RE: Erasing private files from Windows XP.

["Bill Stout" <bill.stout () greenborder com>]

I'm sure you know of these locations, but I'll mention these anyway.

Index.dat - Contains cookie and file info and is a hidden file, always
open (locked) when the OS is running and must be deleted in safe mode.
Separate index.dat files exist for the Internet Explorer history, cache,
and cookies.

ADS - Alternate data streams contains file origination (zone) and other
data which Internet Explorer attaches to a file.  This is deleted when a
file is deleted (I believe).

Outlook Temp files (%USERPROFILE%\Local Settings\Temporary Internet
Files\OLK22) - Attachments are temporarily saved when they're opened.
However attachments are permanently saved in this location if you close
the message before the attachment, or if you modify the file.

Google Desktop cache (%USERPROFILE%\Local Settings\Application
Data\Google\Google Desktop Search) - Google desktop caches copies of
local or deleted files, btw the spell checker sends local search queries
to suggestqueries.google.com as you're typing.

I second the other answers you've received; replace the disk.  It's
cheap and you keep your data.  These days most laptop (and desktop)
disks are made of glass, so the best way to destroy a disk drive is to
throw it hard against pavement (slap the top or bottom surface).  Shake
the drive, and it sounds like it's filled with gravel.

Bill Stout
GreenBorder

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Yousef Syed
Sent: Sunday, January 28, 2007 7:01 AM
To: Security Basics
Subject: Erasing private files from Windows XP.

Hi,
Can someone please point me to a checklist of all the places that
Windows XP might store personal information?

I need to return my Laptop for a repair and would like to ensure that
no personal or client information is hiding anywhere.

I've erased "My Documents" and various other directories in the
"C:\Documents and Settings" directory; plus all directories that I
created myself.

I've run CCleaner to clear out all the Temp files, Cookies etc...

However, my experience of Windows is that it has a tendency to store
data all over the place.


Furthermore, does anyone have any policies in place for when corporate
PCs are sent to a third-party to be repaired?

Any advice would be much appreciated.

Thanks,
ys


-- 
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb