How to prevent "shadow" copies of working documents?

[notaguru]

In some cases, I work on confidential MSWord and Excel documents
that reside on the computer only temporarily, and it is
important that no residue remain behind.

I've just learned that Vista makes "shadow" copies of files, but
can't find clear information about that.

On a Vista computer, how can I be sure that when I erase (as
opposed to delete) a confidential file that nothing remains behind?

Thanks!

 

[Synapse Syndrome]

In some cases, I work on confidential MSWord and Excel documents that
reside on the computer only temporarily, and it is important that no
residue remain behind.

I've just learned that Vista makes "shadow" copies of files, but can't
find clear information about that.

On a Vista computer, how can I be sure that when I erase (as opposed to
delete) a confidential file that nothing remains behind?

This isn't really a security issue as only the incremental differences in
the file. Also, I would have thought that this information gets deleted
once the file has gone.

You could always disable the Shadow Copy Service, but I am not sure if
System Restore depends on that as well. There may be another way to disable
Shadow Copies that somebody else knows.

ss.

 

[Ken Blake, MVP]

In some cases, I work on confidential MSWord and Excel documents
that reside on the computer only temporarily, and it is
important that no residue remain behind.

I've just learned that Vista makes "shadow" copies of files, but
can't find clear information about that.

On a Vista computer, how can I be sure that when I erase (as
opposed to delete)

I don't know what you mean by "erase as opposed to delete." In
general, "erase" and "delete" mean the same thing.

a confidential file that nothing remains behind?

You should note that it's not really possible to do this. When a file
is written to a hard drive, remnants of that file can remain behind
forever, and sophisticated (and expensive) data recovery techniques
can sometimes get it back. It's for that reason that, for really
sensitive data, the US government doesn't rely on any software
techniques to delete data, but physically destroys the drive in a
furnace.

You may not need to go to the same lengths the government does, but I
want you to be aware that what you are asking for can not be done
completely.

 

[AJR]

Volume Shadow Copy can be a problem in your case since it provides for
recovery of a deleted file - providing a "previous version" was made.

The Volume Shadow Service can be disabled however backups may be affected.
If you disable the Service you can restart the Service do manual backups
(Use Vssadmin to verify that the previous versions are not created)..

You can "manage" Shadow Service via the command line tool "Vssadmin" from an
elevated command prompt. With it, among other functions, you can do stuff
like: List existing shadow copies, time created and location - which would
verify if copies are made of your data.

In addition restrictions on access to shadow copies can be specifically set
through Group Policy.

 

[Ronnie Vernon MVP]

For confidential documents you really need to use Bitlocker to encrypt the
volume where these documents reside. Even without shadow copy, a deleted
file can still be retrieved, depending on the knowledge of the person doing
the retrieving.

BitLocker Drive Encryption:
http://technet.microsoft.com/en-us/windowsvista/aa905065.aspx

 

[notaguru]

Thanks to all!

By "erase" as opposed to "delete", I refer to a utility that
overwrites the disc space occupied by a file using random 1's
and 0's some number of times. The utility we use overwrites 30
times, and the result is considered secure for even classified
material.

"Delete" just removes the referencing/addressing data, but the
file itself remains available until overwritten.

I was/am concerned that a "shadow" copy might sit there after
erasure...

 

[AJR]

One other comment - Shadow copies are generated by System Restore so turning
it off would prevent shadow copies, however "previous versions" created via
backup would still be created, although I do not think they are availabe
when the document is deleted.

 

[Pecos]

In some cases, I work on confidential MSWord and Excel documents that
reside on the computer only temporarily, and it is important that no
residue remain behind.

I've just learned that Vista makes "shadow" copies of files, but can't
find clear information about that.

On a Vista computer, how can I be sure that when I erase (as opposed to
delete) a confidential file that nothing remains behind?

Thanks!

Hello,

The easiest way to do this, I think, is to save the file to a
partition/logical drive that is not enabled for 'Previous Versions'

To see what partitions/locical drives are set up for previous versions:
Start==>Control Panel==>System==>Advanced system settings
Left Click 'OK' if prompted by the UAC (User Account Control)
Left Click the 'System Protection' tab
The Vista logical drive should be checked by default and all other logical
drives should be unchecked by default (that is how my RC1 version of Vista
works anyway).

As was mentioned earlier by AJR, shadow copies are created when a system
restore point is created and per the Vista Help file, this should occur
daily. You can also create a system restore point manually.

Save your confidential files to a logical drive that is on the 'unchecked'
list. You can verify that there are no shadow copies of a file by:

Right Click on the file name in Explorer
Left Click on 'Restore previous versions'
In the 'File versions:' box, you should see 'There are no previous versions
available'