You are here: Home → Forum Home → The Mac Observer Forums → Mac Geek Gab Crew → Thread
Covering the tracks
-
I have a “friend” (we’ll call him Doug) who in a misguided bout of internet exploration stumbled onto some pretty awful sites, and instead of getting out, he decided to explore them somewhat extensively. Now Doug is feeling pretty guilty and regrets his actions, and most of all, he wants to eliminate the traces of his past as much as possible. Doug knows that data on computers can never truly be eliminated without shredding the hard drive, but he also knows that it can be eliminated fairly well. So far, Doug has run Cache-Out X and Onyx to clean up his caches, and he then overwrote the free space 7 times. The problem is, he cannot really tell if he has eliminated his past, because he could never find the files (ie his searching and viewing history) in the first place. So, Doug’s questions are basically these: is there a history somewhere on the hard drive of all of one’s internet activities, such as websites visited, search history, etc.? Doug never actually downloaded anything from the sites he went to, but he did a fair amount of looking. Is just looking tantamount to downloading? If one just looks at a picture on a site, is it then on his hard drive? In case you are wondering: I know that Doug has learned his lesson and will not have this problem again!
-
Well, Doug (may I call you Doug?), if you have deleted your internet caches, didn’t download anything and have overwritten the free space, then your forays into dirty vole pictures and moose-abuse sites are probably pretty well gone. If someone really wanted to reconstruct some of it through forensic analysis of the hard drive they might be able to, but that is not something that the average person can accomplish easily. Now, if the NSA wanted their computer back, that’s a different story…
Practice safe hex.
Signature
Mac switchers see my profile for switching help…
-
Thanks Intruder—I mean, I told Doug, and he said to tell you thanks. How’d you know about the Moose, by the way?
-
A m??se once bit my sister.
Signature
Mac switchers see my profile for switching help…
-
At one of my previous jobs we had a couple of computers for staff to check webmail and such on their breaks. Every once in a while we’d get a complaint about someone surfing inappropriate sites and it was my job to investigate. Occasionally I also had to look at staff laptops for inappropriate material and clean it up if found. Several things I learned;
If you don’t download, and do clear caches, history, secure erase free space, and such it’s very hard to recover your data. To be absolutely sure, you’d need to nuke and pave. Several times there was no history of surfing but when I did a search for JPG, WMV, or other common media formats I’d find a few images that got lost in the shuffle. To clean up a drive when I found something I often opted for nuke and pave. Especially with the Apple tool that lets you overwrite the drive edge to edge multiple times you can be sure that the evidence is gone (unless you’re under investigation by the NSA etc.) But for normal use this is more than needed. I’d think what you’ve done is adequate. Mind you I recommend you do the do a nuke and pave if you’re going to sell or give away any computer. I always do.
Another place I worked at had a foolproof method of securing a drive for discarding. We put it in a vise and drilled a 3/8” hole through it, shattering the platters. A bit wasteful, but they kept legal records on their systems.
Every once in a while I would find something on a drive, usually URLs. I couldn’t check them at work, I would have been fired for surfing porn even though I was conducting an investigation. I had to check them at home with my own system. I used Opera because it has a Clear Private Data option, that will trash all the files, caches, history, and such with the click of a button.
[ Edited: 17 April 2009 01:08 PM by geoduck ]Signature
Millions if not billions of people use computers and the Internet.
I build computers and fix the internet.
I Win. -
What about checking the ‘Private Browsing…’ feature under the Safari menu before you surf, how well does that work?
Signature
- Gavin (DrShakagee)
-
When you turn it on it says
“When private browsing is turned on, webpages are not added to the history, items are automatically removed from the Downloads window, information isn’t saved for AutoFill (including names and passwords), and searches are not added to the pop-up menu in the Google search box. Until you close the window, you can still click the Back and Forward buttons to return to webpages you have opened.”
I’d say it helps, but I haven’t had occasion to try a forensic analyses on a system that was using it.
Signature
Millions if not billions of people use computers and the Internet.
I build computers and fix the internet.
I Win. -
I would add (if I were paranoid) doing a search for items created the day of the alleged foppishness. You’d be surprised what files are created on any given day.
When I was relatively new to OS X I did a check and found a ton of Macromedia files, Flash in particular, stored in
Users:username:library:preferences:Macromedia:FlashPlayer:Macromedia.com:support:Flashplayer:sys.It’s not images per se, but locations. For instance, Target, ABC News, Amazon, CDW; virtually any web site that uses Flash.
If the web site Doug visited uses Flash there will likely be a preference file created for that site. If that site happens to be, say, playhorsie.com Doug could have some ‘splainin’ to do.
So while Safari may not record history in Private Browsing, Flash just might. I cannot say this for certainty, so I’m open to the experts here.
Signature
Microsoft’s tyranny lies not in… no wait, that’s already taken.
I’m not a zealot, I’m an Appleficionado.
