Swap File
Results 1 to 10 of 10

Thread: Swap File

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    16

    Swap File

    Hi,
    I Know windows keeps a swap file. But i just wanted to know if anyone can get anydata from this swap file if he or she has physical access to my pc. Please i am not a geek in computers so please explain in little detail. Thanks

  2. #2
    Member
    Join Date
    Feb 2003
    Posts
    41
    "I Know windows keeps a swap file. But i just wanted to know if anyone
    can get anydata from this swap file if he or she has physical access to my pc."

    Yes your swap file may contain your pgp paraphrases or
    documents like your tax returns or personal e-mail or
    information accumulated over time so if you don't wipe
    your swap someone could get access to it. Many people assume
    old data is gone after there drive is re-formatted but it's
    not the case it's all there and can be retrieved.

    I'd suggest BC wipe :

    http://www.jetico.com/index.htm#/bcwipe.htm


  3. #3
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    As long as you have the swapfile resizing dynamicly that old data is overwritten again and again, nothin acumulates in swap space..thats the point of it...the worry would be someone grabing swap as you got up...this would be pointless for two reasons. First if they where at your machine with access to the swap file they have access to every thing anyway. Second its a binary file, It looks just like the contens of ram would with insructions and data all jumbled togeterh in a binary format...basicly useless for finding info.

    I would worry far more about your temp files ect. then swap.
    Who is more trustworthy then all of the gurus or Buddha’s?

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Or you could make a quick regedit to do the same thing:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory\Management

    Value: ClearPageFileAtShutdown
    REG_DWORD
    Data: 1 (1 enable, 0 disable)


    Slows shutting down PC, but at least it is cleared if you are worried about it...


    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by nebulus200
    Or you could make a quick regedit to do the same thing:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory\Management

    Value: ClearPageFileAtShutdown
    REG_DWORD
    Data: 1 (1 enable, 0 disable)


    Slows shutting down PC, but at least it is cleared if you are worried about it...


    /nebulus
    correct me if I am wrong but wont swap start rewriteing itself as soon as you boot up. (assumeing you don't have a significantly high amount of RAM)

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Depends on your settings and it depends on how the memory manager starts paging things. There could still be bits and pieces of things laying around. The suggestion I provided only helps when shutting down. If you are working on sensitive information or are seriously panicked about it, buy alot of RAM and turn off your SWAP (i have had to do it before and it sucks) while you work on it...

    I personaly always set my SWAP to a constant size (rather than let windows manage it) because it gives a little more peppy a response when it windows ins't constantly having to monkey with the size of the page file when you start loading memory intensive programs...

    But to answer your question, what is overwritten in your page file is pretty much random and highly dependent on what you are running and how you are running it...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Fair enough...I tend t obe prety parinoid, and can see some point to flushing your swap space on shutdown, but I think we are reaching obserd levels of parinoia if we are worrying aboutsomeone sitting down and browseing swap space if we walked away for a min. swap files are usualy big enough to cause transfering to be nontrivial...and in a format that makes finding anything usefull inside nontrivial. The sugestion on running every thing in ram is good (if nothing else it will speed up access) but If I can read the contents of swap I can read the contents of ram,and make sure yuor system dson't have some sort of stat saveing, or quick on option(a lot of laptops do) as this will be a copy of whats in RAM.
    Who is more trustworthy then all of the gurus or Buddha’s?

  8. #8
    Junior Member
    Join Date
    May 2003
    Posts
    6
    another simple way is reduce the swap file settings to min then defrag the drive and reboot then change the swap file settings back....this works on something that's not been regularly defragged and you've written stuff past it on the drive(like installed lots of stuff like most of us) after the defrag it writes over the same area were the old one was, this will pretty well overwrite anything there....then after you increase the swap file it will put it in the largest continuous space on the drive...usually farther into the drive...and your pc may even run faster.....ya right this is windows...duh!

    this would work in 98 or xp but not in 2k unless u get something like norton or perfectdisk
    jeez I\'m tired of ms and bill lining his pockets, but it keeps me employed

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Under Windows 2000 there is I believe an option to erase the swapfile on shutdown. This won't help if your system crashes or loses power though (I have no idea how to enable this option)

    Ideally, if your data are sufficiently important, it may be prudent to just get lots of RAM and disable swap. On win2k, 384Mb should do provided you don't run anything hefty

    The swap file will keep remnants of anything that was in memory, possibly indefinitely. This may include passwords (although applications try to prevent this from happening, they don't always succeed)

    There is no fixed time after which the swap file will be overwritten, it is just luck.

  10. #10
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    He slarty, the option that you are talking about just sets the Registry key that I cited, it was just one of the many things that Microsoft changed in Win2k for the better. Win NT was notorious for having to do just about all configuring through the Registry, whereas Win2k still uses pretty much the same registry entries but gives you a nice GUI to manipulate those values...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •