FYI:  Chris and Ryan hosted TruTV’s Tiger Team show which had a shorter life then the Microsoft Kin.

1. capture memory via moonsol’s win32dd
2. parse memory snapshot with mandiant’s memoryze
3. analyze results via audit viewer
4. or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation

On a side note, is Ubuntu taking over the world?  Sometimes you don’t want to make things too easy otherwise all of the idiots will flock from Mac and Windows and plague all of our favorite distributions with requests for ports of ___ (insert favorite fan boi single platform software here).

Here’s what I did:

1. Download and run DNS Benchmark (Windows or Wine): http://www.grc.com/dns/benchmark.htm
2. Add your ISP assigned DNS servers into the DNS benchmark tool for comparison (Windows: ipconfig /all  Linux: cat /etc/resolv.conf)
3. Load any additional public DNS servers into the tool: publicly provided DNS
4. If public DNS is faster, configure your machine for hardcoded DNS (not to pickup from DHCP).

Coincidentally, Symantec has just released their own version of a public DNS that provides malware filtering.  You can read The H article here.  Symantec’s “secure” DNS servers are 198.153.192.1 and 198.153.194.1

Two interesting tidbits in the article are Google’s privacy control pages which you may not be aware of:

1. Google Dashboard – Control your Google privacy settings for all of google’s applications
2. Ads Preferences Manager – Control whether ads are tailored to your viewing habits or not.  You can opt out here.  *Warning this site sneakily redirects through doubleclick.net — bastards!
   

First, you need to determine what the optimal cluster(block) size is for your data.  The best way to figure this out is taking the median file size of the partition.  Once you know the best cluster size then you will need to copy the data to another partition or drive.  Finally, you can repartition with the new cluster size and then copy your data back.

Here are the steps:

1. Run one of the below scripts, open in Excel/Calc and run the median() function — does anyone have a quicker way to determine median file size?  keyboard kung fu?
2. Calculate the median size of files on the volume (listFilesSize – vbscript) (listFileSizes_python/linux — first attempt at python!)
3. Move data off the volume
4. Reformat volume using optimal cluster size
5. Verify new cluster size: [root@localhost]# ntfsinfo -m -d /dev/sdaX

Anyways…back on track….

It’s not the easiest task comparing privacy policies even if you limit your search to the big players (google, yahoo, bing, baidu, ask, altavista).  Besides Scroogle which is a Google proxy — returning scrubbed results cookie free, most of the large search engines are very similar with their policies.  They all store some type of tracking cookie and say they can use this to target specific advertisements towards you and or share with third parties.  HOWEVER, all is not lost, I did come across the Ask.com AskEraser.  Navigate over to Ask.com and in the top right corner you’ll see “AskEraser On | Off”  turn this guy and check your cookies for yourself….it does make a difference…

When enabled, AskEraser will completely delete your search queries and data from Ask.com servers, including: your IP address, User ID and Session ID cookies, as well as the complete text of your search query–all within a matter of hours,

We’ll have to take Ask’s word that they’re actually removing our search data from their servers unless someone has a better idea?  Raid one of their NOCs on a Friday night hoping to bribe the night security guard with a pizza and a hooker? (maybe the pizza and a mountain dew would be enough)

Automatically permanently delete (Nuke on Delete)- Normally Delete sends files to the Recycle Bin and a Shift+Delete will permanently delete them.  With the registry tweak below the normal Delete will also behave as a permanent delete. ***Note: Delete does not mean a file is deleted.  It only frees up the file record and clusters so they _could_ be overwritten.

1. Go to Start -> Run and type Regedit
2. On the left hand side select the “+” to navigate to the following.
3. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ BitBucket
4. On the right look for NukeOnDelete
5. Right click it and set the key value for NukeOnDelete to 1

Scheduled Task to Zero out unused disk space – As I mentioned above a deleted file only insures that there is a _chance_ the file will be overwritten.  If you run the below command it will zero out all unused disk space which _should_ be good enough to prevent file content recovery. ***Note: The deleted file name will still be lying around until a new file happens to overwrite it.

>cipher /W:[directory_to_wipe]

Here’s my scheduled task: C:\WINDOWS\system32\cmd.exe /c cipher /W:C:\

Scheduled Task to Delete Recent Items – Even if you permanently delete a file and or use Eraser there’s a copy of the filename in your Recent directory.  I have the following scheduled task command which clears my Recent items once a day….

Task for Recent Items:

>C:\WINDOWS\system32\cmd.exe /c del “c:\documents and settings\[username]\recent\*.lnk”

Task for Recent Office Items:

>C:\WINDOWS\system32\cmd.exe /c del /Q “C:\Documents and Settings\[username]\Application Data\Microsoft\Office\Recent\*.*”

Eraser - I highly recommend using this great freeware utility.  One of many things it does is adds a new option in your content menu to permanently delete a file and zero out the contents all at the same time.