About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Software » Reviews » The Evidence Eliminator Documents

Do It Yourself 2

A few comments on the DIY process.

Cutting Directory & Disk Slack

Thank you EE, but thank you NO - it's already done automatically by disk defragmenters.

Cutting File Slack

The suspicion is that EE does not really do this. It would take more time than EE ostensibly spends on the operation. To do it yourself (and you can do it yourself) you have to calculate the actual cluster use of each file on disk (!) and extend each file to exactly consume each and every byte of the last cluster, then fill this slack area with gibberish (actually you should shred it properly too), then restore the file. The problem here is knowing where the slack is: While this will work on DOS based systems, it will not work on NTFS, which uses every available byte for file storage - even the MFT itself.

If Security Is Your Game

Then you need to have disk slack sanitised. Without EE it's a simple matter of writing a VB program which... But wait a minute! That's exactly what EE is!

ISV Registry Junk

Monitoring each application on disk may seem bothersome, but radsoft.net machines accomplish this automatically with customised wrapper programs. They don't need to run special programs to clean the junk out of the Registry; it's never allowed to accumulate in the first place.

Junk File Regex's

The eight regex's EE searches for should be regarded as an absolute minimum. Certainly there are many more which will apply to most any machine.

Microsoft Registry Junk

Most of the Microsoft junk in the Registry will be found under:

HKCU (or HKLM)/Software/Microsoft/Windows/CurrentVersion

Look in particular for the subkeys 'Explorer' and 'Internet Settings'. Also look under:

HKCU (or HKLM)/Software/Microsoft/Internet Explorer

Vigilance Pays

Get used to checking everything under HKCU (and HKLM)/Software, get acquainted with what is there, and get in the habit of keeping the intruders out yourself.

(If you see a suspicious key but hesitate to delete it, write to radsoft.net. Someone is bound to know what it's there for and how things work when you delete it.)

TOC

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.