2

I have a USB drive that has encrypted files on it. I was wondering what would be the best way for me to decrypt these files on my personal computer without leaving a trace? Is there a safe environment that once setup would leave no trace of my decrypted files on my personal computer?

I do not want individuals to be able to find and recover the deleted files that were decrypted.

Deer Hunter
  • 5,297
  • 5
  • 33
  • 50
Mike
  • 23
  • 2

2 Answers2

3

The best way is to boot your computer from a LiveCD, copy the encrypted files from the USB drive to the computer, remove the USB drive, and decrypt the files. The LiveCD environment is a mix of read-only media (the boot disk) and RAM disk (the user-modifiable parts of the filesystem), so anything you do will be wiped away when you shut your computer down.

If you're feeling especially paranoid, remove your computer's hard drive before booting.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • What if the personal computer is not a LiveCD. Can I copy encrypted files on the system, read them, decrypted them, and then delete them after? I am thinking that if I delete an encrypted file it will not be able to be recovered? – Mike Dec 24 '14 at 22:33
  • The problem is the decrypted copy of the file. Even if you decrypt to RAM, it's very hard to ensure that no trace of it ends up on the disk. There's also the issue of either version of the file (encrypted or decrypted) showing up in a recently-used files list. – Mark Dec 24 '14 at 22:39
  • @Mike - given enough effort, it may and will be recovered. Now, please have a look what a [LiveCD](https://en.wikipedia.org/wiki/LiveCD) is. – Deer Hunter Dec 24 '14 at 22:39
  • I strongly suggest ensuring that filesystem of hard disk is **not** available while booted from live CD. – DavisNT Dec 24 '14 at 22:51
  • An extra precuation is when booted into the liveCD, do not connect to the internet. – limbenjamin Dec 25 '14 at 07:12
0

If you need to use the PC to process the decrypted files (in order to use software that would not be available on LiveCD, etc.), then after deleting everything at the end of your session you will need to securely erase all the free disk space on your PC. There are many ways to do that, most of which are free. The Mac OS X Disk Utility app has this capability; CCleaner is a good multiplatform method (Win/Mac/Android).

You should also either delete the PC's paging file when the PC shuts down (Microsoft FixIt and Ultimate Windows Tweaker can arrange this) or else encrypt the paging file (Ultimate Windows Tweaker), thus preventing an attacker from reading the paging file and thereby accessing leftover copies of your decrypted files.

commenter8
  • 11
  • 1