Results 1 to 4 of 4

Thread: Windows XP restore points and wiping

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    748

    Windows XP restore points and wiping

    Well somebody else asked the question but the thread went suicidal.. I'm not as paranoid as everybody else, so here is the answer to what the XP restore point stores. Check this technet article, and the file listed at the bottom-
    http://support.microsoft.com/default...b;en-us;281842

    specifically- Windir\System32\Restore\Filelist.xml

    The XML file is broken down into three segments: Files, Directories, and extensions.

    For each segment it contains those items to include, and to exclude. So as you can see by default very little personal data should be stored in a system restore. It excludes most document and profile information, and the only extensions included are programs and things of the like. Docs, pictures, adobe PDF, and other standard file formats for storing data are not included in the system restore.


    As to how antivirus and cleanup tools impact system restore. In my experience if the cleanup utility does not specifically have an option to "wipe" system restore it doesn't know about system restore. BCwipe and some of the other utilities mentioned in the original question have options to delete system restore points.

    Windows XP disk cleanup and restore points- http://support.microsoft.com/default...b;en-us;310312


    As far as how good are disk wiping utilities. Most of them if they can do multiple wipes with a Peter-Gutmann wipe algorithm are going to be very effective. I'm sure there are some cheap software wipers out there that say they are doing a 7 overwrite wipe, and don't, but the ones mentioned in the original question do the trick.

  2. #2
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    To be completely honest, that is the type of questions that my old boss would put onto me. He may not be doing something wrong, he may be asking because the company he works for is trying to ensure their data is safe.

    Lets say Mr Jones is working on a classified document, now that document has to be cleared off the system, so they delete the file and use BCWipe to clear the free space. If Bad Man Joe knows about this and wants the document, can he get it by going to the past restore point?

    I would suggest in this case to stop system restore, delete the restore files and keep BCWipe on hand.


    Even if this guy is being shady, I feel information is free. If he is going to use it for bad, someone else is going to use it for good and now it is readily available.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    If Bad Man Joe knows about this and wants the document, can he get it by going to the past restore point?
    If it is a doc, wps, pdf, xls, or any other standard document file then no. You can open up that file on your xp machine and see what file types are included. I don't feel like cutting/pasting the contents of the file as it would be rather long.

  4. #4
    Junior Member
    Join Date
    Sep 2005
    Posts
    2

    Original Thread was

    Thanks for the info here is the original thread --

    -----------------------------------------------------------------------------
    Question:
    First, When installing Win XP as a default the system restore is on.
    What does it store?

    Secondly, lets say you go ahead and make a' Restore" point, then you wash your system with Eraser, will it touch that restore point?

    Third, what if you turn off restore and delete the restore point, then wash it, does it overwrite the data form that restore point that was deleted?

    Last, has anyone done any research by taking several drives using the product below and verifying with forensics tools on which does what it claims?

    1) Eraser
    2) Wipe Drive / Secure Clean by white Canyon Software
    3) Window Washer
    4) BC Wipe
    5) Evidence Eliminator -- After seeing article in forum, you have to think, is there a gov back door-- I mean by this, would the government really allow a product to be on market that would be able to cover up tracks of bad guys and make prosocution harder for LEO?????????

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •