Security Basics mailing list archives
RE: Protected Storage on Windows XP
From: "Mark Spencer" <mspencer () evidentdata com>
Date: Thu, 25 Nov 2004 09:26:43 -0800
Hi Marco, I use SecureClean from WhiteCanyon - http://www.whitecanyon.com/index.php. I did a quick test of the protected storage functionality and it looks like it works as advertised! Mark -----Original Message----- From: Marco Monicelli [mailto:marco.monicelli () marcegaglia com] Sent: Wednesday, November 24, 2004 11:02 AM To: security-basics () securityfocus com; sectools () securityfocus com Subject: Protected Storage on Windows XP Importance: High Hello List! I'm not sure this is the right list to send this question but I'll give a try. I would like to know if it is possible to delete the protected storage datas on Windows XP. Supposing an user is using PStoreView 1.0 - (c) 2002, Arne Vidstrom - http://ntsecurity.nu and can read the datas inside the Protected Storage. Now what if he's able to delete them? Is this possible? Any tool which a user can use to wipe this useful informations? Any really working "log cleaner" known for windows? I tried several cleaners claiming they could wipe logs out from a windows box but I honestly didn't find them working. I made a btach which actually is a porting of any Linux Log cleaner (finding the string, copy the log file without that string, substituing the new log to the old one) but this doesn't work on Windows. Can't stop the process 'cause it has SYSTEM privilegies and can't touch any system log nor event log. I think a DLL injection would do the trick but I'm not honestly so skilled to do that. I'm trying to demonstrate to some friend of mine that even windows can allow to wipe sensible informations such as logs and stuff. My friends are sure that you cannot wipe all infos out of a Windows system and on the contrary you can do that on a Linux machine for example. Any help would be very appreciated Regards Marco
Current thread:
- Protected Storage on Windows XP Marco Monicelli (Nov 24)
- <Possible follow-ups>
- RE: Protected Storage on Windows XP Mark Spencer (Nov 25)