INSTALLING AND USING ERASER

First

If you're attached to a program you already have, it may do everything you need. Unless a wiper program has serious problems, all do much the same job, and the differences are in ease of use and selection of files. It needs to be able to wipe selected files, with a right-click context menu option, or by dragging and dropping files onto its desktop icon. It should also be able to do an unused disk space wipe, and it should also wipe cluster tips (the space at the end of files, also called file slack). One user likes a program that came bundled with a disk, because he has a ready-made excuse for having it. But if you don't have a pet program, read on.

Downloading and installing

The download page is here eraser download 1

For 2000, 2003, XP & Vista, use version 5.86a, or whatever is the current latest stable version. Open the executable, which will have the name EraserSetup32.exe, (or if you have a 64-bit machine, use EraserSetup64.exe, though the 32 bit version will probably also work). There are no options to select, just follow the instructions.

If you prefer to save the setup file to disk you must double-click it to start the install, and it means there's another file you might want to erase at the end of your disk cleaning.

eraser download 2

For older Windows - 95, 98, ME, NT 4.0, you need to download version 5.7 - which will also work on Windows 2000 and XP. This comes as a ZIP file which you unzip to get the install executable EraserSetup.exe. Double-click it it in Explorer to start installing. Read the README.txt as with older Windows you may need to download another file. eraser download 3

Although Eraser 5.7 is much older, there is very little difference in the basic operations and the instructions below should work for both, possibly with minor differences.

At the end, leave the Run Eraser checkbox ticked and finish. Or click its icon, or its name in Start / Programs. Eraser should then start and display its main panel.
eraser panel

Setting up Eraser

Eraser Help

Before we list some basic setup and run options, let us say that the Eraser Help is BRILLIANT. From the main panel, click Help / Help Topics to see it, or go to the install dir, usually C:\Program Files\Eraser, and double-click Eraser.chm.

Erasing Preferences (optional)

in the taskbar, Click on Edit / Preferences / Erasing (or type Ctrl E)

This displays a line for several common erasing schemes. Because the people at Eraser know that no police or commercial agency uses hi-tech methods, they have defaulted to 1 pass of pseudorandom data, which is good enough for anyone. But if you prefer, you can select any of the others. Gutmann is obsolete, only first and last 2KB is not recommended, but either of the DoD ones or Schneier's one are fine.
Leave all three of the bottom checkboxes ticked and click OK.
(For Eraser 5.7 the equivalent three checkboxes are under Edit / Preferences / General or type Ctrl P)

Setting up task - Specific files wipe

Note: many of the files you need to wipe are hidden, and don't show up in Windows Explorer unless you enable 'view hidden files' (in any Windows Explorer window's Tools/Folder Options/View tab). Eraser tasks will still find them but you won't be able to check that a file has really gone.

make sure the On-Demand icon is selected.
in the taskbar, Click on File / New Task (or type Ctrl N)

Select File
Click Use wildcards and Include subfolders
In the selection box, type C:\Thumbs.db.
Select Keep task on the list
Click OK

The example above deletes all the thumbnail cache files which Windows 2000 and XP potentially creates in every directory that contains image files. For Vista, a file called Thumbcache*.db is created (where * stands for any string - in practice it is three digits). Also for video thumbnails in XP there are files called ehthumbs.db. To delete these wherever they are found, create a task with C:\ehthumbs.db in place of C:\Thumbs.db.

Vista stores thumbnail cache files in a single directory, in files of the form ThumbcacheNNN.db, where N is a digit. These are stored in %homedrive%\Users\%username%\AppData\Local\Microsoft\Windows\Explorer, which typically means C:\Users\<your-login-name>\AppData\Local\Microsoft\Windows\Explorer. You could create a task as above with C:\Thumbcache*.db in. Alternatively, make sure ['Show hidden files'] is enabled and then just find the directory in Windows Explorer, select the files and right-click Erase them.

Setting up task - Unused space wipe

in the taskbar, Click on File / New Task (or type Ctrl N)

Select Unused space on drive
Click on the down arrow of the drop-down box. Select the disk you want to clean. This might typically be Local Disk C:, or Local Hard Drives if you have several drives. Or you may want to set up each disk as a separate task - repeat these instructions for each.
Select Keep task on the list
Click OK

Swap file wipe

At the top toolbar, click on Edit / Preferences / General (or type Ctrl P).

A panel appears.

Tick the checkbox beside Enable clearing of paging file (swap) at shutdown

At the next restart swap space will be erased. For clearing past records you only need to do this once, so you can untick the checkbox after that.

You can create other tasks. Just remember that erasing is not reversible. The only tasks that should have whole disks on the task list (unless you really want to wipe an entire disk, and if you do there may be better ways to do it) should say Unused space wipe. Also remember that drive letters can change (e.g. when you plug in removable storage in a different order), so be very sure that the drive letter in the task still points to the device you expect it to. For drive letters above C: and D: it may be good policy not to select Keep task on the list but to set up the task afresh each time.

Running Eraser

Tasks are listed in the main panel. Right-click the line for the one you want to run, and select Run. To run all listed tasks, select Run All (or type Ctrl Alt R)

An 'Are you sure?' box pops up. If you are, click OK.

When task(s) have finished, an Erasing Report box pops up to say how much was erased.
eraser report
If any files couldn't be erased (because e.g. they are locked), it will list them.

Right-click options

Perhaps the most important feature in Eraser is that it creates a right-click context menu option. In Windows Explorer or similar, you can select a file or files, a folder or folders. Right-clicking pops up the context menu, which now includes an Erase option.

Right-clicking on the Recycle Bin gives you several Erase options.

Drag and Drop

If you prefer it you can put a shortcut to Eraser on your desktop and drag and drop files and folders to be wiped onto it.

A general principle

Running Eraser on files wipes them. Deleting a file with the Delete key etc doesn't. But if you forgot, and Deleted what you should have Erased, don't worry too much. Just make sure that the last job you do is the Unused space wipe task, and this will in effect convert all previous file deletions into a wipe by erasing all space that isn't in use by a live undeleted file.

Extra features

Command-line/'DOS' use

There's a command-line version of Eraser. In the install directory, usually C:\Program Files\Eraser, there's a file Eraserl.exe. This can be run from the command line with many arguments, which allows scripting. It uses Windows resources so it can be run from a Windows command prompt terminal, but not if you boot into a Command terminal without starting Windows.

For booting to command prompt, use eraserd.exe which is is a DOS version - useful for deleting swap files and other files that are locked once Windows starts. This works from the Windows 2000 and XP command prompt as well as DOS - not sure about Vista.

Darik's Boot and Nuke

Darik's Boot and Nuke (DBAN), is a separate program, but is included with Eraser and installed at the same time. It is used when you want to wipe an entire physical disk.

You can't wipe the disk that you've booted up from, so running DBAN installs a bootable image to another medium and you then boot the PC from that. In the old days it would create a boot floppy. Nowadays not many PCs have floppy drives so usually you burn it to a CD or an empty flash drive (thumbdrive), if your PC allows booting from a flash drive.

I won't give details here as the operation is always the same and is well covered in the Eraser help. I'll just say this. DBAN WILL IRRECOVERABLY ERASE EVERY DRIVE THAT IS ATTACHED TO YOUR PC. That includes a secondary internal disk you never use. That includes extra logical drives you may have, on the secondary disk or on the main/only physical disk. That includes any flash disk that is plugged in - except only for the device you're booting from. If you don't want it wiped, physically disconnect it!

Lastly

When you've cleaned your disks, you may want to uninstall Eraser. Personally I think we should look on tools like Eraser as necessary and responsible things that everybody should use. But in court, it's possible that possession of such tools might be used to suggest that you're using it to cover your illegal downloading tracks. Therefore you may prefer to uninstall Eraser after cleaning your disks. First, if you downloaded Eraser's setup file to disk when you installed, right-click erase it. Then the Start menu's Start / Programs / Eraser / Uninstall Eraser will uninstall the program itself. (Of course, you can't then use Eraser to erase all traces of itself, but that would probably be overkill).

But do make sure that a final Unused space wipe on all your media is the last thing you do.

Uninstalling

Use the Start menu Start / Programs / Eraser / Uninstall Eraser. Unfortunately it can't then remove all trace of itself with an Unused space wipe!

back to the main forensics page