Hi, I've heard someone in the field of computer forensics say that ccleaner is used to delete files permanently. Is that true?

Does it actually try to shred things better than shift+delete so they're harder/impossible to recover or does it only serve as a shortcut as to what to delete in order to save the user the hassle?




He also stated it's considered an anti-forensics tool. I am a bit reluctant to keep using it if it makes me seem suspicious or like I'm hiding something.

While nothing is unrecoverable given unlimited time and money, ccleaner can be set to securely (multiple passes) delete data. Using it is not, in and of itself, suspicious.

6 hours ago, SkyDave said:

<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		I am a bit reluctant to keep using it if it makes me seem suspicious or like I'm hiding something.
	</p>
</div>

There is nothing inherently wrong with using multi-pass deletion to "shred" deleted files. Just as there is nothing wrong with buying a paper shredder from your local office supplies store. Sounds like the common conflation of privacy, security and secrecy. Old medical records are no-one else's business - I may wish to shred them to keep that information private. Old income tax filings contain information that could be used to identity-theft me - I may wish to shred them to keep that information secure. While it is also possible that I am shredding the plans to a bank vault from a heist I am planning (something I would like to keep secret), under most circumstances that is unlikely to be someone's first assumption.

This is why our windows have curtains, we close the door when we go to the loo, and many regions have a right to privacy enshrined in their laws. Even if we have nothing to hide, we all inherently dislike any form of snooping.

The only no no is if you are doing it at work on machines provided by your employer .

To put it another way:

Most criminals use cars to get to their 'work', that doesn't mean that everyone who uses a car is automatically a criminal.

Some criminals will use CCleaner to delete their computer files, that doesn't mean that everyone who uses CCleaner to securely delete files is automatically a criminal.

Modern Windows OSes can be used to permanently delete files which for instance doing a Full Format of a drive (traditional hard disk that is) in Win10/Win11 will do - that's one of the reasons doing a Full Format on many USB Flash Drives will outright kill them such as SanDisk brand drives, etc. When it comes to modern drives like SSD their built-in garbage collection, and TRIM initiated by an OS will result into already deleted files being very difficult to recover up to impossible.

Edit:

In closing, CCleaner isn't deleting files any better or worse compared to how the OS can do it, although with the OS a Full Format of a drive has to be done versus just "secure delete/erase, shred" of a single file(s)/folder(s).

Thanks very much everyone. All of your replies helped.

I'm actually asking cause my friend was suspected of a crime I can't disclose and the forensic expert found nothing on his PC, but he did found CCleaner installed and kinda implied my friend is possibly guilty cause he had an "anti-forensics" software installed.

The friend was only using CCleaner exclusively to clean temp & junk files on C: cause he was lacking space on C: drive after years of windows updates shrunk the free space on it to a few Gb's. He didn't even clear his browsing history or the downloads folder with it. I was asking to confirm if I had the wrong impression of what CCleaner does, but you guys reassured me, thanks.

P.S. love the car, windows & paper shredder examples.

And at this point we'll have to close this thread as we're unable to provide legal advice. Good luck to your "friend" but they can go deeper a recover what's gone. As i said infinite time infinite money anything is recoverable.

37 minutes ago, SkyDave said:

<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		the forensic expert [said] he had an "anti-forensics" software installed.
	</p>
</div>

Unlike medicine, accounting, engineering, etc the IT industry is a bit peculiar in that with the absence of universally recognised accreditation, pretty much anyone can call themselves an "IT expert" if they can bluff that they know more than the person they are talking to. Given the near-ubiquity of CCleaner all over the world, I would wonder at the technical credentials of someone who didn't know what CCleaner actually is.