Wiping page file

Microsoft Windows xp professional w/serv...
November 14, 2010 at 14:43:43
Specs: Windows XP, Intel multicore/4gb
Well, this doesn't seem commonly posted, so I thought I'd share. Recently just for yuks I ran Internet Evidence Finder on my hard drive. Keep in mind I routinely use CCleaner and Webroot's Window Washer to wipe my junk, and zilla shredder to use DOD to overwrite free space. IEF found stuff years old that I thought I'd wiped many times over. It turns out these items were in the swap (pagefile.sys) file. Using the registry hack to 'wipe paging file on windows exit' does not in fact wipe over the paging file with 0's or anything else. It merely relocates it. Going into the advanced windows settings, deleting the swap file, rebooting, and reinstituting the swapfile ALSO does not get rid of contents in the swap file, since again it merely reallocates the location of the file but the data is still within the protected swap file. I'm still looking for a reliable way to clear the swap file, and just want to let anyone out there know that if you think CCleaner, Windows Washer, deleting the swap file, or using window's 'clear swapfile on exit' truly clears it, you're mistaken. Perhaps BCWipe does it, but I've not tested it yet.

See More: Wiping page file

November 14, 2010 at 17:17:33
While Windows is running the pagefile is locked for exclusive access. It cannot be read or written to by any application. If you did find some way to clear the pagefle while Windows was running this would almost certainly cause a system crash. The only way to clear the pagefile is to set a specific registry entry. This setting will overwrite every byte of the pagefile with zeros during shutdown. It does work.

But for most users this is a waste of time. To read the pagefile you would need to boot into an alternate OS. Basic security precautions would make this very difficult. At that point the system is at the mercy of any hacker, even without accessing the pagefile. Finding anything of value in hundreds of MB of raw data would be a major undertaking.

If you work for the CIA and your computer contains information relating to national security, or you are an executive with a major corporation, then this is probably a good idea. But for the rest of us clearing the pagefile is pretty much a waste of time. Most systems have security problems that are far more serious than an uncleared pagefile.

Report •
Related Solutions

Ask Question