' temp copy until the process is completed satisfactorily, and then delete it? Even if it didn't, the new (overwritten) data for the file is encoded by the disk software before being written to the disk, just as the original non-overwritten data was. This encoding expands the data by upwards of 5%. If the new data is larger than the old and won't fit into the old data sectors then it has to go somewhere else, leaving an old copy behind. Does Windows do a complete rewrite, to avoid fragmentation, or does it overwrite what it can of the old data and just stick a few new sectors elsewhere?
Thirdly, other common reasons for data to be duplicated somewhere on disk, and not have an entry in the MFT are edits, auto-saves, defrags, etc. Please add any more.
Browsing doesn't involve editing, but those jpgs have to be held somewhere. They could be in and out of ram, pagefile, hiberfile etc. This paging goes on, so I read, almost constantly, and I also read that the pagefile will be used to its capacity by Windows trying to be helpful no matter how much, or little, ram is used. Just watch those page faults mount when you're doing nothing.
It seems that this 'undeleted' data is found using deep scan. I've only run deep scan twice, and what it finds is surprising. Stuff I never knew I had and certainly never deleted. How it gets there is, it seems, rather a mystery.
-
Please don't send me any pm's, post the info here, just edit out your personal info. I have no more idea of what the problem is, or how to fix it, than the next man.
The only thing I can think of now is to establish if the restore points are actually going or are the entries in the table not being shown? Can you do another test and immediately before running CC note the bytes used on your c drive, run CC, then note the bytes used again, and take b from a, post here with the amount CC says it deleted.
-
Are you using secure or normal deletion? If secure, can you run your tests with normal deletion? This won't give me the answer but it might help the dev team.
The few entries on Google concerning lost restore points point to (sorry!) other software, usually virus or malware or mailwashers.
There are some confusing comments about 'memory' and disk free space. Memory has no bearing on sys restore. Disk free space, whilst necessary to run sys restore, is not the criteria. It's the space allocated to system restore which is critical, and on a multi-disk/partition system sys restore will take the smallest space allocated to sys restore as its max space. If a sys restore point can't be created on any partition then sys restore will delete all except the latest restore point on all partitions. I know I've gone on about this but the answer to 'Do you have enough space allocated to sys restore?' is not 'My disk has plenty of space,' and we need the correct info.
-
It took about 5 hours to defrag drive C not with out telling me before that I was about to run out of disk space on C. I did it anyways...And I remember that when I switched of the laptop, it was downloading a windows update...
Sometimes it taks a long time to draw out all the info. Although you are angry with Defraggler, did it finish properly or did you have a problem with it? (Apart from the free space warning which you ignored.) Why did you chop the Windows update? Did you stop the update or just power off your laptop?
-
You'll have to dig into the registry with regedit. Looking is fairly harmless, but tamper with care.
-
You shouldn't be getting filenames back that have been recently deleted. Sort in last modified order and you should have a block of ZZZZs. Page down and you will come to files with their filenames that have been deleted by other means. Recuva will find files that have been deleted by means other than CCleaner of course, and also finds edit/move/install/defrag/etc copies that Windows makes.
If you do some testing and find that CC is not securely deleting your files, and you're sure that CC is doing the deletion, then post in the CC discussion area for help.
-
Yes, a little confusing even to me. I mean that you can chose, by selecting the relevant option, to show undeleted files in a Recuva scan. However these files cannot be securely deleted by Recuva, which is quite sensible. Recuva will only securely delete already deleted files. That is files previously deleted by any means which it finds in its scan.
I think that the Recuva secure delete option should be named 'Securely overwrite' files, as deleting deleted files is silly, really.
If you want to delete a live file then use CCleaner. You can securely delete live files with CC, which is a more correct usage of the term. Or if you're not bothered about secure deletion just delete them to the recycler, or using shift/del, or using your browser clear files option, etc.
-
Mea culpa, not Nergal. But a helper monkey, writing a letter? (Photo 2)
-
Use your nose, or feet, or get a helper monkey. Or download and install the slim version, with fewer boxes to untick.
-
Not quite. If a secure deletion option is chosen in CC then the names of live files selected for deletion will be changed in the MFT to some variant of ZZZZ.ZZZ. If normal deletion is chosen then the file names will remain unchanged. Recuva does not, and I assume can not, change names of already deleted files in the MFT no matter what secure overwrite option is chosen. No names in the MFT are ever removed, they can only be overwritten.
-
Well, look on the bright side, you are at the vanguard of digital use. Large hard drive, huge storage of films, music and photos, no backups, and reliance on a medium that cannot even come close to the storage life of paper, film, photgraphic prints, or good old LP's. Add to that the difficulty and complexity of recovering from digital data loss, and we are looking at what will be an increasingly common problem.
I don't really know what advice to give you. If you want to attempt to recover your data then you must have some other storage medium. How much spare space do you have on your c drive? If you have sufficient (20 to 50 gb) then you may be able to postpone getting another ext hard drive, for the time being anyway.
Install Recuva on your c drive. Run it against your external drive to see what you find. Try a normal scan with the Scan for Non-Deleted Files option chosen, which should be relatively fast. If you find anything you want to recover then recover it to the c drive. After each recovery write the file to cd/dvd and delete it. Continue this way until you have recovered all you can, and written a huge pile of dvd's.
If Recuva normal scan does not find much, or anything, then try a deep scan. This will take many hours and (should) produce a huge list of files. It is not an easy job to find and recover files in this way, you just have to plug away at it.
In the future, whan you have a new ext disk? Burn photos to cd's, preferrably two copies. Burn films to dvd's, but they're not so personal and can be replaced. Burn music to cd's, but the same applies as with films. Or get another 300 gb disk and some imaging software and make a backup shadow disk, but it won't be so secure as those bits of paper.
-
This will list the files deleted, so you may find a history file there if you are using IE (I'm not sure about other browsers). I think that this is an index.dat file, and there will be another new file created by IE. You may be able to find the old file and recover it to a safe place. I think that the structure and permissions of these files will not allow you to copy entries from the recovered history file to the new history file. All I can think of is that you look at the contents of the recovered file and then browse the url you find, which will populate your history again. Or just start from fresh, which might be a better idea.
-
Well, you could look at the contents of the registry backup file, if it still exists, with wordpad and then check whether the entries in there are back in the registry, but it would be a thankless task. I think you have to assume that a merge of the beckup file has been successful, barring any messages or indications to the contrary. Unfortunately I am one of the world's worst Flash or games expert, so I can't help much there.
-
Just the c (system) drive/partition.
-
Recuva overwrites file data but does not remove the filenames from the MFT. Have a look at
-
Try right clicking on the included folder and selecting manual edit, then manually editing it. I advise testing this first as I have not done it myself.
-
It is pointless. Gutmann coding does not apply to PRML coding, which all modern drives use. Good old Gutmann said his coding method was pointless. Think how many hours of you life you could be doing something really satisfying instead of watching a boring pc grind away. Think how many hours of our lives you could spare!
-
I can only assume that either the developers are unaware of data coding techniques and modern HDD technology or (more likely) that they offer these options to stop sales/use being lost to competitors, as users see them as more sophisticated offerings. Customer demand, in other words.
Gutmann worked on Winchester disk technology from the early 1990's, and he had the grace to acknowledge in his 1996 paper that later disks, which everyone outside of a musuem is now using, use different coding techniques that make his overwriting patterns irrelevant. He said that 'A good scrubbing with random data will do about as well as can be expected.' But nobody reads that part of his paper. I doubt whether many people have read any part of his paper.
In any event, how many users need super-secure deletion? Where are the armies of electron-scanning microsopes?
I think that the Gutmann myth is so entrenched that it will not disappear voluntarily. The only way to remove it is for software vendors to stop including it as part of their products.
-
File names and info are held (on an NTFS disk) as entries in the MFT (Master File Table). When a file is deleted the entry is flagged as deleted but not removed, even though the file data on the disk may have long gone. A normal scan with Recuva will find these deleted file entries, no matter how many times the file data has been overwritten.
A defrag will consolidate fragments of the MFT, but not remove the deleted entries. The MFT will never shrink in size, according to M/S.
When a new file is created Windows will look for the first available slot in the MFT containing a deleted entry and use that. The file name and information will be overwritten and gone forever. Deleted entries at the front of the MFT will be overwritten first, whilst some entries at the far end may last for ever.
Installing SP3 purged most of the old stuff from the MFT on my pc, replacing them with countless installation files.
-
It's all explained when you select one or the other. DOD overwrites data 3 time with 'random' data, NSA with 7, and Guttman with 35. A simple overwrite, once with zeroes, is all you need to securely delete data, the rest are just wasting time, energy and your hard drive.
CCleaner won't delete System32 viruses
in CCleaner
Posted
Well, I disagree but I don't want to labour the point, it's more important to get the virus removed. What is the name of the infected file? Is this in the startup process (have a look with CC). Search your pc for any examples of the file name and isolate them. Look for it in the registry. Google the virus name, there's bound to be lots of advice about disabling it (actually, do this first).