Possible to configure 7 to auto-wipe files?

giblets said:

...but if I understand what you're looking for then nothing on the drive would be unencrypted except the necessary boot files...

What I'm rethinking is the best approach to compartmentalizing/securing my own data as well as any client data I may process. I'd *like* to keep all of each entity's data in its own encrypted container with its own password... and not have to encrypt anything else. Practically speaking though, I still doubt it is possible to reliably prevent the OS and various applications from persisting unencrypted data to other media (such as the system partition). Encrypting that other media doesn't solve the leak problem, although it does to some extent mitigate it.

I don't know what you meant above. One approach to dealing with an OS and applications that leak data would be to put/run them in the encrypted containers along with the sensitive data. I need to learn more about VM platforms, but I suspect it might be possible to keep each person or entity's data compartmentalized and secured by having an encrypted virtual machine for each.

Corazon said:

Truecrypt... will also slightly complicate your backup strategy - if you image the running Windows system, the image ends up unencrypted.

Unless you backup to another Truecrypt volume, right?

If you want a secure delete function for any sensitive files, Xplorer2 (by Nicos Bozinis) from www.zabkat.com has a feature called "shred" files. This is an excellent explorer replacement (from $29.95) for all windows versions including windows 7 and supports both x86 and x64. The author claims that once a file is deleted with "shred" command, it is impossible to recover this file again. The "shred" function is as easy to use as a normal delete file function.

By the way, the freeware CCleaner has a feature to wipe the free space (including MFT area) securely (1, time, 3 times, 7 times and 35 times etc.) for securely cleaning the free space for those who are security conscious. This can be run whenever the system is free as it takes a long time... This can even securely clean a hard disk completely if necesssary.

The problem with encryption technologies built-in windows is that if your system gets corrupted and you need to reinstall the windows again, then it is impossible to recover the encrypted files. It happened to me once and I lost a good number of files in this way.

The windows encryption is based on the user id of a system and if you reinstall the system and create same username, the user id will be different from the earlier windows version and will fail to unencrypt the files.

One way of safeguarding the files would be to always copy the sensitive files on a separate external compact USB HDD and carry it with you always and never leave any of these files on the computer. This way you can isolate the files from the computer.

@rraod: I think there are mechanisms to recover both EFS and Bitlocker encrypted files:

https://www.google.com/search?num=30...22&btnG=Search

I know, way back when, I used EFS on XP boxes for awhile and went through the recovery agent preparation steps (which, IIRC, basically revolved around exporting and keeping safe a certificate) and I was was able to encrypt a file on one machine and decrypt it on another.

I had this problem on an XP machine when I have not followed these procedures to save the user credentials. It so happened that I was just experimenting these features and after some time totally forgotten about the encryption I have done. After more than six months, I have reinstalled my system to a fresh copy of XP and only later on I realised that I could not access these files which were on an external USB disk.... Lesson learned

BitGroomer said:

Corazon said:

Truecrypt... will also slightly complicate your backup strategy - if you image the running Windows system, the image ends up unencrypted.

Unless you backup to another Truecrypt volume, right?

Yes, or you use the backup software's own encryption to protect the image file.

Another catch I forgot to mention earlier is that if you make a backup using this method and restore it later, the system encryption will be lost (since you're restoring an unencrypted image) and will have to be recreated with TrueCrypt after the restore.

Well one theme common to some things in this thread (wiping, encrypting, backup/restores) is that they can be very unforgiving if we overlook something. Once upon a time I stored some personal files in an encrypted archive file and simply backed up that encrypted archive file. At some point that encrypted archive file became corrupted and unknowingly I was making backups of an archive file that I could never decrypt and access. A friend's home was once robbed, and they took her computer and disc carrying case. Fortunately, she kept her personal files encrypted and there was a copy of those encrypted files on a disc the burglar didn't get. Unfortunately, the one and only backup of her encryption keys was in the disc carrying case that was stolen.

I suspect we've all learned a lesson the hard way on more than one occasion. Hopefully we learn from that and in the long run gain more than we lost.

BitGroomer said:

Well one theme common to some things in this thread (wiping, encrypting, backup/restores) is that they can be very unforgiving if we overlook something. Once upon a time I stored some personal files in an encrypted archive file and simply backed up that encrypted archive file. At some point that encrypted archive file became corrupted and unknowingly I was making backups of an archive file that I could never decrypt and access. A friend's home was once robbed, and they took her computer and disc carrying case. Fortunately, she kept her personal files encrypted and there was a copy of those encrypted files on a disc the burglar didn't get. Unfortunately, the one and only backup of her encryption keys was in the disc carrying case that was stolen.

I suspect we've all learned a lesson the hard way on more than one occasion. Hopefully we learn from that and in the long run gain more than we lost.

One advantage of Truecrypt containers is that you can do as many copies as you think reasonable for backups on different HDDs and CDs/DVDs and you can backup the headers so there is less problems with corruption. Of course the problem of frequently updating and backing-up is always there. Having used Truecrypt for perhaps a decade I have never had a container that didn't open and the only problems I have ever had is with duff CDs and so using the best is advisable. The problem of having a sufficiently secure but memorable password still remains however but it is not impossible to do.

Best thing you can do: put a really awesome password together, then study and learn it like your name or address or phone# or social security. Use it. Use it again. Keep using it.
The day will come where you won't forget it for the rest of your life. :)

(Just be sure to include it in your testament and last will! LOL)