Hello Marcus, > However, although I've searched the web I haven't found enough > documentation to tell if cipher.exe only wipes empty clusters on the > disk or if it also wipes the small parts of a cluster which does not > contain data
I didn't find any clear statement,too. But after reading 'between the lines' I think cipher.exe will only wipe deallocated clusters: "We can protect data in deallocated clusters by overwriting the data,[...]" http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/cipherfaq.asp But if you write data into a directory which is marked as encrypted, then every byte gets encrypted. In this case you couldn't find clear text in parts of the clusters. (btw. Win NT zeros every data that is read from unallocated parts of the disk, so it's not as easy to get these unused parts of clusters as it is under Win98). You should be fine by encrypting the mailbase directory of The Bat and the temp directory. But the last one will decrease system performance. The most secure way at this time maybe is to use SecureBat (which hopefully doesn't write unencrypted data to the disk (doesn't it?)) -- Regards, Patrick ________________________________________________________ Current Ver: 1.61 FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
