obSupport
asked on
Guaranteed Permanent Delete of Outlook Express Email Messages
Hi Folks:
We're thinking of developing a limited application capable of permanently deleting email messages. The idea is that once the user deletes the message (from say Outlook Express or a similar SMTP/POP3 application), the message is actually overwritten on the disk, so as not to be recoverable via normal off-the-shelf file recovery or forensics software. We're not certain that we have all of crucial issues on the table; for example,
- How might we deal with XP disk caching?
- Is there a way for a separate application (such as a service) to "know" when an Outlook Express email has been deleted by the user, to then locate it, and write over it?
- Is there some virtual operating system possibility of collecting files to a thumb drive and "designating" that location as the only location the files could be written?
- Has anyone already done this commercially, i.e. could we just go buy it off the shelf today?
- What other issues are there to consider?
Thanks!
We're thinking of developing a limited application capable of permanently deleting email messages. The idea is that once the user deletes the message (from say Outlook Express or a similar SMTP/POP3 application), the message is actually overwritten on the disk, so as not to be recoverable via normal off-the-shelf file recovery or forensics software. We're not certain that we have all of crucial issues on the table; for example,
- How might we deal with XP disk caching?
- Is there a way for a separate application (such as a service) to "know" when an Outlook Express email has been deleted by the user, to then locate it, and write over it?
- Is there some virtual operating system possibility of collecting files to a thumb drive and "designating" that location as the only location the files could be written?
- Has anyone already done this commercially, i.e. could we just go buy it off the shelf today?
- What other issues are there to consider?
Thanks!
ASKER
Thanks for the comment! The users will be using SMTP/POP3 for email retrieval/sending, i.e. They won't be using the Microsoft Exchange Server email protocol.
Is your mail server in-house, or do you use external servers?
Bottom line is no, what you are wanting to do isn't possible because each email isn't a seperate file. Outlook Express stores emails in .dbx files that represent each folder. So to permantly delete an email that was in the Inbox folder for example, you'd have to wipe the entire Inbox.dbx file.
That said, recovering a deleted email would not be an easy process. Recovery software generally only finds the last deletion of a file, and since the .dbx files are constantly being rewritten and is still in existence, recovery software won't even find a deletion record. While it would be theoretically possible to brute force search all text on the hard drive with a hex editor, chances of finding a leftover part of a deleted email would be very slim.
The one caveat would be a possible copy of an older .dbx file in System Volume Information (where system restore points are stored) or in Vista's previous versions.
That said, recovering a deleted email would not be an easy process. Recovery software generally only finds the last deletion of a file, and since the .dbx files are constantly being rewritten and is still in existence, recovery software won't even find a deletion record. While it would be theoretically possible to brute force search all text on the hard drive with a hex editor, chances of finding a leftover part of a deleted email would be very slim.
The one caveat would be a possible copy of an older .dbx file in System Volume Information (where system restore points are stored) or in Vista's previous versions.
Yes, I agree. Outlook and OE were never meant to be that secure, they do a good job with how Kenneniah explains above for making it difficult to get the email.
I am trying to see if you could use a web based solution, where the only thing you would need to lock down would be a browser, which is much more easier, supported, etc...
Good luck.
I am trying to see if you could use a web based solution, where the only thing you would need to lock down would be a browser, which is much more easier, supported, etc...
Good luck.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Similarly, you could virtualize using Citrix. You get a full environment with no data stored locally, therefore, no means of ever possibly recovering it.
"- Is there some virtual operating system possibility of collecting files to a thumb drive and "designating" that location as the only location the files could be written?"
You can always change the store location to a USB drive or network drive.
In OE...Tools->Options and click on Store Folder on the Maintenance tab.
You can always change the store location to a USB drive or network drive.
In OE...Tools->Options and click on Store Folder on the Maintenance tab.
ASKER
O.K. suppose instead of using Outlook Express, we wrote our own POP3/SMTP application using off-the-shelf libraries for that purpose. We could save our data; for example, to an easily controllable thumb drive and remove the thumb drive when we closed the application. We might even leave the application on the thumb drive and just run it from there when needed. This has some attractions, but an indispensable requirement for security of this email app is that anyone using a foreinsics hex editor on the hard drive would not be able to see past emails(I'm not referring to a thumb drive, but to what's typically the main Windows Operating System "C" drive ). We would prefer not to have any data written to the hard disk (C Drive), but if that happens we must have a way to overwrite it when the application closes So far, the above "home grown email application" solution would work, because the email would be written to the thumb drive; however, what about Windows XP Paging files that are automatically stored to the "C:" Drive? If the application is swapped out to disk during paging applications, wouldn't that include any currently open emails? Is there conceiveably a way to handle paging file swaps?
Is there any reason you couldn't use IMAP, and not store email locally?
How much development time are you willing to spend? You could purchase a server for mail and keep everything server-side.
Just another thought from a financial angle, with the desired end result.
Just another thought from a financial angle, with the desired end result.
ASKER
The answer or development time is open-ended until we think we know :) what has to be done. We also have to support mail from any SMTP/POP3 Server to the client; which is why we'll need to manage this from the client-side.
Just a thought.
Good luck.