Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Ask Leo: How much of my search history could be recovered?

askleo

By Leo Notenboom

Hey Leo, Just wondering. The recent trial in Florida where the DA searched the
plaintiff’s computer and found an incriminating internet search for formaldehyde
leads me to ask two questions. I mainly use CCleaner after using the net to clear
cookies, but it also clears history and other stuff. Does CCleaner or even manually erasing history actually remove the history from the hard drive? Is every bloody key stroke permanently kept on the HD? And if so, where? Nothing to hide. Just curious.

Unless you have spyware installed on your computer, “every bloody
keystroke” is not being recorded. I get that question often enough that it seems like many
people are concerned about it – it’s just not the case.

As for finding other things and seeing what CCleaner or other tools might or
might not erase – well, things get complicated pretty quick.

Does removing history remove history?

Yes and no.

The problem here is that there are several “levels” of delete and many
can be recovered, depending on the level and the amount of effort (and perhaps money) that you’re willing to throw at the problem.

“… the possibilities are at least worth knowing about, even
if you truly have nothing to hide.”

  • A file deleted to the Recycle Bin can be recovered from that very simply, but I don’t believe history is deleted to the Recycle Bin.

  • The space used by a file that was deleted “permanently” is simply marked as now
    being free. That means that until it’s overwritten by other data, the original
    data actually remains on the disk and can possibly be recovered with special
    tools.

  • Data on magnetic media that has been overwritten once or twice
    might (and I have to stress might) still be recoverable by some fairly
    advanced magnetic media analysis.

  • Data that has been overwritten multiple times can typically not be
    recovered.

So, if a history file was deleted, there’s a chance that it could still be recovered, depending on a) how much the computer has been used since the delete, and whether or not data has overwritten the space that was previously occupied by the history file, and b) how much effort you’re willing to put into the recovery.

I have no idea if a history file was used in the case that you mention, but my guess is that law enforcement was motivated to put in a lot of effort into the process.

Article Continued Here: Really removing traces of data

This post is excerpted with Leo’s permission from his blog.

FaceBook URL: Leo’s Facebook

Twitter URL: http://twitter.com/askleo

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles