• OTW

Anti-Forensics: How to Clear Evidence Like Hillary Clinton


Those of my readers in the U.S. certainly know, and those of my readers elsewhere in the world probably know, the U.S. is having a presidential election this year. These candidates are BOTH disliked and distrusted by the majority of Americans. Donald Trump due to his narcissistic, racist, mysogynistic, and xenophobic bullying and Hillary Clinton due to her general lack of honesty and trustworthiness.

Whoever wins, I hope the rest of the world will forgive us.

The dislike for Hillary Clinton reaches a pinnacle with respect to her private email server while Secretary of State in the Obama Administration. Rather than use a government email server where the government IT security teams could secure her communications (and presumably read them), instead she chose to use a private email server located in the basement of her home. During the Benghazi investigations, Congress found out about this server and demanded to see what was on her private email server. Before Hillary turned over her email evidence to the FBI, she was allowed to remove "personal" emails from her server. Hillary and her team understood that simply deleting any file will not remove the evidence from a skilled forensic investigator (for more on recovering deleted files, see my Forensics series). Knowing this, they took extraordinary measures so that no one would ever be able to recover and read those emails.

We learned recently that Hillary Clinton's team used BleachBit to remove evidence from her email server. BleachBit is a free and open-source software that rather than just delete files, actually shreds the files and any slack space making it virtually impossible to recover affected files. Not only that, but BleachBit is smart enough to remove other traces of files and applications that forensic investigators can find such as Most Recently Used (MRU), PreFetech files, clipboard contents, cookies, history files, temp files, memory dump, uninstallers and more.

Let's take a look at Bleacher Bit so that you too can remove evidence just like Hillary!

Download and Install

You can download BleachBit for Windows or Linux here. In this tutorial, we will be using BleachBit on Windows, but it is just as effective in Linux. When you click on the Windows download, it will take you to the page seen below. For most people the Windows Installer is the best choice, so click on it

Follow the instructions of the wizard as it walks you through the installation.

Shredding Selected Directories and Files

When the installation is complete, you should have a screen that looks like this.

First, let's scroll down the left menu until we come to System. When we come to System, click on it. It will show you in the right hand screen the features of the System clean. We can use Custom to specific specific files or folders we want to remove as well as cleaning free disk space, logs, memory dump, PreFetch files and more.

Let's select them all.

Now, let's go to our primary browser Google Chrome. Note that BleachBit will remove any of our browsing evidence including our passwords. In my case, I unchecked Passwords as I don't want to enter them again, but remember that a saved password for a particular web site can be evidence that you visited that website.

Of course, if you want to clean evidence from other browsers, Adobe Reader, Microsoft Office files, Flash, RealPlayer, Skype, WinZip, WordPad or others, make certain that you click on those applications in the selection window to the left.

Before we clean, let's Click on the upper left button named Preview. This will show us every file and artifact that BleachBit is about to clean. If you aren't sure, you might want to check what is about to removed so that you don't remove something you want and/or need.

In the final step, Click on the Clean button to start the cleaning process. Be patient. This can take a awhile depending upon how much cleaning you specified.

When it is completed you will have removed any damning evidence or artifacts that might be on your computer that even the FBI can not recover!

Now with BleachBit and other anti-forensic cleaning software, you too can remove evidence just like the next leader of the most powerful empire on the planet!


3,170 views