- Apr 1, 2017
- 1,795
last days I was busy with some Computer Forensics Tools and Basic digital forensic concepts.
I tested one of these tools against some popular Tune-Up utilities that MT PPL use:
CCleaner/PrivaZer/Wise disk cleaner/ Kerish doctor and Glary Utilities.
it has an option calls find recent activities and can find:
The history of most recently used (Wordpad recent docs/M office recent docs/windows run entries/windows search history /adobe read recent files/ windows recent documents /windows explorer-recent items and .....)
USB history
Browser history(according to the owner it cover all browsers but it only works for IE and couldn't find the Yandex, Opera, and Edge history! probably bug.there are other tools that can find your browser's history easily with one click or 1 command. )
Browser bookmarks
Installed programs
windows event logs
Autoran commands(the Apps that start on boot)
Windows search index history
Prefetch files
P2P history
Mobile backups.
Chat logs from popular messengers.
I tested the find recent activities option (one of the most important features in the tool)against windows cleaners.
It also can find windows passwords/create a memory dump/ analyze the memory dump with Volatility/ Decrypt BitLocker/view the registry /create an image from your hard disk/take a screenshot/recover deleted files/detect hidden hard disk and a lot more...
Pls note:
I'm not using M office.
My telegram doesn't save any log on windows so the toll cant find any chat log(but there are others tool that can find telegram history )
I don't have any mobile backup.
I don't use Peer to Peer applications.
1-After cleaning windows with Glary disk cleaner free +Glary Tracks Eraser free the tool could detect:
Most recently used APP ( windows search history/word(RTF) history and WINDOWS recent documents)
USB history
jump list
prefetch files
user assist history(Glary removed them but not completely)
Windows event logs
Windows search index
Memory dump files( the tool can use them to access your data)
No secure file deletion methods so the tool could easily find the deleted files-->recover them!
After the test, I ran wise disk cleaner and it found a lot of cookies and cache history from Yandex, opera, and Edge! although the Glary claimed that it removed all histories but it failed!
again the tool doesn't cover opera Yandex chrome and Edge! it only works for internet explorer but as I said there are other tools both free and paid that can find your browser history/passwords with 1 click or one command so its very important to clean browser history/cache(with secure deletion method)
A big failure for glary company
Honestly they need to redesign this garbage APP.
Pls :
Don't think that if you use private mode in your browser you are 100% safe.it's good but not enough:
How Private is Internet Explorer’s InPrivate Browsing?...First define "private" - Magnet Forensics Inc.)
Don't think the portable browser make your activity invisible: https://www.researchgate.net/public...the_privacy_benefits_of_portable_web_browsers)
2- I worked with windows for 1 day and cleaned it with Wise disk cleaner(Enabled all options+enabeld some useful options from advanced cleaner mode)
it deleted a lot (like dump files(very very important to forensic tools) /a lot of history from Opera/ Yandex and a lot of logs from windows directories)
But the tool still could detect:
jump list(cleaned but not completely)
USB history
most recently used APPs
User assist history(removed but not completely)
Prefetch files(only deleted old ones)
windows event logs
windows search index
Wise has secure delete option but I didn't test it(i don't think if it works)
Although it deleted the dump files and many others traces but failed.:notworthy:
3-Again worked with pc for 1 day and ran CCleaner(not my favorite tool)
It removes most recently used APPS
failed to remove USB history
removed the windows log files but not completely
removed the user assist history completely
failed to remove prefetch files
failed to remove shellbag
CCleaner finds the dumps but wise did a better job.
failed to remove windows search index
1-it has secure deletion method: the complex overview(7 passes) is the ideal option! the advanced overview (3 passes)is also good but not enough.
2-Remove wipe cluster tips
3-Remove alternate data stream!
both are dangerous.why?
Read here:
Computer Forensics: Alternate Data Streams
How to recover your own data without data recovery software
4-worked with pc for 1 day and ran Privazer( paid version also fully tweaked for maximum privacy):
Failed to remove most recently used APPs.
failed to remove USB history
completely removed user assist history.
failed to remove jump list
failed to remove windows search history
removed prefetch file( almost completely)
removed shellbag!
Privazer advantages:
Secure deletion same as CCleaner
Wipe free space same as CCleaner
Clean a lot of directories that others miss(only wise disk cleaner clean some of those places but not completely)
Clean USN Journal(others cant)
In deep registry cleaning(CCleaner also cleaned them but not like Privazer)
Read about USN journal here:
Windows USN Journal Parsing - Digital Forensics Forums | ForensicFocus.com
To know what shell bag is and why its so important read this link:
Windows Shellbag Forensics
Best privacy cleaner: CCleaner
Best cleaner to clean windows directories and clean the hard disk itself=privazer
Ccleaner+privazer=good but not enough and it's broken.
PS. I tested Kerish doctor and got the same results as Glary utilities but the Kerish doctor is good to fixing windows problems and cleaning the leftovers data from removed Applications(a service/driver or...)
All of them failed to remove USB history/windows search index/shellbag(only the paid version of Privazer can delete them) I found how to mitigate them! do some research and find out how to mitigate these holes
What I use:
CCleaner(recently added after this test)+privazer+wise+around 7 tweaks in the registry(search yourself) +O&O SafeErase 12! but still not enough!
There are many other holes in windows that put your privacy at risk but you need to start reading and researching.
last days I was busy with some Computer Forensics Tools and Basic digital forensic concepts.
I tested one of these tools against some popular Tune-Up utilities that MT PPL use:
CCleaner/PrivaZer/Wise disk cleaner/ Kerish doctor and Glary Utilities.
it has an option calls find recent activities and can find:
The history of most recently used (Wordpad recent docs/M office recent docs/windows run entries/windows search history /adobe read recent files/ windows recent documents /windows explorer-recent items and .....)
USB history
Browser history(according to the owner it cover all browsers but it only works for IE and couldn't find the Yandex, Opera, and Edge history! probably bug.there are other tools that can find your browser's history easily with one click or 1 command. )
Browser bookmarks
Installed programs
windows event logs
Autoran commands(the Apps that start on boot)
Windows search index history
Prefetch files
P2P history
Mobile backups.
Chat logs from popular messengers.
I tested the find recent activities option (one of the most important features in the tool)against windows cleaners.
It also can find windows passwords/create a memory dump/ analyze the memory dump with Volatility/ Decrypt BitLocker/view the registry /create an image from your hard disk/take a screenshot/recover deleted files/detect hidden hard disk and a lot more...
Pls note:
I'm not using M office.
My telegram doesn't save any log on windows so the toll cant find any chat log(but there are others tool that can find telegram history )
I don't have any mobile backup.
I don't use Peer to Peer applications.
1-After cleaning windows with Glary disk cleaner free +Glary Tracks Eraser free the tool could detect:
Most recently used APP ( windows search history/word(RTF) history and WINDOWS recent documents)
USB history
jump list
prefetch files
user assist history(Glary removed them but not completely)
Windows event logs
Windows search index
Memory dump files( the tool can use them to access your data)
No secure file deletion methods so the tool could easily find the deleted files-->recover them!
After the test, I ran wise disk cleaner and it found a lot of cookies and cache history from Yandex, opera, and Edge! although the Glary claimed that it removed all histories but it failed!
again the tool doesn't cover opera Yandex chrome and Edge! it only works for internet explorer but as I said there are other tools both free and paid that can find your browser history/passwords with 1 click or one command so its very important to clean browser history/cache(with secure deletion method)
A big failure for glary company
Pls :
Don't think that if you use private mode in your browser you are 100% safe.it's good but not enough:
How Private is Internet Explorer’s InPrivate Browsing?...First define "private" - Magnet Forensics Inc.)
Don't think the portable browser make your activity invisible: https://www.researchgate.net/public...the_privacy_benefits_of_portable_web_browsers)
2- I worked with windows for 1 day and cleaned it with Wise disk cleaner(Enabled all options+enabeld some useful options from advanced cleaner mode)
it deleted a lot (like dump files(very very important to forensic tools) /a lot of history from Opera/ Yandex and a lot of logs from windows directories)
But the tool still could detect:
jump list(cleaned but not completely)
USB history
most recently used APPs
User assist history(removed but not completely)
Prefetch files(only deleted old ones)
windows event logs
windows search index
Wise has secure delete option but I didn't test it(i don't think if it works)
Although it deleted the dump files and many others traces but failed.:notworthy:
3-Again worked with pc for 1 day and ran CCleaner(not my favorite tool)
It removes most recently used APPS
failed to remove USB history
removed the windows log files but not completely
removed the user assist history completely
failed to remove prefetch files
failed to remove shellbag
CCleaner finds the dumps but wise did a better job.
failed to remove windows search index
1-it has secure deletion method: the complex overview(7 passes) is the ideal option! the advanced overview (3 passes)is also good but not enough.
2-Remove wipe cluster tips
3-Remove alternate data stream!
both are dangerous.why?
Read here:
Computer Forensics: Alternate Data Streams
How to recover your own data without data recovery software
4-worked with pc for 1 day and ran Privazer( paid version also fully tweaked for maximum privacy):
Failed to remove most recently used APPs.
failed to remove USB history
completely removed user assist history.
failed to remove jump list
failed to remove windows search history
removed prefetch file( almost completely)
removed shellbag!
Privazer advantages:
Secure deletion same as CCleaner
Wipe free space same as CCleaner
Clean a lot of directories that others miss(only wise disk cleaner clean some of those places but not completely)
Clean USN Journal(others cant)
In deep registry cleaning(CCleaner also cleaned them but not like Privazer)
Read about USN journal here:
Windows USN Journal Parsing - Digital Forensics Forums | ForensicFocus.com
To know what shell bag is and why its so important read this link:
Windows Shellbag Forensics
Best privacy cleaner: CCleaner
Best cleaner to clean windows directories and clean the hard disk itself=privazer
Ccleaner+privazer=good but not enough and it's broken.
PS. I tested Kerish doctor and got the same results as Glary utilities but the Kerish doctor is good to fixing windows problems and cleaning the leftovers data from removed Applications(a service/driver or...)
All of them failed to remove USB history/windows search index/shellbag(only the paid version of Privazer can delete them) I found how to mitigate them! do some research and find out how to mitigate these holes
What I use:
CCleaner(recently added after this test)+privazer+wise+around 7 tweaks in the registry(search yourself) +O&O SafeErase 12! but still not enough!
There are many other holes in windows that put your privacy at risk but you need to start reading and researching.