Hiding Your Files In Windows Vista

Hiding Your Files In Windows Vista

By ghost | 7041 Reads |

0     0

Some parents/spouses/etc are virtually clueless, so that unless you leave your saved files on the desktop they'll never discover what you have been doing on the computer. Other people are not quite so oblivious. This article is meant to help you cover your tracks well enough to prevent the vast majority of computer users from being able to view/track/monitor what websites you went to, movies you watched, files you read, pornstars you fantasize about, etc.

Althouth outside the scope of this article, you should also consider how you connect to the internet. Most homes with a broadband connection will have a router that all the computers in the home connect through. Many routers have the ability to keep a history of URLs visited by each computer and even email that history to the network admin upon a given event (like a PC on the network trying to access a blocked website). If you have something to hide from others, you should try to gain access to the router control panel to disable or delete the history kept on the router…if that isn't possible, a factory reset of the router will acomplish the same thing, but also reset everything from port forwarding, WEP/WPA keys, password settings, etc.

** PART 1: PREPARATION **

Download and install TrueCrypt from http://truecrypt.org/. This program will allow you to create an encrypted container in which you can save your files. You'll need to protect it with a strong passphrase. The contents of the encrypted container are decrypted on the fly, kept only in RAM, and never stored unencrypted on the hard disk for an undelete program to find later. Very safe as far as encryption goes, but for a tutorial on how to use TrueCrypt, check out their website.

Always be sure to name the container something simple and innocent like "system". Also, move the file to a simple, but out of the way location like "C:_" and make that folder and the TrueCrypt container hidden in Windows Explorer (right click on the folder, select properties, and then click 'Hidden'). To the casual observer, the directory won't even exist, and if they do locate and open it, they'll see only a file names "system" with no extention. Also, it's easy to quickly mount the container in TrueCrypt by typing the path "C:_system". Some people prefer to hide their TrueCrypt container in the Windows directory or somewhere else on the hard drive. Wherever you hide it, just memorize the location so you can type the path directly into TrueCrypt without having to navigate through Windows Explorer.

Let me say a word about the file indexing that Windows Vista performs to make searching for files much faster. By default, any file kept in the "c:Users" directory is indexed. That includes all of your desktop, documents, music, movies, etc. You SHOULD NOT store your TrueCrypt container anywhere that will be indexed so that it will never show up in any basic search from the start menu. You can verify the indexing settings on your computer by searching for "index" in the 'Start Search' field. Select 'Indexing Options' from the results. Click 'Modify' and then click 'Show all Locations'. At this point you may have to allow the action depending on your UAC settings. From here you can add or remove which directories and drives are indexed by Windows.

Now that you have created and mounted a TrueCrypt container of sufficient size, go ahead and open up Firefox. If you need a method to quickly hide your tabs in Firefox because you're working where you might be interrupted (silly you), go ahead and go to "https://addons.mozilla.org/" and search for addons such as "TabRenamizer" or "hideBad". There are many different addons out there, find one that you like, but it should at least allow you to instantly rename all of the tabs (you can customize what they are renamed to or go with the defaults) and predetermine which tabs can be instantly closed with by pressing ALT+X and which (innocent tabs) will remain open for the passerby to view. (you can then have hideBad re-open the hidden tabs). Really useful stuff for what you're about to do.

** PART 2: DOWNLOAD **

Now go to your favorite sites and start reading/viewing/downloading/saving anything you wish. Make sure that you are saving everything directly to your encrypted TrueCrypt container. I recommend you save files only with numbers (example: 01.txt). The reason for this is that if at some point you become lazy/sloppy/forgetful and leave a trace of your viewing history later on, "553.txt" looks a whole lot less incriminating than "secretHackerFile.txt".

Do whatever it is that you're doing, but when you're done it's time to cover your tracks…

** PART 3: CLEANUP **

To limit the ability of others to trace your actions on the computer we'll need to do several things.

Dismount your TrueCrypt container where you've saved all your files. Right click on the TrueCrypt icon in the system tray and select 'Dismount All Mounted Volumes'. Now unless you've chosen a weak password or your parents have a keylogger installed on the computer, it should be virtually impossible for anyone to actually access your files, but there are still plenty of other ways for them to find out what you were doing while on the computer.

If you just delete EVERYTHING in the history files throughout the computer, your parents may become suspicious when the 'Recent Items' shows nothing. There way around this is to be selective about what parts of the history you delete, but the quickest and most sure way to not leave any evidence is to just delete everything.

First we will delete the list of 'Recent Items' from the start menu. Open up windows explorer and navigate to: C:UsersAdminRecent (Where Admin is the name of the current user). CTRL+A to select all the items, then SHIFT+DEL to delete all items in the history.

Next, open up Firefox and press CTRL+SHIFT+DELETE. This will bring up the 'Clear Private Data' dialog box. Ensure that all of the options are selected and then click the 'Clear Private Data Now' button.

Next, if you watched any movies in Windows Media Player, if under ALT>File you can see the history of URLs or files played/viewed, you'll need to delete those as well. Click the arrow below the 'Now Playing' tab and select 'More Options', then highlight the 'Privacy' tab. Click the 'Clear History' button to erase the file history. In order to prevent lists of URLs or files from coming back in the future, remove the check mark from 'Save file and URL history in the Player' check box.

If you used any other programs to view your files or do your thing, you'll need to look through the options and menus to see if that program saves a history of URLs or files. If it does, there should be an option to clear the history and disable it.

** PART 4: ONE MORE THING… **

The above tactics will only work to protect you from an average person. If you're trying to hide from the feds or anyone who could do an actual forensic analysis on your machine, you'll probably want to get a program called Eraser (http://eraser.sourceforge.net) to permanently erase any data you wouldn't want to be left behind. Basically you can set it to overwrite the data anywhere from 1 to 35 times, which should prevent anything being recoverable. You can use it to permanently delete all the information in 'recent' or browser cache. You can use it to scrub all the unused space on the hard drive, or you can use it to scrub the entire disk of everything on it…