Oct 4, 2008

Keep "The Man" out of your Virtual Memory

I’ve mentioned different ways that “the man” can gain evidence from your computer, and ways to protect yourself. One way I mentioned was recovering deleted files from your hard drive, for that I suggested a couple of free hard drive secure wiping solutions. Another method of protection I suggested was full hard drive encryption, but if they have a warrant, you will be forced to give up your password so they can gain access.

A method that “the man”, and hackers for that matter, use that I didn’t mention was recovering data from your computer’s virtual memory. Virtual memory is a small area on the hard drive that the computer uses to temporarily place item it has in memory when it isn’t in use in order to make room for programs that are being used. When you shut down your computer, the data stays there until the next time you use it. Likewise, when your computer goes into hibernate mode, all data in memory gets dumped there while your computer turns off. That way when you turn it back on, everything opens right where you left it.

agentt smithTo help protect against this, you can clear your virtual memory at shutdown. This isn’t a fool proof method, and it may even increase the time it takes to shut your computer down, but it is better than a sharp stick in the eye. I actually recommend this with the use of the other methods I already posted about.

I don’t know how to do this in Linux (If you know, please leave a comment on how to do it, or where we can find directions), but in Windows it is a simple registry edit. Remember that before editing the registry; always make a backup of it first! Also, never mess with the registry unless you know what you are doing.

1) In Windows, click on Start > Run, then type in regedit (or regedt32) and click OK

2) Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

3) In the right pane, you should see a value called ClearPageFileAtShutdown, right click on it and select modify.

4) Change the data value from 0 to 1

5) If that option isn’t there, you can create it by right clicking in the right pane, and selecting New DWORD value, name it ClearPageFileAtShutdown and set the value to 1.

6) Reboot your computer to let the changes take effect.

Both “the man” and hackers have many tools at their disposal to parse through your virtual memory. Use this, along with the other methods to keep your data secure.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam