Me again, the forensic therapist computer ignoramus...
If it is not possible/practical/legal (i've read all three options here) to create a truly portable XP or other flavor of Windows, then perhaps someone could devise a way to securely erase any traces left behind if one boots XP from USB.
I'm not really paranoid, honest. But I work in a melieu where both prosecutors and defense attorneys will lie, cheat, and steal to get their hands on the other side's stuff. I work both sides of the bar and I've seen it happen. So it is desirable to be able to USB into a PC, do some work, and disappear leaving no trace whatsoever that you were ever there. Hmmmm...come to think of it, I might be asking if someone could create a hacking tool. NOT my intention at all.
Hardly any of us in my business, docs, lawyers, investigators, will use web apps because the simple assurance of the vendor that they are secure, secure, secure means nothing. It is by no means beyond imagination that the guvmint could work with vendors to write in back doors, or that attorneys in high profile capital cases could offer huge bribes to get in.
So what about a portable app called, say, IWasNeverHere that neatly and automatically and securely wipes all traces that the user was ever on the machine?
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
@ omniryx
"So it is desirable to be able to USB into a PC, do some work, and disappear leaving no trace whatsoever that you were ever there."
"So what about a portable app called, say, IWasNeverHere that neatly and automatically and securely wipes all traces that the user was ever on the machine?"
This all sounds really suspicious, like a stealing of information business.
PVPM runs on a USB and leaves nothing on the host machine.
http://www.metropipe.net/pvpm.php
Ed
You should have said:
"Leaves nothing unless admin wanted to monitor it".
Stealthiness is a myth.
"Those people who think they know everything are a great annoyance to those of us who do." Asimov
You won't be able to boot from your device unless the admin is a 100% amateour.
I suggest using a virtual machine or something like PVPM mentioned above.
"Those people who think they know everything are a great annoyance to those of us who do." Asimov
I'm not a lawyer so this advise is not legally binding in any way, consult a lawyer for correct information, but...
A portable XP? To be honest, any PC that is forensically being examined will includes making images of any hard discs, scanning the drives etc. very carefully. But obviously forensically examining a PC is something else than 'doing some work on the PC without leaving any trace that you were there'. Computer forensics have their ways of working and using a 'portable' operating system is not one of the ways I think, they just take the hard drive and examine it through their special equipped hardware and computers.
If you mean you have to do some administrative confidential work to work on documents, reports and so on, don't use public computers at all, use your password protected and encrypted laptop.
If you mean you want to extract information from a PC without the owner or anyone knowing about it might be considered illegal unless it's done in an official legal way by a law enforcing entity.
Lying, cheating and stealing, especially in a legal context is illegal.
Using online applications for highly sensitive material is not idea as the information could be asked to make public in need of some legal investigation. That's besides any possible backdoor problems.
Using some software that securely wipes all traces that a user was on a PC is in itself leaving a trace of securely wiped parts on disc.
PortableApps.com applications are to keep your apps and settings with you on the road but are by no means totally stealth. (That is beyond the scope of PortableApps.com) While your personal settings are kept on your portable device Windows itself might log many events ranging from last used application to access times of files, log files and so on. PortableApps.com applications remove files and folders from the host if they were used for the portable application but does not securely wipe them, which in itself might be as good idea if passwords and other private data would be involved (That a nice idea John?) but only from the aspect of the user of Portable Applications.
1. I think that if you build your own XP portable with BartPE and not distribute it or sell it or whatever, just keep it with you, you are not doing anything illegal (at least not in this part of the world).
2. You can use a Linux LiveCD
3. you can build a portable linux running from a USB stick.çç4. PortableApps.com don't leave important data, just some traces in the registry that say that you were runing an app, but no information on what you where doing with that.
If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report
The only way you can go is to use a live cd.This can be stopped by not letting the PC boot from cd but it certainly wont leave any traces on the PC, simply because you are not using the PC's hard drive. I think its like having an external drive attached to the PC. As long as you don't mount/use it, no one will know you were there.
If someone is monitoring the network, they would still know where you surfed to but theres no way around that no matter what you do so its not really a hindrance.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
I'd say WinBuilder. BartPE doesn't looks like to be maintained anymore by it's main developer (Bart).
the word is actually spelled "gubmint", since that's the way it's usually pronounced.....
"I don't hate cats...as long as they stay on the freeway, where they belong."
- Brad Stine
Here is a tutorial on how to set up linux on your flash drive. Its called Pendrive linux
https://portableapps.com/node/10225
I have this on a 2gig flash drive. It runs from inside windows like any other portable app so you might like this. if you want it to be truly portable do not run the QEMU Accelerator cancel it when it comes up. the QEMU Accelerator is just an interface that optimizes Pendrive Linux allowing it to run faster and needs administrator privileges to work.
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
MickeyJ4J