Jump to content

TOR Forensic Analysis reveals some files that CCleaner needs to delete

JFlanigan

By JFlanigan
in CCleaner Suggestions

 Share

Recommended Posts

JFlanigan

JFlanigan

Posted
Posted (edited)

XXXXXXXXXXXXXXXXXXXXXXXX

 

identifies some areas where CCleaner needs to look into. Some evidence of a TOR installation that was deleted before running CCleaner.

 

C:\Windows\Prefetch\START TOR BROWSER.EXE-F5557FAC.pf

C:\Windows\Prefetch\TBB-FIREFOX.EXE-350502C5.pf

C:\Windows\Prefetch\TOR-BROWSER-2.3.25-6_EN-US.EX-1354A499.pf

C:\Windows\Prefetch\TOR.EXE-D7159D93.pf

C:\Windows\Prefetch\VIDALIA.EXE-5167E0BC.pf

 

The thumbcaches identified in the article were all clear. I have not checked all of the files mentioned in the article.

 

I am using v4.00.4064

Edited by DennisD
Link to comment
Share on other sites
  • Moderators
DennisD

DennisD

Posted
  • Moderators
Posted

Hi jFlanigan, and welcome to the forum.

 

I would be happy for you to link to a legitimate website containing the article you mention, but we can't allow links to direct downloads for obvious reasons.

 

Especially from a non regular member, and I don't mean that to be personal.

 

I've therefore removed the direct download link.

Link to comment
Share on other sites
JFlanigan

JFlanigan

Posted
  • Author
Posted

Hi Dennis.

 

No problem and I apologize for violating any forum rule on my first visit.

 

Why do you consider that site not to be legitimate? Its software provides secure and anonymous communication and is highly regarded. See Wikipedia for more information.

 

My objective was not to make it appear that you or Piriform endorsed the product. The document enlightened me to the fact that there is residual information in the pre-fetch directory that CCleaner should detect and remove.

 

Best Regards,

John

Link to comment
Share on other sites
  • Moderators
Augeas

Augeas

Posted
  • Moderators
Posted

Yes, Prefectch contains entries for the TOR browser bundle, which is portable, and other portable programs as well as programs run under Sandboxie, for instance. I guess CC doesn't touch current entries as prefetch is a valid part of the operating system. CC will delete old entries (14 days plus), or if you're really worried you could switch off prefetch for user programs.

 

As has been said many times before CC is not a forensic evidence cleaner.

Link to comment
Share on other sites
  • Moderators
DennisD

DennisD

Posted
  • Moderators
Posted

Hi Dennis.

 

Why do you consider that site not to be legitimate? Its software provides secure and anonymous communication and is highly regarded. See Wikipedia for more information.

 

 

Best Regards,

John

 

My apologies, you misunderstand my meaning John. I didn't open the PDF in your link, and there's nothing in your post to indicate which site the article came from.

 

I simply meant you can provide a link to any legitimate website in your post, and I've no reason to doubt that the one you refer to is a legitimate one.

 

We can get new members, and spammers sadly, who provide links to some unusual places, hence the need to mention "legitimate".

 

By all means, supply us with the link to the site containing the article, and I hope that clears up the misunderstanding.

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept