PC ‘wipers’ not spot-free
When British software developers came up with a program that could wipe files from computer hard drives, they gave it a hard-core name: Evidence Eliminator.
It gets the point across, but can sure sound bad if a user gets hauled into court and is accused of illegally destroying documents.
That’s what happened in the high-stakes trial, now in federal court in Riverside, over who owns the rights to the hugely successful Bratz line of dolls.
Toy giant Mattel Inc. sued the far smaller MGA Entertainment Inc. to get a stake of Bratz because it claims the doll’s creator was in its employ when he came up with the concept.
The designer, Carter Bryant, has been accused by Mattel of using Evidence Eliminator on his laptop computer just two days before investigators were due to copy its hard drive.
Carter hasn’t denied that the program was run on his computer, but he said it wasn’t to destroy evidence. He said he had legitimate reasons to use the software.
Evidence Eliminator and similar programs on the market, such as Window Washer from Webroot Software Inc., perform consumer tasks other than killing content to foil investigators. For example, they can clean out temporary files created during the installation of programs. This can help make the computer run faster and more efficiently.
“They can clean up the computer detritus that builds up over time,” said Gary Kessler, a network security consultant and professor who teaches forensic science.
And Evidence Eliminator, as well as other programs including some that are free, can wipe out histories of Internet searches.
The company behind Evidence Eliminator -- Robin Hood Software, based in London -- refused to do an interview. But in an e-mail message, the program’s inventor, Andy Churchill -- who referred to himself as “a 10-year veteran of the Internet adult-entertainment market” -- said that if even the judge in the case “heard his own computer was to be investigated in a couple of days’ time, he’d be buying Evidence Eliminator.”
But it’s the software’s use to wipe out text files, e-mail and other content that makes Evidence Eliminator, Window Washer and other similar programs -- sometimes called wipers -- occasionally newsworthy.
The program’s recent notoriety provides a reminder that normal methods of deleting content from PCs -- such as dragging it to the recycling bin on the desktop -- only get rid of the electronic directory entry that acts as the address to the file.
Take away that address and the computer can’t, under normal circumstances, locate the content. It would be like searching for a house on an unfamiliar, unlit street in the dead of night.
“But the content does not actually go away,” said Kessler, who teaches at Champlain College in Burlington, Vt. “It becomes unallocated space on the hard drive.”
You might not be able to find it, but a skilled computer forensic expert could do so easily, without even having to take much of a break from “Grand Theft Auto.”
Unless one of two things happens.
The first is that the unallocated space is filled by new content. In that case, the old stuff is written over and becomes far more difficult to retrieve.
Because many people use only a small fraction of the available space on their hard drives, this overwriting doesn’t happen a lot.
The second is with the use of a wiper program. Among the several on the market, Evidence Eliminator is one of the most expensive at $150. Window Washer is $30, but it requires a two-step process in which programs are first trashed in the usual way, then the contents of the trash are wiped out.
“It would take a laboratory far more sophisticated than most of those in use to retrieve a file” killed by a wiper program, Kessler said. Extraordinary means usually are reserved for national security and other matters of major importance.
“There were folks who were able to get data off the melted hard drive in the Challenger space shuttle,” he said.
But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.
“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”
It’s the kind of information that can be brought up in court. And if the digital calling card was left by Evidence Eliminator, it could raise some eyebrows, even if the wiper was used for the most innocent of reasons.
“It was a poor choice of names,” Kessler said. “I use Window Washer. It doesn’t sound as nefarious.”