I was curious if one were using disk encryption like TrueCrypt and deleted an encrypted file to the recycle bin, would it be stored in plaintext while in the recycle bin? I use the term "recycle bin" because my question is geared towards Windows, but this still applies to other OSs with a similar trash-like facility.
Recycle Bin and Disk Encryption
- Thread starter Creedyou
- Start date
blackangst1
Lifer
- Feb 23, 2005
- 22,902
- 2,359
- 126
not sure of your setup, but...anything you "throw away" in the trash of your mounted encrypted drive IS encrypted (because it is part of your encrypted drive, therefore goes into the recycle bin of THAT partition... you cant really see the recycle bin on drives other than C) but only if you "delete" and NOT drag to trash. The trash icon is on your C drive, which isnt encrypted. This rule only applies to entire partitions that are encrypted.
Now, if your whole drive isnt encrypted and all you have is a mounted "file", then anything you delete is NOT encrypted, because the trash doesnt reside inside that truecrypt volume. Truecrypt encrypts and decrypts on the fly. So anytime you move a file OUTSIDE of the Truecrypt volume, it strips cyphertext and leaves it unencrypted.
My suggestion? Download File Shredder (thats the name) and use THAT instead of your "trash". It's free too
Now, if your whole drive isnt encrypted and all you have is a mounted "file", then anything you delete is NOT encrypted, because the trash doesnt reside inside that truecrypt volume. Truecrypt encrypts and decrypts on the fly. So anytime you move a file OUTSIDE of the Truecrypt volume, it strips cyphertext and leaves it unencrypted.
My suggestion? Download File Shredder (thats the name) and use THAT instead of your "trash". It's free too
i am using a mounted file. the file appears as a drive in "My Computer" with a "System Volume Information" and a "Recycled" folder as the initial contents of that drive. the presence of the Recycled folder leads me to believe that its contents would still be encrypted? i never drag to the recycle bin, only use the right click with the mouse and keyboard delete button methods.
blackangst1
Lifer
- Feb 23, 2005
- 22,902
- 2,359
- 126
Yes, whether its a file or an entire partition or drive, after its mounted it will show up with its own letter (because it IS a virtual drive). For example, I have my Truecrypt volume on its own partition. Nothing else on it. Because it's its own partition, whether my TC volume is mounted or not, it shows up as drive I; however, when I mount my volume (in this case the entire partition) I can choose to mount it virtually as any letter I want...so lets say P. Now, when I look at My Computer, I see both drive I and drive P. Make sense?
Since youre using a file and not a whole partition or drive, even when you "delete" it still goes into the unseen recycle bin I spoke of earlier...so it's NOT encrypted (because that temp trash folder is NOT inside your TC volume). Make sense?
Again...better to use File Shredder, or an easier way is use PGP Desktop (version 6.x.x is free and open source). It has a shredding option also that shows up in your right click menu. So you can just right click what you want to shred and choose shred. All gone.
Since youre using a file and not a whole partition or drive, even when you "delete" it still goes into the unseen recycle bin I spoke of earlier...so it's NOT encrypted (because that temp trash folder is NOT inside your TC volume). Make sense?
Again...better to use File Shredder, or an easier way is use PGP Desktop (version 6.x.x is free and open source). It has a shredding option also that shows up in your right click menu. So you can just right click what you want to shred and choose shred. All gone.
This Microsoft KB article says when a file is deleted, 1) it is renamed and 2) a file located in the Recycler folder named INFO2 is edited with the real file name and some other attributes of the deleted file. Since the Recycler folder IS in the TrueCrypt encrypted volume, the deleted file seems like it should still be encrypted. Maybe the recycle bin on the C: drive desktop reads all local drives' Recycler folder in order to have one central place to see deleted local files? Once a volume (partition or file) is mounted as a virtual drive, does the kernel treat recycle bin activities differently for a disk partition volume or a filesystem within a file volume?
blackangst1
Lifer
- Feb 23, 2005
- 22,902
- 2,359
- 126
Again, if the recyler is IN the TC container, it is still encrypted.
Try this sometime. Download one of the many free hard drive forensic softwares and install. Make a few files on your drive OTHER than your C drive, but NOT in your TC volume. Choose them and delete. Now, search for those files with your forensic software and look where it shows up-not on your C drive, but in the hidden recycler on whatever drive they were deleted on.
Try this sometime. Download one of the many free hard drive forensic softwares and install. Make a few files on your drive OTHER than your C drive, but NOT in your TC volume. Choose them and delete. Now, search for those files with your forensic software and look where it shows up-not on your C drive, but in the hidden recycler on whatever drive they were deleted on.
blackangst1
Lifer
- Feb 23, 2005
- 22,902
- 2,359
- 126
Creedyou: I found your answer...I didnt know about this
Encode your entire user profile, including trash bin!
TCGINA allows the use of TrueCrypt to on-the-fly encrypt a Windows user profile. A Windows user profile usually contains user registry files, user documents and settings, temporary files, etc. TCGINA detects whether a user profile is encrypted (stored on a TrueCrypt volume) and mounts the corresponding TrueCrypt volume before continuing the Windows log on procedure.
Enjoy! I think I'll try this out
Encode your entire user profile, including trash bin!
TCGINA allows the use of TrueCrypt to on-the-fly encrypt a Windows user profile. A Windows user profile usually contains user registry files, user documents and settings, temporary files, etc. TCGINA detects whether a user profile is encrypted (stored on a TrueCrypt volume) and mounts the corresponding TrueCrypt volume before continuing the Windows log on procedure.
Enjoy! I think I'll try this out
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter