Protection privacy standards

Starting the computer. Open the browser. Log in to your Facebook account. Sending an email to a friend. Download photos from Internet resources. Modification of the file. Delete another file. We probably do similar activities on a daily basis while working with different devices. We know the basics of security rules that are not so easy to ignore. We know that every move in the cyber world is a movement recorded somewhere. In theory, we know what to look for, but without practical preparation, we can do little. With this guide, each of you will be able to maintain high protection privacy standards.

Each device can be legal evidence. This is nothing wrong. Worse, if the proceedings are against us. Even if we deserve punishment, we can effectively get rid of the evidence from the device. And what if the justice system does not concern us directly? There are many cybercriminals in the world. If someone is planning an attack on us, we will eventually become a victim. Losses depend on preventive action.

300 GB of data is the average size of a single case carried out by Mediarecovery investigative researchers. Any, even the smallest analysis can contribute to finding evidence against us. The operating system itself collects amazing amounts of activity data, but let's start with the basics, that is from this guide. However, please note: if you want to effectively hide data, then you must forget about the backup. At least about the one we store with suppliers of popular "clouds". Each server logs events, but I write about it later.

Effective privacy protection tips

Investigators are familiar with these security tricks. Which does not mean that they can easily avoid them.

For organizational purposes, we will introduce two signs:

  • Z - you have nothing to hide from the police,
  • P - you are afraid of law enforcement.

Booting system

Z / P: Every security specialist always recommends encrypting the whole disk. In the case of theft or loss of the device, access to data is significantly impeded (or impossible). In the case of contact with the police, the encrypted disk will extend the analysis process (unless we provide a password).

Mediarecovery's comment:

Data encryption is intended to protect the user against the risk of unauthorized access to the stored information. If the security was easy to circumvent, its use would not make sense. Encryption is also one of the so-called anti-forensic and may be aimed at making work difficult. Often, however, both the encryption mechanisms themselves and their use by users have numerous vulnerabilities that we can use - for example, gaps in the encryption software are known, which allow to obtain an encryption key or the user uses universal passwords. Having knowledge about this subject, we can deal with even encrypted data.

Z: The system is probably starting up now. The operating system does not matter. Let's just remember that Windows 10 sends data about the device to the company from Redmond.

P: Using Windows systems is not the best idea. They are incredibly popular, however, they contain a closed code that contributes to finding many vulnerabilities. The worst is with systems whose support has been terminated. A good solution is Linux. It should be remembered that the system can be run in live mode, i.e. without much participation in the process of booting the hard disk (I recommend Tails distribution). Data will disappear when turned off, so a copy, if needed, must be made before removing the media.

Login to the system

Z / P: People make mistakes. Most can and should be forgiven, but the lack of any authorization no longer. The password is not enough. Let's use biometric security or Yubikey keys. Rules for creating passwords appear in every material about data leakage or about security advice. And good. I recommend creating a password based on reading this post.

Successful login

We probably see the desktop now.

Z: Only the most important files and folders are stored on the desktop. We do not need abbreviations (use the intuitive search in the Start Menu). The programs run automatically after the system startup (autostart) are minimized: anti-virus, messenger, password manager.

P: On the desktop, there is only space for the "trash" icon. I do not recommend installing any unnecessary programs, because each application stores its logs.

Using a computer

Z: Let's remember about security rules:

  • We install a good antivirus program. According to the tests, Kaspersky Lab and Bitdefender are the most effective. In terms of privacy protection, it is probably F-Secure.
  • Now everyone uses online banking and / or online shopping, which is why I recommend Internet Security packages: Kaspersky and Bitdefender.
  • Let's use strong passwords. Manager must be used to store them. I recommend Kaspersky Password Manager (the program is paid, but the free version allows you to safely store up to 15 entries) and KeePass. These programs can generate strong passwords and store them on a high, secure level.

Kaspersky Password manager

Hasła w systemie Debian 9
People using the Linux distribution can use the password manager built into the system.

  • It is worth using a program that automatically searches, downloads and installs updates. For me, Kaspersky Software Updater is responsible.
    It is not worth to store copies of whole disks (if you must, use Norton Ghost), because installation of the latest hard systems is not necessary.
    Encrypt. All. I have recently used the free VeraCrypt program.
    Remember about VPN. If you follow AVLab, then maybe you will buy NordVPN from the affiliate link.
    Use popular browsers. Several plugins and secure Mozilla Firefox configuration here.
    Files from unreliable sources run in the sandbox (an isolated environment, the malware will not affect the state of the system or other files, but you still have to be careful). You can scan files on the VirusTotal portal, but remember that premium account users can download them.
    The rest of useful tips here.

P: Use all of these tips, but using these commercial programs is not the best idea. First of all, encrypt everything you can with VeraCrypt, use ProtonVPN (freeware) and / or use the Tor browser, as well as isolate activities in the sandbox.

Additional advice: check in the task manager whether any suspicious processes are running. Malware often hides its presence, but certainly not everyone is so "clever".

Delete and erase

Z / P: Moving the file to the Recycle Bin and emptying it, or pressing the [Shift] + [Del] key does not make sense.

Each file on the disk is stored in a specific place. After performing the above-mentioned operation, the file is NOT deleted. The system means this place is empty. If we have not done too many operations (turning the device on / off, copying, creating, deleting, moving), then the file is completely recoverable intact. You can do it at home, but I do not recommend this option. It is best to order a professional company to recover files. As a result, we have practically complete assurance of data recovery. In addition, the network is full of recovery tools, but any change to the disk is additional records, which increases the chance of failure. Remember to make regular backups, which will avoid most problems.

Deleting data is a "little private" system function. Use erasing. And I have some bad news here. There are free programs that have this option. Unfortunately, I doubt their effectiveness. Maybe it is worth investing in a professional DESlock program? It is used to encrypt media, files and e-mails (AES 256 algorithm). I encourage you to read the leaflet on the ESET website. At the same time, we get a brilliant in terms of "user friendly" program. VeraCrypt is left behind.

If you are planning recycling, there is no better option than using degausser, bending machines, and shredders. Of course, you can drill a disk, but there are more interesting and effective methods. The principle of degausser's operation is presented in the following video:

What about the Githuba programs and the CCleaner wipe module?

Mediarecovery comment:

We have not tested the GitHub tools so it is difficult to assess their value. There are many tools available on the market. Their goal is to securely erase data. The program we trust is the mediaeraser. When applying this type of solution, it is worth paying attention to some technical issues:

Erasing a single file from the operating system on which we work does not mean that the information about this file will "disappear". The operating system and software store a lot of additional information about opened and edited files. What's more, it is possible that the file will leave other temporary files in which the contents of the original file will be located - although we have erased the original file, a copy will be made after it. For this reason, to erase data in a way that leaves no doubt, it is necessary to overwrite the entire medium.

Even a single overwrite of information is basically sufficient. A good data erasure program can bit-by-bit to replace the contents of a file stored on the medium with random strings.

Such an operation means that no commercial file laboratory can recover. If you are more concerned about your data, the only method is to physically destroy the medium - for example, you can permanently and permanently delete a record on hard disks using a degauser (eg one of these: https://forensictools.pl/kate… -data /).

CCleaner is a popular program but, like in the first question, one of many. It applies to the same limitations as indicated in this answer to the question about github.

Data recovery

It would be a sin not to present two data recovery programs. Recuva is designed for every user. His service is not complicated.

Recuva odzyskiwanie plików
We choose the type of file that we want to recover. The specific type does not translate into the speed of the disk scan, but its results are clearer.
Recuva odzyskiwanie plików 2
Recuva will try to recover data from several types of media and folders (this translates into scanning speed).
Recuva odzyskiwanie plików
This process may take a while. The program searches the drive for deleted files.
Recuva odzyskiwanie plików
A long list of files that can be recovered and those that no longer exist

Do computer forensics laboratories use the Recuva program? I doubt it. It uses much more sophisticated software, such as EnCase, Password Recovery Toolkit or Magnet Forensics. In the case of investigative analyzes, you should always make a copy of the entire disk. You can also protect the drive against modifications of the so-called blocker. Thanks to this, the court will not accuse the experts of changes in the file structure.

There is a program that is used in professional data recovery laboratories. It's R-Studio. After the first start you can see the differences between him and Recuva.

R-Studio odzyskiwanie plików
R-Studio wrote all partitions. There are many other options on the top bar. Refresh is not necessary because the program quickly detects the connection of a new disk (eg a USB drive).
R-Studio odzyskiwanie plików
The preparation window for scanning a pendrive (available after selecting the drive and right-clicking on the mouse, which opens the context menu).
R-Studio odzyskiwanie plików
Scanning takes a lot of time. On the right we see colorful squares (description available below them), which resemble defragmentation programs.
R-Studio odzyskiwanie plików
The deleted file has been successfully recovered.

I am convinced that R-Studio is more effective. Although Recuva scanned the system disk for about 1.5 minutes, and the R-Studio pendrive 32 GB a few dozen minutes, the more expensive it does it much better.

The internet does not forget

This is not just the actor Kevin Hart. We must know that "with the standard approach" our activity is logged and stored.

Logi serwera

We can change our IP address using a VPN or proxy server. There is also a Tor network, but no one knows exactly what is happening there - the one who controls the entrance node, controls everything that passes through it.

ProtonVPN is a free VPN service that is limited by network bandwidth. However, this does not affect safety.

ProtonVPN
In the free version, the possibility of choosing a VPN server is limited. The application usually connects to the nearest available point.
ProtonVPN
Now my IP is 46.166.142.216.

We have no influence on anything else. We must remember to delete history, cookies, cache and other data from browsers. Besides, we can delete a lot of data using the CCleaner program.

Social networks

Z: If you are not a celebrity, why should everyone need to know every detail of your life? The group of recipients should be limited only to friends. Review privacy settings to the basis. Additional advice was prepared by Avast in this article.

Zmieniając ustawienia facebooka zyskujemy wysokie standardy ochrony prywatności

P: Do not use any social networking sites.

SMS / cellular connections

Z: The fears are small. Make sure no one overhears you. If you are not an entrepreneur, then do not receive calls from unknown numbers. Take care of regular device scanning. Use the best solutions. Only install applications from trusted sources. And check them out because Google Play is not secure.

P: Do not use these forms of communication. Check out this podcast.

Eavesdropping on the phone is possible (criminals use false BTS stations, which is the base points of our mobile operator). Without proper tools, it is difficult to detect their operation. More information on the interview blog Alfatronik and at Niebezpiecznik.

Sandbox

Malware analysts do not use sandboxes for their work. Such things are done in virtual machines or in real systems. To test the sandbox, I wrote a simple program in C ++.

Sandboxie piaskownica
We can use Sandboxie or the integrated Comodo Internet Security Premium antivirus module.
Comodo sandbox
Comodo independently launched the avlab.exe file in protected mode. This situation was not to take place, which is why I stopped the anti-virus.
sandboxie ramka
The program running in the Sandboxie sandbox is framed by a characteristic yellow frame.

How to maintain high protection privacy standards?

Keeping privacy is not difficult. Sometimes a little common sense is enough. With additional programs (or systems such as Tails specially prepared for this purpose), we can drastically increase security and our privacy. Censorship in the world exists. It does not mean, however, that we are helpless. Despite the growing media interest in the field of privacy, many people are still making mistakes. Education in this area is important. You can not skip reading thematic portals. A lot of information is also available on the Kaspersky Lab blog, on the Securelist site, on the Naked Security website or on the ESET blog.

All these programs are my subjective choice. Thank you Mediarecovery for comments. I hope that the readers will understand the purpose and methods of effective anonymisation in the cyber world. Interested in the subject of privacy and computer science, I encourage you to follow the pages mediarecovery.pl/aktualnosci and forensictools.pl



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.