CC cleaner does not work!

[mikeydude]

Well evocative title I know, but I am new to this, So I followed the instructions to the letter, It took 10 hours to clean the drive free space....and five seconds for recova to find all the files still on the drive.

 

A bit of a waste of programming spave it would seem....or am I doing something wrong?

[Andavari]

Not every already deleted file can be completely wiped, just browse about the forums to see posts about it - although I cannot point you to any particular post. Also Recuva can be ran in Deep scan mode to reveal even more files or show their results as unrecoverable if you have the time to wait for a lengthy deep scan.

[mikeydude]

Not every file eh...

 

As an experiment, I simply took a brand new 500GB drive.

 

I saved 20 Jpegs of about 200K size.

 

I then deleted them with windows, and recovered them with recuva.

 

I then wiped the drive using 3 passes with cc cleaner.

 

I then used recuva...not in deep scan mode...and it simply recovered them all no problem.

 

How is this possible?

 

How hard can it be to simply overright every part of the drive that can store date?

 

I can't understand this?

[Andavari]

How is this possible?

 

How hard can it be to simply overright every part of the drive that can store date?

 

I can't understand this?

MFT, etc.

[mikeydude]

MFT, etc.

 

 

Yep, ticked the MFT box.

[Winapp2.ini]

Andavari was implying that Recuva used the MFT to recover the files (If I'm not mistaken.)

[mikeydude]

Yep, ticked the MFT box.

 

 

All I am saying is if 20 files get left a a min, say on a regular basis, that's a huge failure to delete rate.

 

I would feel better if perhaps one of them could not be recovered.

 

But all 20!

 

Well i will do a couple of experiments then I will have to leave it.

 

I was looking for a means of destroying sensitive information in my development company, prior to this we never sold on old machines without physically smashing the hard drives with a hammer, but the boss asked me if we could sell on several quite good lap tops..so I said..yeah sure casue there is really good sotfware out there that will delete everything.

 

Hmm. how wrong was I

[Augeas]

You are wrong if you assume that CC is a 'clean to industry data sanitisation' standards. CC has never claimed to do that, it is primarily a temp file remover. I don't think that any application running under Windows will do what you want, there's just too much going off in the pagefile, logfiles, heaven knows what files for that to be true.

 

Try running CC's drive wiper with wipe entire drive enabled, on your test drive. Then let us know what you find. There are really too many unknown variables to say what's happening in your current tests.

[kroozer]

Sometimes I will run Recuva to check on the effectiveness of CC's or other programs' single-pass overwriting.

 

I've never been able to recover anything but gibberish: G}?4?4?, ???????, 룔匣镟, etc. (just meaningless letters, numbers & symbols).

[mikeydude]

Ah right, It sounds more like the type of thing we need anyway.

 

Many thanks for that.....sorry about being emotive..It's a tool used to attract attention to my subject really!

[mikeydude]

Sometimes I will run Recuva to check on the effectiveness of CC's or other programs' single-pass overwriting.

 

I've never been able to recover anything but gibberish: G}?4?4?, ???????, 룔匣镟, etc. (just meaningless letters, numbers & symbols).

 

 

Looks like you have had better luck than me.

[Alan_B]

What is your Operating System ?

 

There are inconsistencies in the complaint,

and possibly false assumptions by those who responded.

 

Please clarify what is wrong.

 

You start in post 1 with

"...It took 10 hours to clean the drive free space..."

 

Is that relevant to the need expressed in post 7

"...I was looking for a means of destroying sensitive information in my development company,..."

 

Please clarify, do you wish to destroy ALL DATA as effectively as

"...physically smashing the hard drives with a hammer...",

or do you wish to retain any NON-confidential /data/programs/operating systems ?

 

Please explain post 3 :-

As an experiment, I simply took a brand new 500GB drive.

 

I saved 20 Jpegs of about 200K size.

 

I then deleted them with windows, and recovered them with recuva.

 

I then wiped the drive using 3 passes with cc cleaner.

 

I then used recuva...not in deep scan mode...and it simply recovered them all no problem.

 

Please confirm or deny my assumptions :-

 

1. The 500 GB drive is HDD (not SSD) with only a single 500 GB partition which never held more than 4 MBytes in 20 files ?

2. After you deleted with Windows and recovered with recuva, did you again delete with Windows before the 3 pass wipe ?

3. After the 3 pass wipe did you confirm their deletion BEFORE using recuva the second time ?

4. Did you wipe by using the Wipe button under Tools / Drive Wiper or by Run Cleaner under Cleaner ?

5. After the final recuva success, did you confirm success by using a binary file comparison utility to compare with the originals ?

6. Each time you used recuva, did you capture to a different drive, or this same 500 GB drive ?

7. Is it possible that the first use of recuva not only captured to your choice of destination,

but additionally held copies of the 4 MBytes in various caches and or pagefile.sys, and somehow these copies reappeared ?

 

What was the file system and cluster size on this 500 GB drive ?

How was it connected to the P.C. e.g. USB2, Firewire, ESATA, internal IDE etc. ?

 

What were the software version numbers of CCleaner and Recuva ?

 

N.B. If I have a problem with any software I search relevant forums,

and I tend to go ballistic when I find a very relevant topic but no clue upon whether it applies to a different software version to what I am using.

 

Regards

Alan

[Andavari]

Andavari was implying that Recuva used the MFT to recover the files (If I'm not mistaken.)

Good guess but nope. I was vague just typing in MFT, however what I meant is some things can be locked because of it and not removable. Along with what Augeas has already posted and whom knows allot more about this than me we can't expect any software with "wipe free space" to 100% completely rid of drive of previously deleted files.

[sdratsaB_hsurC_ot_ekiL_I]

All I am saying is if 20 files get left a a min, say on a regular basis, that's a huge failure to delete rate.

 

I would feel better if perhaps one of them could not be recovered.

 

But all 20!

 

Well i will do a couple of experiments then I will have to leave it.

 

I was looking for a means of destroying sensitive information in my development company, prior to this we never sold on old machines without physically smashing the hard drives with a hammer, but the boss asked me if we could sell on several quite good lap tops..so I said..yeah sure casue there is really good sotfware out there that will delete everything.

 

Hmm. how wrong was I

 

 

Do you believe physically smashing the previous hard drives with a hammer "destroyed" sensitive information?

 

Remember, "Absence of proof is not proof of absence"

 

The Admissibility of "Consciousness of Guilt"

 

The general rule on the admissibility of evidence regarding how a defendant acts after an alleged crime was committed is usually that the prosecutor can introduce testimony that tends to show that the defendants actions prove he knew he was guilty (at least of something). This is labeled, at least by prosecutors, as ?consciousness of guilt?.

 

The theory is that since in most criminal trials the prosecutor has the burden of proving the ?mens rea? or intent of the defendant, actions he took to ?cover up? his alleged crime are relevant. (I say ?most trials?, because the state is not required to prove intent in strict liability offenses.)

[TheWebAtom]

Here is a quick tip for everybody; don't do illegal crap! Then you don't have to worry about how well CCleaner can replicate the effectiveness of a hammer.

[Augeas]

Before this gets out of hand, there is nothing I can see in the o/p's posts that suggests that any illegal activity is taking place. Secure deletion is perfectly legit, so no implied slurs, please.

[Andavari]

Before this gets out of hand, there is nothing I can see in the o/p's posts that suggests that any illegal activity is taking place. Secure deletion is perfectly legit, so no implied slurs, please.

 

Indeed. I had some defrag issues where previously occupied empty space wouldn't be filled with files by defrag, so I wiped the free space and only then was able to get a better file placement with defrag.

[TheWebAtom]

Apologies, my comment was not aimed at the o/p - but rather " sdratsaB_hsurC_ot_ekiL_I" who was writing about admissible and inadmissible evidence. The point was the best way to NOT end up in court would be to follow the law.

[Guest]

It seems that you primarily want data destruction because you want to sell used hardware. In such a case you can use other programs (e.g. DBAN) and then simply re-install the OS to have a usable computer again.

[dogfight]

Hi

 

I just registered in order to share my experiences of this problem.

 

I have been alternating between CCleaner Wipe Disk runs and Recuva (Deep Scan) runs on an old HDD (where, for the record, there was nothing illegal, but plenty of personal stuff). I must have run these 2 programs sequentially about 5 times by now and I feel there's a BIG problem. I've tried shutting down/rebooting in between runs, but I can't solve the problem.

 

CCleaner tells me that it will wipe my (entire) HDD with 7 passes (oooooo, NSA standard - serious stuff!). Then along comes Recuva and finds a bunch of files. Admittedly nothing major (mostly, it seems, .ttf font files, and the occasional .dll). I guess Recuva is REALLY GOOD at what it does.

 

However...CCleaner's performance seems to be a bit dodgy here. I mean, do the NSA really accept that after 7 passes, data could still be available on their old HDDs? Would the NSA consider using CCleaner?

 

It's not good enough to say that "You are wrong if you assume that CC is a 'clean to industry data sanitisation' standards. CC has never claimed to do that, it is primarily a temp file remover."

 

CCleaner IS claiming to "Securely erase the contents ... on a drive". It says so on the Drive Wiper page! It does NOT say that it will "just remove temp files", or even "securely remove most of the files, probably".

 

I don't want to keep picking on the same person/post, but the statement: "I don't think that any application running under Windows will do what you want, there's just too much going off in the pagefile, logfiles, heaven knows what files for that to be true." - surely cannot be true. As I understand the accepted methods of cleaning a HDD, each bit on the physical disk is actually overwritten - in the NSA case, 7 times. There are no pagefiles or logfiles (or any other files) that can somehow escape and survive this procedure. It is physically impossible. (Ask the NSA!!!)

 

Also, the idea that "you primarily want data destruction because you want to sell used hardware......then simply re-install the OS to have a usable computer again." is a COLOSSAL misunderstanding of the issue. Simply re-installing the OS does NOT remove the 1's and 0's previously written to the harddisk. Nor is formatting the drive any guarantee that old data is destroyed. The physical binary data is still there, and available to those that have the tools to find it - in the cases described on this page, a freely available utility called Recuva can do it. (No need for anything really advanced.)

 

Anyway...

 

I love Piriform software...especially the 2 mentioned in this post/thread. I use CCleaner on a weekly basis, and Recuva has saved my arse more than once. So I find it somewhat disconcerting to find out that I cannot rely on the former to do what it says on the tin. When a product claims to be able to erase a disk, and I use that product to erase a disk, I EXPECT THE DISK TO BE ERASED. If there is any doubt about the effectiveness, I don't mind - it's OK. As long as I am informed of that possibility. It's a question of trust. And I really, really, REALLY want to be able to trust these 2 little beauties.

[Alan_B]

 

I just registered in order to share my experiences of this problem.

 

 

I suggest you start suitable topic(s) in "CCleaner Bug Reporting"

http://forum.piriform.com/index.php?showforum=8

 

Please restrict each topic to a single issue, e.g.

"Failure to Wipe entire partition", or

"Failure to Wipe Free Space"

If you are concerned about both aspects, then use two separate topics.

 

This particular topic is blighted by the inconsistency between the first complaint

"took 10 hours to clean the drive free space....and five seconds for recova to find all the files ..."

and the complaint

"I then wiped the drive using 3 passes with cc cleaner.

I then used recuva...not in deep scan mode...and it simply recovered them all no problem.

"

 

Please also consider and answer in your new topic(s) my questions that appear earlier in this topic.

 

Finally, what security software do you have running ?

 

Is it possible that deleted/wiped files could reappear in a "Protected Recycle Bin" ?

Norton springs to mind here.

 

Regards

Alan

[Guest]

@dogfight

 

You skewed my advice. If you care to read again I suggest using something like DBAN to erase all the data and THEN reinstall the OS. This does remove data because all you have left are a bunch of random 1 and 0s. Do you know what DBAN is or how it works? Enquire further before you disregard others' advice.

 

Secondly, each method included in CCleaner aside from the number of passes destroys data using different algorithms (e.g. the "Simple Overwrite" I think just puts 0s in the free space while the Gutmann method uses a set of complex algorithms to put 1s and 0s around.) The 7 passes is the NSA standard. However, that does not mean that they necessarily use it to destroy extremely sensitive data. The 7 passes is probably the minimum that they use to destroy data (probably very common data). Also, have you tried using the Gutmann method?

 

Besides you said that while you deleted a lot of personal files you were only able to recover minor files. I heard that you can discover a lot about a person with .ttf font files. If you can't recover anything that is personally identifying then the erasure has been successful.

 

One last note, "securely" does not mean "completely". No method can make data recovery impossible unless you degauss the hard drive and smash it with a hammer (i.e. actually damage the storage medium).

[Augeas]

The problem with this topic is, as has already been pointed out, that there is a very woolly definition of the tests or processes that have been run. Much of the time the responders have had to guess what was done.

 

It's not good enough to say that "You are wrong if you assume that CC is a 'clean to industry data sanitisation' standards. CC has never claimed to do that, it is primarily a temp file remover."

 

CCleaner IS claiming to "Securely erase the contents ... on a drive". It says so on the Drive Wiper page! It does NOT say that it will "just remove temp files", or even "securely remove most of the files, probably".

 

I don't want to keep picking on the same person/post, but the statement: "I don't think that any application running under Windows will do what you want, there's just too much going off in the pagefile, logfiles, heaven knows what files for that to be true." - surely cannot be true. As I understand the accepted methods of cleaning a HDD, each bit on the physical disk is actually overwritten - in the NSA case, 7 times. There are no pagefiles or logfiles (or any other files) that can somehow escape and survive this procedure. It is physically impossible. (Ask the NSA!!!)

 

Well, my definition of an industry data sanitisation standard would be (and I hope that any reputable organisation that performs data sanitisation would agree) that the process is documented, verified and certified. Piriform has never done that.

 

CC does securely delete data, a single overwrite (NSA is a red herring) of a sector or cluster will make the data on that sector/cluster unrecoverable forever. The problem here seems to be that not every sector is overwritten.

 

No Windows application can ever clean etc is true, on the system disk for the reasons given. As for CC wiping non-system disks (the only option for an entire drive wipe) I'm not so sure. The process is entirely different from DBAN, (which has been mentioned here) as that is, as far as I know, run from a cd completely independent from any o/s on the disk. CC, on the other hand, reformats a partition, and then runs the wipe free space option. This will of course leave a fair amount of live meta files and boot code in the partition.

 

DBAN, by the way, does not guarantee its results and does not offer any certification.

 

'It does NOT say that it will "just remove temp files", or even "securely remove most of the files, probably".'. True, but then nobody ever used these phrases in this thread either.

 

Does NSA use CC? I really don't know. But I'd put quite a lot of money on them not using it for data sanitisation.

[John Hind]

CC does securely delete data, a single overwrite (NSA is a red herring) of a sector or cluster will make the data on that sector/cluster unrecoverable forever. The problem here seems to be that not every sector is overwritten.

 

I believe I can throw some light on this thread (if anyone is still interested), rather than heat!

 

From what I can see, "Drive Wiper" is at root a free space wiper. i.e. it overwrites all the bytes in sectors which the file system has marked as not in use. Except with the use of advanced forensic kit, this should render the data in these sectors unreadable on a PC to any software including Recuva, even with just a single pass. If you select the "Entire Drive" option it simply does a fast format making all of the disk (except the root directory) free space, then it does the free space wipe function as described above.

 

This means that it will not necessarily overwrite directory entries in any directory (Free Space Only mode) or just in the root directory (Entire Drive mode). This is because a directory sector will contain many directory entries and is not freed while any are still in use - the directory records are just marked to show the file has been deleted. Even after a format operation, at least one sector of the root directory will remain. So Recuva may well find directory entries even after a wipe, but it would only be able to recover the file length and size, the content of the file will have been fully deleted.

 

So the good news is that "Entire Drive" wipe will permanently delete everything except maybe some file directory records from the root directory. If you are concerned about even root directory filenames and dates being recovered, you will need to use a whole disk eraser that erases the entire disk sector by sector at a lower level.