Byte By Byte Disk Scan

I use encryption permanently where passwords are concerned but I'd like to satisfy myself that no plain text versions are present, either in used or in free areas. Can anyone recommend a portable program that can search for and edit text sector by sector? Probably take all night but that's ok.

 

Have a look at these apps Earthling:
http://www.majorgeeks.com/mg/sortname/wipers.html
I don't think that such software could differentiate text from binary data because in the end everyting consists of only zeros and ones.

 

Many years ago I had Acronis Disk Director. With it you could edit your disk (in hex), byte at a time, though I doubt it could have searched for text strings, even when written in hex. However to do what I want to do the software has to work at the byte level, not at folder or file level. Later on I did have software that could crawl through the whole disk searching for ASCII strings but I haven't been able to track it down so far among my huge collection of old installation files and it almost certainly wouldn't work anyway even if I found it. However I do recollect being a bit shocked at some of the passwords that were still there in free space, but that was before encryption became freely available.

Maybe the sheer size of current disks makes my goal unachievable but I'm surely not the only one asking themselves this question.

 

See if this can help.
It works on Windows Vista and later.
https://docs.microsoft.com/en-us/sysinternals/downloads/strings

Wipe the free space with software like Revo Uninstaller's Evidence Remover.

 

I'll have to take a good look at strings but I'd still prefer a program that searched the entire disk, used or free. I have actually found the installation file for the program I mentioned - stated to work in Win 98 through XP I'll need to take precautions - don't want it messing up my system!

 

What does this actually mean Earthling?
I assume "free" means unused by any file or program. But if "used" means that you want to remove text from files that are still part of the file system then please don't even try! Did you ever open an exe file in a text editor? A lot of the content is plain text (e.g. linked libraries and function names of the used DLLs).

 

For the moment I just want to establish what if anything may have been left behind, either by LastPass or by by my onboard encryption program Cryptainer LE. What I choose to do about anything I may find depends on what it is but I won't be inflicting any irreparable damage to my system, I do know how to protect it. 'used or free' does mean anywhere at all on the disk, either within the file system or outside of it.

 

But that's exactly what damages your system How should a program decide what a found string belongs to?

 

We will see. It's been my experience, quite a few years ago I admit, that you can safely amend ASCII strings, e.g. you could replace BLACK1234 with WHITE4321 and neither the system nor the software will be aware. However I am using Rollback RX for quick snapshot restores and Macrium Reflect images should I need to revert to my starting point. But let's see what, if anything, I come up with and I have yet to decide what software I can use for this disk crawl.

 

I tried with one of my own little executables. I replaced KERNEL32.dll with KERNEL33.dll in a HEX editor. Not surprisingly a popup came up complaining that the execution of the code was discontinued because KERNEL33.dll can't be found.


But I'm afraid I can't stop you from trying it

 

You do need to be certain that your search term is unique - yours definitely is not. I'm using atm part of my most secret password and the search is mostly through and hasn't found it. I'll try part of a password I use a lot just to test the software I've chosen - Disk Investigator - which is running fine.

 

Looking good - it found over 300 occurrences of my unprotected password and the scan for a five character ASCII string on a 120GB SSD only took about 6-7 minutes. It's now practical to checkout the 20 or so passwords I believe I have been protecting with encryption, but I already know that the most important one is not discoverable. Disk Investigator provides a lot of info about each find that I haven't yet had time to study.

 

You won't convince me to use such a program. The risks are unpredictable. Even a binary part of a file may contain a byte sequence that happen to have the same values as your string.

Just out of curiosity ...
If you encrypt the partition with your sensitive data why are you worry about that passwords on it are still readable?
And if you find the paswwords on another partition who or what did save them as plain text?

 

I'm not trying to, I just want to know whether supposedly encrypted data is being recorded to my drive in readable form. Neither LastPass nor Cryptainer should do so.

That has already happened. You just have to study the 'found' results and decide whether it's significant or whether the password ought to be changed.

I don't use drive encryption at all, just LastPass and Cryptainer, neither of which should write anything to your drives. If they are doing so I need to review whether to continue to use them.

See previous point, about suitable software[/QUOTE]

 

OK if the program doesn't overwrite something unattendedly then it might be usable.

 

It's been time for dinner here so had a break for an hour or so. Disk Investigator doesn't seem to have any disk editing capability so it can't actually do any damage. Pretty useful though, a keeper. Was surprised it installed and ran in Win 10 but that's because it's read only.