|
Evidence Eliminator Set-Up Guide and Review (4th Revision)
Download the PDF version with screen shots - http://evidence.topsoftwareinfo.com/review.pdf
INSTALLATION
After you purchase Evidence Eliminator (EE), you will be sent an email with the subject of “SWREG – Receipt” which will contain your receipt information, support information, and download information, along with your Keycodes which you use to register your copy of the program. Note that your Keycodes are at the bottom of what is a rather detailed but extremely informative email. The instructions to enter your Keycodes into the program are provided in the email.
Use the download page link in the email and follow the instructions to save the downloaded software to a temporary folder on your PC’s hard drive. After the download is complete, then run the program by clicking on the Start button, then the “Run” menu option. Navigate to where you saved the installation program file by clicking on the “Browse” button. Then, click on “OK” to start the installation software.
Once you run the program, you are greeted with the standard setup “Welcome” screen. Just click Next.
Next displayed is the “Read Me” screen, so go ahead and read it, and then click Next when you’re done.
The License Agreement screen is shown next. Before clicking Next, however, you should really read this license. Note that there a few features that are somewhat different than what you expect.
1.IMPORTANT! The License Agreement makes the point that this software deletes files, and that you should backup your computer before using EE for the first time. I also HIGHLY RECOMMEND that you do.
2.This software is British, meaning any legal issues arising out of the use of this software is under the sole jurisdiction of the English Courts. So if you are thinking of breaking the license requirements, if you get caught, you could find yourself needing to buy some transatlantic tickets if you live in the USA!
3.One noteworthy aspect of this license is that it actually lets you print out the help file as a reference tool. Very handy when you want to read and understand what all the options do without having to read it from the monitor screen.
For the “Choose Destination Location” and “Select Program Manager Group” screens I recommend just clicking the Next button, unless you have a good reason you want to change the defaults (not recommended).
Finally, you will end up at the “Start Installation” screen. Just click the Next button, and the installation process starts. When it is done, just click on the Finish button and you will see a message that you must restart the computer. Just click on OK to restart your PC, or Cancel if you want to restart your PC later.
After your PC is restarted. You will find the EE icon on your desktop. As EE starts, you may be presented with some flash screens, just click on the most appropriate button to continue, until you are presented with a prompt that tells you:
“Please press Options then Save in order to activate this program. Please go through ALL the options carefully and make sure you are happy with them now.”
Click the OK button on the alert box, then…
GET READY TO START USING THIS SET-UP GUIDE TO HELP YOU CONFIGURE EVIDENCE ELIMINATOR !!!
IMPORTANT! My advice is DO NOT try to use “Safe Shutdown”, “Safe Restart”, “Quick Mode” or “Test Mode” in EE until the “Options > Save” procedure has been completed, or you may lose valuable data!
You DID backup your computer … right??
CONFIGURATION
IMPORTANT! EE is not “ready out of the box”. You must configure it for your computer before using it. The good news is that this is probably just a one-time procedure… unless you change your PC configuration later… then you should go through all the Options again just to be safe.
My best advice is to take your time with it. Don’t hurry through the options, and do not assume that “the defaults are just fine”. That can lead to tragic consequences.
Let me help you around each of the Options with this Set-Up Guide. I will discuss what each Option does, and the pros and cons of using it. If you are still not satisfied, you can always use the Help facility of Evidence Eliminator. It is very in-depth and extremely helpful in understanding how everything works. Use it as an adjunct to this Guide.
Starting with the next page, we will cover all the tabs in the Options dialog of Evidence Eliminator. We will cover them left-to-right, top-to-bottom to make it easy to follow along as you configure the program. Please note that all the screen shots were made with Evidence Eliminator v5.058 – the latest version available at the time.
Windows Tab
General Sub-Tab
For the Windows Swap File, I set mine up to eliminate it, since it is probably the greatest source of evidence on your PC since it contains “snapshot images” of the memory inside your computer. Note the little cute looking “Q” icon on the right, this indicates that this function is skipped whenever you press the Quick Mode button for fast cleanups when you’re in a hurry. You’ll see this icon from time-to-time in these tabs. Use Safe Shutdown or Safe Restart to activate these options instead. My advice is to use Quick Mode sparingly.
Temporary Files are not necessarily created by Windows, but can be created by any program you run in Windows. Their contents can range from junk all the way to personal passwords and financial information. The problem is, you never know. I checked the box to eliminate them from my PC.
Activity Logs Sub-Tab
The Windows Registry Streams MRU are histories kept by Windows about your Explorer window settings. If you need to eliminate memory of file and folder accesses from Windows explorer, it is recommended that you check these items. A side effect is your Explorer windows will forget their appearance settings and revert to the default "Show As Web Page" settings. Since I have customized my folder displays on my PC, I unchecked both the “Windows Registry Streams MRU” and “Windows Registry Streams (All Streams)” boxes.
On the other hand, I checked the box to eliminate the Application Logs since I couldn’t see any reason for my PC to know how often I use any application. This feature was put into Windows 98 to help the DEFRAG program speed up program loading. It only has any effect if you activate this option in DEFRAG. From experience, I don’t see any great program loading speed-up, and it slows the DEFRAG program down to a crawl. So, since I don’t see any reason to use this feature, I just told EE to eliminate the logs.
Other Areas Sub-Tab
The Common Dialog History List keeps histories of what folders and files were opened and saved using the Common Dialogs of Windows Explorer. Note that these Common Dialogs are used by many programs, not just Windows Explorer. If a person wants to know what files you have been accessing on your PC, some versions of Windows maintain hidden history lists for these boxes, and would be very interested in these histories. I highly recommend you leave these options switched on.
Media Player history is more straight forward. Windows Media Player keeps long and detailed histories of everything you ever play, put in a Playlist, access from a Media Library, etc. If you exchange MP3 files with friends over the Internet, the RIAA (Recording Industry Associate of America) might be interested in getting their hands on this PC history list. I highly recommend you leave both options switched on.
Clipboard Sub-Tab
The Clipboard is obvious to most people. Yes, it can store text, pictures, and other information that is exchanged between programs. But since it is stores it’s information in your PC’s memory…isn’t it eliminated when you shut your PC off anyway? Well, yes it is. But remember, Safe Shutdown and Safe Restart are not the only two modes of operation that Evidence Eliminator has. Note the lack of the cute graphic that looks like a “Q”. That means that his option does activate when you push the Quick Mode button. I run my PC all day quite often and sometimes I just want to “clear the slate” without having to reboot Windows with Safe Shutdown or Safe Restart. Quick Mode is a great way to do this. So for this reason, I checked the box to clear the clipboard.
Start Tab
Run / Find History Sub-Tab
The Run Program History stores a list of all the program paths that you have run using the Start -> Run… command on the Windows Start Bar. It is the source of the list of files in the drop-down list on the Run… dialog itself. I checked the option to eliminate this history since I rarely run the same programs using the Run… dialog anyway.
The Find Computer history simply stores a drop-down list of all the Computers on a Network you may have searched for. This history isn’t even relevant unless you are on a Network, like at work. This probably isn’t all that useful at home…unless you have a network of PCs at home like Bill Gates ?. I checked the box anyway.
The Find Files history is a different story. If you ever use the Start -> Find -> Files or Folders… option on the Windows Start Bar, this is the list for the “Named” drop-down box which is useful for anyone else that would like to see what files you are looking for on your own computer. I checked the box to eliminate this history.
Recent Activities Sub-Tab
The Recent Documents list is the list shown under the Start -> Documents tab on the Windows Start Bar. While very handy while I use my PC in one session, it is rarely useful to keep from day to day. So I checked it to eliminate this history.
The Start Menu Order History is almost useless. If you pile a lot of programs on it for fast access so you don’t have to traverse the Programs option tree of lists, then I have a suggestion for you. Create a new folder under the start bar called “Quick”. Make that the only folder on your Start Bar. Copy and paste direct shortcuts from each program you have listed on the Start Bar into the Quick folder. Now, it doesn’t litter up your Start Bar, and you can just press Ctrl-Esc (or Windows key) -> Q -> and the first letter of the program you want to run. Nice huh? I checked the option to delete this history although it serves no useful function anymore.
The Start Menu Click History is insidious. Anyone with the right software can see what you ran, and how long you ran it on your PC. This can be killer at work, since they can use Network-based programs to read this and send it back to the IT department to see who is using what software and for how long. I checked this option so it could eliminate this history with extreme prejudice ?.
IE Tab
History and Cache Sub-Tab
Internet Explorer URL histories appear in a lot of places, unfortunately. The cool part is the Evidence Eliminator pretty much can wipe them all out. I do not have any real need to keep a list of all the sites I’ve typed in the Address Bar. I certainly don’t like it when IE’s autocomplete feature remembers not only my URLs I typed but also my passwords, to be honest, this feature scares me. Knowing in what folder I downloaded my last file into is convenient during a single session if I’m downloading a bunch of files into the same folder, but unnecessary otherwise. And, why would I want to keep a history of URLs that caused errors? I checked all these boxes to eliminate all these histories.
The Internet Explorer Cache is the goldmine of evidence against you since it contains every document, picture, music file, etc. that you have ever browsed. It would seem the easiest to clean too. But clicking on the IE menu bar Tools -> Internet Options… -> Delete Files just sends the files to the recycle bin. The data is still on your hard drive easily obtainable by anyone who just browses the recycle bin. Actually, even if you empty the recycle bin, they are still recoverable…unless you eliminate them with Evidence Eliminator. I clicked the “Auto” button and let Evidence Eliminator find the folders containing both my Internet files, and all the Offline Content (Local Settings) stored by Internet Explorer. Then I checked both boxes to make sure this evidence was eliminated. Note this option works in Evidence Eliminator’s Quick Mode as well…
The Internet Explorer Favorites (URL Bookmarks) were originally full of the defaults ones that come from installing Internet Explorer. The first time I ran Evidence Eliminator, I checked both the Eliminate and SubFolders boxes and had it eliminate all my favorites. After that, I unchecked both these same checkboxes and now only made bookmarks on web sites that I visit on a regular basis.
The Internet Explorer visited URL History is another gold mine for people snooping around on your PC. This applies particularly to spy-ware, a kind of software that infects your PC in a variety of ways, usually as some sort of Internet Explorer toolbar or add-on. This software tracks every move you make on the Internet, and sends this information to a server with a database somewhere on the Internet. The best example of this is Alexa. Think of Alexa as a kind of “Napster of Marketing Information”, in that you can use it to acquire marketing information on other web sites, while at the same time, you are unwittingly sharing your Internet surfing habits with the Alexa database. I checked the box to eliminate this history.
Cookies Sub-Tab
As a general rule, I only allow temporary per-session cookies on my PC. But, I do not like to keep any permanent cookies on my hard drive. Note that this a matter of taste, as some people might like to keep cookies to help them automatically log in to some web sites, for example. I find permanent cookies overall to be a security leak since they are typically used by web sites and other software to track my Internet surfing habits. To make sure all permanent cookies are eliminated, I checked the Eliminate cookies in folder box, and then clicked the “Auto” button to allow Evidence Eliminator to find the Internet Explorer cookie folder.
To make the changes to Internet Explorer to disallow permanent cookies, open Internet Explorer and click on the menu option of Tools -> Internet Options… -> Security, and highlight the “Internet” zone. Then click on the “Custom Level…” button and scroll down until you see the “Cookies” section, and change it to look like the image to the right shown here.
Download Components Sub-Tab
The Internet Explorer Download Components box, if checked, deletes downloaded program files and components which have installed themselves into Internet Explorer from web sites. A good example is ActiveX scripts and controls. Since there is no way to know what these downloaded components do, it is highly recommended you check the box to eliminate them.
In the Component Management section, you have the ability to tell Evidence Eliminator which components you want to keep in the “Keep List”. To do this, first click on the “Refresh” button to get make sure your Current Components list is the most recent. Then highlight and click on the “Add” button between the lists to add that component to the Keep List. Now, when Evidence Eliminator is processing this folder, it will skip just those components in the Keep List, and eliminate any others. Personally, I decided to keep all the components I initially had, and then eliminate any new ones. So, in the column labeled Current Components, I highlighted each one, and then clicked the “Add” button. It would be really nice if EE would allow you to select more than 1 at a time, and allowed multiple selections in the box. I added all my components until all of them were listed in the Keep List.
NSN Tab
NSN 4+ Browser Sub-Tab
If you are a user of Netscape Navigator versions 3, 4, or 6 you can configure Evidence Eliminator to conform to the browser installed. I used to use the version 6 browser until I discovered the version 4.8 of Netscape Communicator which had all the bugs worked out of it, and was released for free into the public domain. I found it at a site that contains every archived version of Netscape: http://sillydog.org/narchive/
For the Netscape 4+ and Mozilla 1.x browsers, all evidence of your Netscape browsing is securely eliminated if you click on the “Auto-Detect Netscape” button and then check all the boxes to eliminate the Cache Folder, netscape.hst and history.dat files. Since I like my Internet browsers as ignorant as possible, I checked all three boxes.
For the Typed URL history, I also checked the box to Eliminate URL memories in the JavaScript prefs files. This is really tricky, since you can’t just delete these files, or Netscape will stop functioning properly. So, Evidence Eliminator has been programmed to clean only the memory URL's out of them and leave the rest of the data intact. Cool.
NSN 4+ Cookies Sub-Tab
Netscape cookies are conceptually similar to Internet Explorer cookies. However, they must be processed entirely differently by Evidence Eliminator due to the way they are stored and used by Netscape. If you had pressed the “Auto-Detect Netscape” button on the NSN4+ Browser tab, then the path to the cookies.txt file should already be filled in. If not, you can use the manual methods supplied in Evidence Eliminator’s help file to determine its location. I checked the cookies.txt option to eliminate all cookies.
Evidence Eliminator gives you the ability to keep certain cookies, if you want to, using a Cookie Keep List similar to Internet Explorer. But be aware it works differently. If you keep a cookie for the domain “hotmail.com”, then you will be keeping all cookies for that domain. To be frank, I don’t know why it works this way, but it’s a nice feature to have if you need it. Personally, I couldn’t think of any cookies I wanted to keep ?.
NSN 3 Browser Sub-Tab
For the Netscape Navigator V3.xx – special files and folders, I checked all the options here, since all the folders were already filled in for me. Since I don’t use the Netscape 3 browser, it really wasn’t relevant to my configuration, but just in case…
In the Typed URL’s section, I also checked the Eliminate history of typed URLs in the Netscape Navigator Address Bar box… just to be sure.
Just a side-note: I used to use the Netscape 3 browser, what seems like a long time ago. It was a great, fast, feature-packed browser for its day in my opinion. Much better than the original Internet Explorer 3.0 browser. The “new” version 5 (yes there was one), version 6 and 7 Netscape browsers are built out of the Mozilla project using Java, instead of the original C and C++ of the Netscape 4 and earlier browsers. You can certainly tell can’t you? The later versions of the Netscape browser are slow, clunky, broken-feature rich, and huge. Oh well… ?
Check out the URL http://sillydog.org/narchive/ and read up on the last great pre-Java version of Netscape Communicator 4.8 – I think you’ll like it!
Mail Tab
Outlook Express v5 Mail and News Sub-Tab
I don’t use Outlook Express, so I didn’t check the Eliminate history box. Due to the security holes in Outlook Express I refuse to use it. I use Eudora personally. However, if you are using Outlook Express, there are quite a few things you should know about it. First of all, the history folder was buried on a long and strange folder path by Microsoft. It is almost impossible to find manually. However, Evidence Eliminator has the ability to find it for you using the “Auto” button. I suggest you use it, even if there is a default in the folder path box when you start Evidence Eliminator for the first time. Note that the “Auto” button won’t work until you have set up your first e-mail account in Microsoft Outlook Express.
In the Data Keep List section, you will notice that each database corresponds to a mail folder in Outlook Express. You should keep the default folders at a minimum. If you deleted any of the default folders out of the Keep List by accident, just click on the “Restore Defaults” button to bring them back. To add a mail folder database to the Keep List, just click on the “Add” button. Click on the Help button for more details.
Netscape Mail 3.x and Messenger 4.x Sub-Tab
Netscape changed the name of their E-mail client from version 3 called “Mail” to version 4 called “Messenger”. The main difference that affects you on your PC is depending upon which version you use, the files are stored in a different place on your Hard Drive. If you don’t use Netscape at all, you should probably not check either the v3.x or the v4.x box. I have Netscape v4.8 installed, so I only check the box for v4.x even though I don’t use Netscape Messenger at all…just to be certain everything is eliminated.
The Netscape Mail “Hidden Evidence Files” really baffled me at first, so I pulled up Evidence Eliminator’s help screen to find out what they were. I discovered that the ".snm" files are created by Netscape Communicator Mail v4.6 (and possibly other versions). I learned they are seriously insecure and can store and preserve megabytes of information from your hard drives which have nothing whatsoever related to E-Mail. These files are allegedly certified disposable by Netscape support and this does not interfere with the operation of Netscape. Sounded good to me, so I checked the Scan and eliminate the “Hidden Files” box so Evidence Eliminator could eliminate them.
As far as Netscape Mail History is concerned, I don’t use Netscape Mail or Messenger. So I checked both boxes to remove all Delete Items and Sent Items.
Custom Tab
Custom Files Sub-Tab
Evidence Eliminator is fully customizable. If you find a file that keeps being recreated, for example a log file, that you want eliminated each time you run Evidence Eliminator, just add it here. Then check the Eliminate all files on this list box and the file will be eliminated every time you use Quick Mode, Safe Shutdown, or Safe Shutdown. Just enter the full path of a file to be eliminated, or click on the folder icon at the bottom left of the screen, and navigate down to the file. Then, click the “Add” button. You can also eliminate any files you don’t want in the list anymore, and even edit the paths of existing entries. Don’t forget to check the box “Eliminate all files on this list.” to activate this feature. So far, I haven’t found any files that Evidence Eliminator isn’t already processing and that need to be added to the list, but it is nice to have the option.
Custom File Contents Sub-Tab
I have to admit, I found this a rather unique feature of Evidence Eliminator. It has the ability to remove the contents of, rather than eliminate, an entire file. I don’t use this option, but I can imagine that some applications might keep binary data in some kind of “first in-last out” file that keeps track of your usage of the software. You might want to use this feature to “clear” the contents of this file. You use it by entering the full path of the file whose contents you want eliminated, or you can click on the folder icon at the lower-left of the screen and browse to the file you want. Then you simply click the “Add” button and it will be added to the list. You can also delete any file in the list, or edit its folder path at any time. I left this feature unchecked.
Custom Folders Sub-Tab
I have a transient temporary folder where I keep graphics files that I create when working on web sites. It only contains working copies of the graphics as I create them in Paintshop Pro. When I am done processing my graphics images, I move the final versions to the appropriate folder on my hard disk that contains the web site HTML and image files. This graphics folder used to just collect files until I would have hundreds of old graphics files in it after while. Since I have a lot of free space on my hard drive, this really didn’t bother me…until one day when I accidentally copied an old version of a web site logo from the graphics folder, instead of the web site folder. I didn’t catch that until someone asked me why my logo was changed. Whoops. So from that day forward, I now have Evidence Eliminator remove not only the files in this folder, but the folder itself. To make it do this, first I check the Eliminate all contents of these folders, including sub-folder trees box. Then I check the box next to the folder name itself to make sure the folder itself is eliminated when I run Quick Mode, Safe Shutdown, or Safe Restart. You can add your own folders by entering the full path of the folder whose contents you want eliminated, or you can click on the folder icon at the lower-left of the screen and browse to the folder you want. Then you simply click the “Add” button and it will be added to the list. You can also delete any file in the list, or edit its folder path at any time.
Folder Scans Sub-Tab
This is a great feature. If you have applications that create backup files, or temporary files, and then leave them on the hard disk in specific folders, you can use this feature to remove them. This can save disk space, and in some circumstances make your PC run faster in those applications that would otherwise “thrash the hard disk” going through those unnecessary files. To use it, enter the folder path you want to use, or just click on the folder icon and navigate to the specific folder, and then enter a DOS-style file mask similar to “*.tmp” in the Mask box to remove all files with the “.tmp” extension. I have some applications ported from Linux that I run on my Windows 98 based PC and they tend to create temporary files in the /tmp folder on my hard drive. So I like to have Evidence Eliminator just remove all those temporary files from my PC every time I run Quick Mode, Safe Shutdown, or Safe Restart.
Custom Plug-Ins Sub-Tab
At first, this option seemed mysterious to me. But after looking at it for awhile, I started to realize that there was hidden evidence in a lot of applications besides just Internet Explorer and Netscape. In fact, my current version of Evidence Eliminator has over 90 such plug-ins. Wow…that’s a lot of applications! An example of an application I use is the Opera Internet browser. I use it since it has features that I like that Internet Explorer and Netscape don’t have. However, one feature that Opera is missing, is the ability to clear its cache automatically when it shuts down. So instead, I let Evidence Eliminator do it for me every time I use Quick Mode, Safe Shutdown, or Safe Restart. To use this feature yourself, I would suggest selecting all applications, and then go down the list unchecking the box next to the name of the applications you don’t want processed. It doesn’t hurt anything if you select an application that you don’t have installed on your PC, since its folders don’t exist and it will simply be ignored. To find out what Evidence Eliminator will do for any particular application, just highlight it by clicking on the application name in the list and the elimination steps taken by Evidence Eliminator will show up in the description box at the bottom of the screen. The Evidence Eliminator version number you see is when they added this particular plug-in. You’ll note that there is an Option that I discuss later that allows you to get the latest and greatest plug-ins directly over the Internet whenever you want. More on this later.
Mode Tab
Windows Mode Sub-Tab
This is the heart of how Evidence Eliminator securely eliminates evidence on your PC. This is where you can select how much security you want to have when your folders and/or files are securely eliminated. Notice there is a trade-off between security and performance. Note also that you can actually set security levels higher than that used by the United States Department of Defense if you so choose. The first thing you do is select the method of destruction. This is how Evidence Eliminator “overwrites” or “randomizes” the data on your hard drive. I selected the first option for maximum speed, since it says at the top “Practically, any of these options will keep you safe from snoops.”
Next you choose the number of repetitions of destruction. You can enter 1 (maximum speed) to 9 (most secure) repetitions. I entered 1 repetition for maximum speed.
Finally, you can choose Extra Countermeasures if you want even more security. I checked the For extra security rename and zero sizes when wiping files box and left the Over-ride secure deletion on file (use standard insecure deletes) box unchecked.
DOS Mode Sub-Tab
DOS Mode is only used for some versions of Windows, such as the version I am using. Note the cute graphical letter Q icon. That indicates this function does NOT activate in when you use Quick Mode. DOS Mode is only useful for doing certain things like eliminating files that are “locked” in Windows, such as the Windows swap file, and is used when defragmenting the Windows registry. Again you trade off performance for security, so you can enter 1 (maximum speed) up to 9 (most secure) repetitions.
Misc Tab
Registry Sub-Tab
Registry Backups Sub-Sub-Tab
Click on the Eliminate registry backups box to enable this feature to scan and remove automatic registry backups. Registry backups take up a good amount of drive space, even though they are stored in compressed files (.CAB) files. They also can store a lot of evidence since they contain not only the c:\windows\system.dat and c:\windows\user.dat file but also the system.ini and win.ini files as well. Some earlier versions of Windows 95 made limited backup copies of the registry file system.dat and user.dat files calling them system.da0 and user.da0. You can include these files under "Custom Files", if needed, to enable Evidence Eliminator to eliminate these files for you. The registry backups are refreshed every time Windows starts up. I checked the Eliminate registry backups box and found the folder where Windows was storing them by clicking on the folder icon and navigating to the backup folder.
Clean Registry Sub-Sub-Tab
You can use this option to have Evidence Eliminator clean your registry every time you use Safe Shutdown or Safe Restart. I highly recommend you set this up. The setting up of this option isn’t complex, but is a little more involved than just checking boxes and entering path names. RegClean will fix most registry problems automatically.
Having said all that, there is a button on the screen that will open the Help file to give you all the detailed instructions on how to download and set up a utility named “RegClean” from Microsoft. It is Freeware. Microsoft has recently stopped distributing it, but you can get a copy from the Evidence Eliminator website. Download takes only a few minutes even on a dial-up. Installation is straightforward.
After the RegClean utility is installed on your PC, you can then check the Clean the Windows Registry box and then enter the folder path to the program, or, use the folder icon to browse to the program’s location on your hard drive.
Notice the cute little Q icon. That indicates this Evidence Eliminator will NOT clean your registry in Quick Mode. You must use Safe Shutdown or Safe Restart to activate it.
Defragment Registry Sub-Sub-Tab
This is a cool feature, and as far as I know, is unique to Evidence Eliminator. On my system using Windows 98, it does the job in DOS Mode and takes about 5 minutes or so. Don’t confuse this with RegClean, as this is a totally different operation. While RegClean will fix any errors in the registry, this Option actually removes any arbitrary binary junk in the registry that RegClean may miss.
Note the cute little Q icon, which means this will NOT work in Quick Mode. You must use either Safe Shutdown or Safe Restart to enable this function.
After using Evidence Eliminator with the RegClean and Defragment Registry options enabled for the first time, my system stopped “locking up” so often and now runs very smoothly.
I recommend you go through the help and follow the instructions to the letter, which are pretty easy to perform. But take the warning seriously, and do everything in the order the Help tells you to do. It works, and is highly recommended.
Safety Sub-Tab
This option comes enabled by default in Evidence Eliminator. It basically puts up an alert box telling you that the number of files to be deleted exceeds the number in the box. Does this actually do anything else? The answer is…no…
This Option is more of a “Save the Newbies from Themselves” feature. Too many people are ready to “try the program out” before reading the manual. As you can imagine, Evidence Eliminator will probably delete hundreds, if not thousands of files, on it’s first invocation on a PC. This alert box allows you to cancel the operation if it finds more than (by default) 200 files to be deleted.
Think of this as a nice “heads up” feature from the nice people who wrote Evidence Eliminator. They don’t want you to lose stuff that you really want to keep. So, they warn you. Of course, that’s just about all they can do. The rest is up to you.
After using Evidence Eliminator for a few times, and after I was happy with the results I was getting, I went ahead and unchecked this box. However, at first, I kept this enabled, just in case Murphy tried to drop in uninvited… ?
Control Sub-Tab
Program Control Sub-Sub-Tab
The Program Control Options dialog has a lot of selections. I will take you through each one and tell you what it means, and why I chose the option I did.
• Detailed log of registry operations – I enabled this because I wanted detailed logs.
• Display splash screen – I enabled this just to know that Evidence Eliminator started.
• Start with Windows in system tray – I disabled this feature because I start it manually.
• Audible alert on messageboxes – I disabled that since I turn sound off.
• Disable Screensaver at start – I enabled this just in case. I don’t use screen savers.
• Start in system tray always – I disabled this since I disabled it starting with Windows.
• Minimize to system tray – I enabled this so it minimizes immediately when started.
• Show log window on start – I enabled this so I can see what its doing while running.
• Re-Enable Screensaver – I don’t use screen savers, so I disabled this option.
Stealth Mode Sub-Sub-Tab
Love this mode… more for fun than anything else. Do you remember the old Windows games that had a “Boss Key”? This is something sort of like that. All it really does is make Evidence Eliminator “invisible” on the Desktop, Start Bar, and even in the Ctrl-Alt-Delete Shutdown Dialog task list.
I enabled stealth mode by clicking the “Enable stealth mode hotkey” box, and set the hot key to the standard “Ctrl + Alt + E”. I unchecked “Start-up in stealth mode always” because I like to know if it’s running… ?
Windows Logon Sub-Sub-Tab
This mode didn’t activate on my PC, since I run Windows 98. People with more “advanced” versions of Windows like NT, 2000, XP, and ME must always login to the computer. This is not the case in Windows 95 or 98 where you can just press the Esc key and go directly to the desktop. Evidence Eliminator is smart enough to enable or disable this feature based upon the version of Windows it detects it is running on.
I suppose that after clicking the Configure Windows Auto Logon Settings button you would be prompted to enter your Windows login and password for automatic booting.
Shutdown Sub-Tab
When I first configured the Shutdown Interception Option, I checked the Intercept shutdowns and replace with the following safe operations box. But after while, it got hard waiting so long for my PC to shutdown, I simply disabled this option. This is no fault of Evidence Eliminator. With as often I have to shutdown or reboot my PC (like any other software developer due to testing), it just didn’t make sense to always run a Safe Shutdown or Safe Restart every time.
I have an ATX power-supply in my PC, so at first I checked the Switch off PC’s ATX power supply after Safe Shutdown box. What I didn’t realize was, that the program “power.com” wouldn’t work if you disabled Power Saver mode, which I did on my PC. So…eventually I came back and disabled this option.
Logging Sub-Tab
Save Log Sub-Sub-Tab
When you press the “Save Log” button at the main screen of Evidence Eliminator (at the bottom right of the window), the log file is stored in the folder you enter here. Just enter the folder where you will store your logs directly, or, use the folder button to navigate to the folder where you want to store your Evidence Eliminator logs. The folder defaults to the Windows Desktop, however, I suggest a more appropriate folder on your disk.
I created a special folder in the root directory of my hard drive to store all the logs, and entered it here.
Auto Logging Sub-Sub-Tab
If you do not enable this option, and forget to press the “Save Log” button on the main screen of Evidence Eliminator, you will not have any log of what happened. I highly recommend you enable this feature.
I checked the Enable auto-logging in this folder box, and created a folder called “C:\EvidenceEliminator” to hold my logs. This can be a very wise thing to do, since you will always have a log of what Evidence Eliminator did. This could be very important for you at least for the first few times you run the program.
Log Window Font Sub-Sub-Tab
I clicked on “Restore Default” which is font “Terminal 6pt” which worked just fine on my PC with a 1024 x 768 resolution screen in 65536 color mode.
It should also work with your screen too, but if not, you can change it by pressing the “Change” button and selecting the font you want. One suggestion…keep it small.
Log Refresh Sub-Sub-Tab
I checked the Auto-refresh the log windows every 10000 lines box.
Since I activated auto-logging, a new log file will be created every time Evidence Eliminator is run.
I chose so many lines because I have a LOT of files on my hard drive, and didn’t want to lose any part of the log…just in case.
Upgrades Sub-Tab
There are three buttons you can press here:
Check for upgrades – As new features are incorporated and new technology is introduced, Evidence Eliminator is updated. Click this button to automatically download and update your Evidence Eliminator to the newest version.
Check for new plug-ins – As new plug-ins are created for new applications, Evidence Eliminator updates its list of plug-ins. Click this button to automatically download and update your application plug-ins.
EE News Mailing List – If you want to stay at the cutting-edge of this technology, the EE News mailing list is for you.
Click any of these buttons to activate their function.
It is so easy to upgrade EE with this feature.
Explorer Sub-Tab
Shell Extensions Sub-Sub-Tab
Shell Extensions affect what Evidence Eliminator options appear when you right-click on a file in Windows Explorer. In this section you can choose to activate or de-activate the context menu options. If you are running Evidence Eliminator in Stealth Mode, you will find this an advantage when using an Evidence Eliminator installation on machines which others may have access to. The changes you make are effective immediately. The default for this option is deactivated. Since I don’t use the right-click menu in Windows Explorer very much, I just left this feature deactivated.
Safety Messages Sub-Sub-Tab
The Safety Messages allow you to choose whether or not to display a confirmation OK/Cancel box before proceeding to secure the Recycle Bin or deleting any files and folders. Before deleting folders or files, I always want a confirmation, so I went ahead and checked the Show an OK/Cancel confirmation message for both Files/Folders and the Recycle Bin.
AIM Sub-Tab
The AOL Instant Messenger dialog is for users of America OnLine services only. It eliminates lists of other users who you have sent AOL Instant Messages to. Insert your AOL Screen Name / User Name, not your e-mail address, in the box provided and check the option box to enable this feature. Since I don’t use AIM, I left this option unchecked.
Drive Ops Tab
Drive List Sub-Tab
Lists all the relevant hard drives to scan for evidence. Normally this would only be drive C: for most computers. But you can add or remove which ones you want scanned if you have more than one hard drive. As a personal note, I DO NOT recommend that you try to use mapped network drives. I just accepted the default C:\ drive for my computer.
Drive Scan Sub-Tab
WATCH OUT! DANGEROUS OPTION IF YOU DON’T KNOW WHAT YOU ARE DOING!
The first time I configured this dialog, there was something I was not aware of that caused me to delete files I didn’t want deleted. I recovered them easily enough from my backup. However, if I had been paying better attention I would not have had the problem at all. I found out that Evidence Eliminator only looks at the first 3 letters of a file extension, which is correct DOS behavior. However, I had copied some HTML template files to my PC from Linux with the file extension “.tmpl”. Note that “*.tmpl” looks like “*.tmp” to DOS and Evidence Eliminator, and all my “*.tmpl” files were securely eliminated on my first Safe Shutdown. As you can see, I kept this option enabled because it is so useful. But you really need to know what you are doing. I added the *.jbf and *.fts to eliminate all old Paintshop Pro thumbnail files and Windows Help index files. I left the Skip Hewlett-Packard PaperPort files and Skip Cryptext Encrypted files boxes checked.
High-Performance Mode Sub-Tab
Control Sub-Sub-Tab
Evidence Eliminator has built-in high-performance capabilities that can be used under certain circumstances which dramatically speeds up operations. Note the cute little Q icon which indicates these high-performance operations will not activate in Quick Mode. You will have to use Safe Shutdown or Safe Restart mode to be able to take advantage of these capabilities. The Safety messages are designed to inform you that another program is running at the same time you are running Evidence Eliminator, and that it is writing to the hard drive.
Running other programs while Evidence Eliminator is running is really, really bad and can cause a complete corruption of your hard drive. Evidence Eliminator will warn you if you enable the Show safety message if disk writes are detected box so that you can take appropriate action…like shutting down the other program and RE-STARTING Evidence Eliminator. I checked both the “Enable high-performance operations on all drives” and “Show safety message if disk writes are detected” boxes.
Directory Structures Sub-Sub-Tab
When you delete files, Windows sometimes keeps their names buried in the directory structure of the hard drive. This function scans and analyzes all the folders on your drives, securely eliminating all traces of deleted file names, and also their times, dates, sizes and attributes, leaving not one single trace of evidence remaining. As a full low-level cleaning solution, it is activated by a single checkbox. Notice the cute little Q icon indicating that this feature (if enabled) will not be activated under Quick Mode. You will have to run a Safe Shutdown or Safe Restart instead. I unchecked the “Enable secure under-writing of directory structures” option for maximum performance.
File Structures Sub-Sub-Tab
Not to get too technical here, but to understand File Structures, you need to know that files are stored on your disk in clusters. Clusters are fixed chunks of space provided by the Windows File System. If the cluster size is 4kb and your file is 6kb, then your file takes two clusters but only occupies half the second cluster. Files normally have free space at their tips, containing data leftover from previous insecurely deleted files.
Under FAT32 the cluster size varies from 512 bytes to 32kb. Under FAT16 the cluster size is a fixed 32kb. These hidden spaces are quite big enough to contain evidence of web pages you have viewed, pictures, sounds, anything. Evidence Eliminator automatically scans all your drives, analyzes each individual file and securely overwrites the cluster tip space with multiple passes of garbage according to your settings. The existing data in your files is not altered by this function. Only the free unused space in the file clusters is cleaned. Notice the cute little Q icon indicating that this feature (if enabled) will not be activated under Quick Mode. You will have to run a Safe Shutdown or Safe Restart instead. I unchecked the “Enable secure under-writing of file structures” option for maximum performance.
Scramble Attributes Sub-Sub-Tab
This option enables Evidence Eliminator to completely scramble the dates and times of file accesses as it performs the "Securing Directory Structures" operation. Randomizing into the future a month or two provides "cover" even after you have finished running Evidence Eliminator. Because any dates or times of any file accesses you make, are "smoke screened" by the randomized dates and times you have already created in the future. It's impossible to prove which files were dated because you used them, and which files were dated because of the randomization process of Evidence Eliminator. This provides effective cover against snoops analyzing the date and time records of the files and programs in your PC. Notice the cute little Q icon indicating that this feature (if enabled) will not be activated under Quick Mode. You will have to run a Safe Shutdown or Safe Restart instead. I unchecked the “Scramble and randomize dates and times for files and folders” and “Deactivate DLL version messages” boxes. But these sure sound like interesting options, if you need them.
Space Sub-Sub-Tab
The Protect unused disk areas section cleans the free space on your drives. It is an essential function to make sure you complete the job properly. My advice is not to skimp on this section. It takes a little time. Your computer may spend 5-10 minutes on a full Safe Shutdown. Let Evidence Eliminator do the hard work for you to keep your system crystal-clear. Hit Safe Shutdown or Safe Restart with full options selected every day you surf the Internet. There is no commercial service available that can reverse this function of total elimination. . Notice the cute little Q icon indicating that this feature (if enabled) will not be activated under Quick Mode. You will have to run a Safe Shutdown or Safe Restart instead. I checked the “Enable securing of free space areas.” because that would be the obvious first place for anyone to try and find any “evidence” on my hard disk.
Recycle Bin Sub-Sub-Tab
The Recycle Bin option securely eliminates all files in the Recycle bin on all drives. A single hidden system file "desktop.ini" will be skipped in the Recycle Bin in Test Mode. This tiny file has only a few bytes of system data in it and is required to maintain the integrity of your Windows installation. After a Safe Shutdown or Safe Restart it will be eliminated and Windows will re-create it on boot-up. With the new "Hot-Key Recycle" feature, press CTRL-Delete to eliminate the contents of the Recycle Bin. Using the SHIFT key in Windows, you can send files direct to the recycle bin without confirmation. Alternatively you can right-click your recycle bin and uncheck the "Delete Confirmation" option. Pressing Delete will now send files directly to the recycle bin. I really like this option, so I checked both the Eliminate Recycle Bin evidence and the Enable CTRL-Delete Recycle protection boxes.
CONCLUSION
Rule #1 - Make sure you back up your computer before using Evidence Eliminator!
Don’t even think about running Safe Shutdown or Safe Restart until you have configured all your Options and clicked on the “Save” button.
As an added precaution, I would suggest you then run Test Mode to get a complete log of what Evidence Eliminator does, so you can make sure everything works properly. Please note that Test Mode does eliminate files…
After you are happy with the results by reviewing the logs… you are ready to try “Safe Shutdown”. This will be a complete cleaning of your PC. The first time I ran it, it took over 30 minutes to finish. After that, it now takes just a few minutes to finish.
Whew! It got rid of a LOT of junk!!!
I have been using Evidence Eliminator now for a couple years. The feeling I get is one of great peace of mind secure in the knowledge that hackers, crackers, viruses, trojan horses, worms, (or even worse!) etc. are not getting access to data on my PC anymore.
Not only do I love what Evidence Eliminator does for me, but this is a piece of software I have really come to respect. That sounds strange saying that about software, but this is not your “ordinary” software. More useful than insurance, it protects something that nothing else protects quite so well… your personal privacy and security. What kind of price can you put on that?
I give it a 5 out of possible 5 stars for Excellence.
Thomas Straub
http://www.evidence-eliminator-info.com
|
|
