Will Privacy Tools Hamper Investigations?

Protection products may be double-edged swords.

The very first article I wrote for Security Technology & Design was “What's on That Hard Drive?” published in February 2002. That article was based on a white paper I wrote for SANS Institute certification called “Secure File Deletion: Fact or Fiction?” (An updated version of this paper can be found in the SANS reading room at www.sans.org. ) Both the article and the white paper discuss the types of residual data that can be recovered from a computer's hard drive and some of the methods that can be used to remove this data.

From a security perspective, removing this information is an excellent way to prevent the inadvertent dissemination of proprietary information as well as the accidental disclosure of personal information. When I wrote the white paper back in 2001, businesses and individuals were just beginning to recognize the significance of residual data. Now, high-profile security breaches and new privacy and security regulations have increased businesses' interest in protecting data by encrypting or removing residual information.


Wipe Out or Lock Up

You only have to do a quick search on the Internet to find an array of products intended to wipe certain data from a system. Many third-party tools exist to help prevent the inadvertent dissemination of confidential data, such as the “Remove Hidden Data” tool that removes metadata from Microsoft Office 2003 documents.

Encryption is becoming another popular tool for protecting private and proprietary information. While encryption is used extensively to protect data during transmission, it has not been widely embraced to secure data at rest, such as on the hard drive of a desktop or laptop computer.

Many people erroneously believe that since they must provide a password in order to boot up their computer, the data stored on the computer's hard drive is secure. All anyone has to do is remove the hard drive from the computer and connect it to another computer, either as an external drive or a secondary (slave) internal drive, to remove all of the data from the drive.

This significant security threat has now been addressed by the storage vendor Seagate. The company includes hardware-based drive encryption as part of its DriveTrust technology. As of this writing, this technology is only available for the Momentus 5400 FDE.2 drive for notebook computers and DB35 Series drive for digital video recorders. With the current concerns regarding the protection of digital information, however, it won't be too long before Seagate offers this technology on additional drives and other manufacturers begin offering similar solutions.


OS Privacy Enhancements

Third-party solutions aren't the only option anymore. Now, major software and technology vendors have begun incorporating privacy tools into computer operating systems and applications.

Apple's Mac OS X includes new privacy enhancements:

• FileVault. Enabling this feature secures a user's home directory by encrypting its contents using AES 128-bit encryption.

• Secure Virtual Memory. Enabling this feature encrypts the system's swap file. The swap file (in Microsoft Windows this is called a pagefile) is used when a new application is launched or a system's memory is full and needs to make space for additional information. Data in memory will get written to the hard drive in a swap file. Swap files are a great source of information during an investigation, but this feature makes the data unrecoverable.

• Erase Free Space. This is built into the Mac OS X Disk Utility feature and provides the ability to “zero out” or overwrite free space.

• Private Browsing. Safari, Apple's Internet browser, includes a private browsing option, which, according to Apple's main information site on the product, ensures that “no information about where you visit on the Web, personal information you enter or pages you visit are saved or cached. It's as if you were never there.”

This content continues onto the next page...