From the tests run by Magnet forensics using Internet Evidence Finder, it appears that CCleaner could do a better job of cleaning PCs. CC is certainly a good tool, but I'm just suggesting that further effort could be made to improve the cleaning.
The article I refer to is worth reading for what CC may not clean, and may never be able to clean, such as RAM, pagefiles, and hibernation files.
The article concludes with:
"The point of this post is to illustrate that the potential benefits of running a search for Internet related artifacts is well worth the effort, even when you fear they may have been ‘sanitized’."
-------
I tried posting a link to the website that did the tests, but Piriform.com does not allow a link to the site. Unfortunate, since readers here should be able to read unbiased reviews of Ccleaner and similar software to be able to understand their limitations. To find the article you can use the topic title.
The only sure way of completely destroying data on a hard disk is to... ....completely destroy the hard disk!
However, this has already been discussed to death, and surely does NOT deserve yet another topic about it.
Well, your first sentence is a cop-out. The point of CCleaner and similar products is to get rid of as much as possible. The real question is which product in this class does the best job, and further to know what types of files are not going to be cleaned by which product, and which types can not be cleaned by any product (at the moment).
Wondering why Piriform blocks the Magnet Forensics website. Does it have anything to do with the post I referred to above, the title of my first post? Because it has detailed results from what CCleaner removed and what was left after. Maybe other posts on this topic do not have such detailed info, such as which files and types of files were cleaned. I'll try posting a modified link to it (replace the middle 3 dots after www with magnetforensics):
It's worth noting that the website staff chose CCleaner only as an example; you might even say it should make Piriform pleased that it's product was chosen.
I always wonder why people even bother with all these forensic track covering exercises.
If you are that worried about someone discovering whatever it is you are trying to hide and use disk cleansing software, and trust it, then you will be in for a nasty surprise when the black van with Flowers by Irene livery parks outside your door.
The ONLY way to guarantee no data recovery is to physically destroy the HD, as @Andavari states.
I for one would not trust CC to remove 'evidence' (as in the title).
I would have thought CC's main function is to clean up space (crap cleaner to reminisce on the original name). Surely that is how most users would hear about and use, the product.
This example should be a clear example and illustration of how important the collection of RAM can be regardless of the type of investigation. It is also a good demonstration showing the importance of searching for Internet-related artifacts even when you may find evidence of ‘sanitation’ tools being used by the suspect. There are several other freely available ‘sanitation’ tools available, each with different varying results. The point of this post is to illustrate that the potential benefits of running a search for Internet related artifacts is well worth the effort, even when you fear they may have been ‘sanitized’.
Windows 7 is happy running with a Pagefile of only 16 MegaBytes and no Bootfile (I have better uses for my SSD),
and I believe I would not notice any shut-down hesitation if I configured Windows to clear it on shut-down.
If it's physically destroyed beyond recovery (with fire for instance) there's nothing to recover.
for those who read that and thought it was a bit excessive....
i used to work for Dept of Defence, next to us were JIO and when their DASD drive platters failed the only approved method of forensic cleaning was a guy would angle grind the disk surface, then break it up with a hammer, then incinerate the pieces.
My first post of the this topic included use of an url shortener for the full url http://www.magnetfor...f-the-evidence/ : http://.../1brkG7S. It may be that Piriform in fact does not allow use of url shorteners or maybe just bit.ly. When I tried posting this current post I also got the message
An error occurred
You have entered a link to a website that the administrator does not allow links to
and I had to change the bit.ly url above (add bit.ly where the 3 dots are).
I assumed that url shorteners would be allowed, as they are on most websites, and that the Magnet Forensics site was the problem.
It may be that Piriform in fact does not allow use of url shorteners or maybe just bit.ly.
It could also be the IPB forum software being picky which I know will sometimes make a mess of some URLs making them non-working/invalid and I've ran into it numerous times. One way around it is using the
option in a post, which may allow those URLs to posted but they won't be clickable.
In addition to what Andavari said, you can use the "Preview Post" feature to see what the post will look like and if the links are working.
On the main issue, even if one succeeds in erasing all his tracks on his computer, there are still enough tracks out there on the net to find him.
Personally I like it that way. I'm glad that terrorists, porn mongers and tax evaders can't hide. Especially the tax evaders, cause I have to pay mine, and I can pretty much ignore those other two groups.
There. If that doesn't start a barfight an enlightened discussion nothing will.