The Windows page/swap file usually contains very recent information of a user’s activity. Data is usually overwritten fairly quickly — depending on how “busy” the system is. The page file can store potentially sensitive and incriminating evidence. The legality of admitting evidence found in a page/swap file is still sketchy in the judicial system. However, it’s always a good idea to play it safe.
If you don’t mind a slightly longer shutdown / restart time you can have your system write zero’s to the page file. This is disabled by default.
Start -> Run -> regedit
Change the following key from a 0 to 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
*The Microsoft KB article can be found here: http://support.microsoft.com/kb/314834
Pingback: Windows Anti Forensics Tip of the Day… « System7