Obliterating traces: How to make Windows 10 forget everything

Cookies, browsing history, saved passwords, and data from the Windows Registry – all this information can be easily retrieved by a person who gets physical access to your PC. That’s why every hacker must know how to delete logs, caches, and other cookies to protect sensitive data from prying eyes.

No doubt that being a hacker cybersecurity specialist, you were asked many times by friends and relatives to “to clean up the computer because it works slowly”. Once a very respectably-looking man brought me such a laptop. His PC was full of trojans, and concurrently some malefactors used it to mine cryptocurrency. The browsing history revealed the reason behind the disaster: the laptop owner was a big fan of porn and online sex… The moral in this story is simple: if you ask a person like me to check your computer, clean up your dirty linen first. In this article, I will explain how to do this in the best way possible.

Recent events

Windows remembers recently opened documents and recently launched programs. To make it forget everything and start with a clean sheet, you can use various utilities – but for a true hacker, this is out of the question. There is a much simpler and more efficient method that doesn’t require tricky programs written for lamers.

Press Windows + R, type recent in the pop-up window, and press Enter. You will see the list of all files and folders recently used by the current user. Select everything by pressing Ctrl + A and press the Del key.

Then use this method to clean the following folders:

  • %appdata%\microsoft\windows\recent\automaticdestinations\
  • %appdata%\microsoft\windows\recent\CustomDestinations

The above directories store paths to file objects used by Windows apps. To automate the process, you can use the script below:

@ECHO OFF
TITLE ReCeNT FiLEs cLEanUp
del /F /Q %APPDATA%\Microsoft\Windows\Recent\*
del /F /Q %APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*
del /F /Q %APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*
PAUSE

Save the script in a text file, change its extension to .bat, and launch every time you are in a playful mood.

To disable the display of frequently used programs in the Start Menu, press Windows + R, type ms-settings:personalization in the pop-up window, click on the Start icon in the Settings window, and disable the following options: Show recently added apps, Show most used apps, and Show recently opened items in Jump Lists on Start.

Disabling unnecessary functions in Windows 10
Disabling unnecessary functions in Windows 10

Finally, erase the Windows file manager history that is importunately demonstrated everywhere: in the address bar, in the virtual Quick Access folder, when you right-click on the icon of the running Explorer in the taskbar, and even in the Run window (as an autocompletion suggestion)… Launch File Explorer, go to the View tab, and press the Options button. In the Privacy section, uncheck both boxes and press the Clear button.

Clearing the Explorer history
Clearing the Explorer history

As you are likely aware, Windows doesn’t delete unnecessary files in the end of the user session. But you can teach the OS to do this using a simple trick involving local group policies. Press Windows + R, type gpedit.msc in the Run window, and press Enter. Navigate to User Configuration → Administrative Templates → Start Menu and Taskbar, and enable the following policies:

  • Clear history of recently opened documents on exit;
  • Clear the recent programs list for new users;
  • Clear history of tile notifications on exit
  • Turn off user tracking;
  • Do not keep history of recently opened documents;
  • Remove pinned programs list from the Start Menu.
  • Remove frequent programs list from the Start Menu
  • Remove Recent Items menu from Start Menu
  • Do not display or track items in Jump Lists from remote locations; and
  • Remove pinned programs list from the Start Menu.
Editing Group Policies
Editing Group Policies

Temporary files

Not only do temporary files occupy precious disk space (which is always insufficient), but sometimes contain sensitive information. You had probably restored Word documents from .tmp files after sudden crashes and realize than anyone can perform a similar operation on your computer.

Windows 10 stores temporary files in several folders that can be opened by typing the respective paths in the Run window (Windows + R):

  • %temp% (i.e. C:\Users\%Username%\AppData\Local\Temp) – users’ temporary files;
  • %windir%\temp – Windows temporary files; and
  • %windir%\Prefetch – cached files expediting the startup and launch of apps.

You can clear these folders either manually or using the script below:

@ECHO OFF
TITLE TeMp0RaRY F1Les re:MOVeR
RD %TEMP%\. /S /Q
RD %windir%\temp\. /S /Q
RD %windir%\Prefetch \. /S /Q
PAUSE

The script deletes all temporary files that are not currently used by running processes. It can be run manually or according to a schedule. To delete temporary files manually, open the Settings window, go to System → Storage, click on Temporary files, check all boxes on the next screen, and press the Remove Files button.

Browser cache and history

Windows keeps temporary web wiles in the folder %USERPROFILE%\Local Settings\Temporary Internet Files; cookies are stored in %USERPROFILE%\Cookies. For security reasons, you cannot access these folders even as a local admin. Therefore, the cache and cookies should be cleaned manually in the browser settings.

Edge

Edge is a successor to Internet Explorer, and its sole purpose is to download a normal browser. To clear its cache and history, press the […] button in the upper right corner of the Edge window, navigate to Settings → View advanced settings → Privacy and services, check all boxes. and press the Clear button. You can also instruct Edge to delete these data automatically by enabling the function “Always clear this when I close the browser”.

Microsoft Edge
Microsoft Edge
Microsoft Edge
Microsoft Edge

Firefox

Click the Menu button and select Options. Select the Privacy & Security panel, click Clear History, select All, and press Clear Now.

Firefox
Firefox

Chrome

Press Ctrl + Shift + Del, select All Time, check all boxes, and press the Clear Data button.

Chrome
Chrome

By default, Chrome deletes all data, both locally and in the Google profile (if you are logged into your account). To preserve the browsing history and cookies in the Google cloud, log out of your account prior to clearing the browser cache.

Opera

Click the Opera button, select More Tools menu item, then click Clear Browsing Data. The principle is the same: selecting everything and pressing the Clear button.

Opera
Opera

Yandex Browser

Press Ctrl + Shift + Del. In the Clear History window, specify the time range and data you want to delete, and press the Clear button.

Windows Registry

Windows Registry stores plenty of trash confidential information that can be used for malicious purposes, including the list of USB devices ever connected to your PC and location of sensitive files.

The problem is that some registry keys cannot be edited or removed even on behalf of the admin, while manual operations with them require too much time and effort. Fortunately, some free utilities can be used for this purpose, including Little Registry Cleaner.

The program is easy-to-use and requires .NET Framework. Registry sections and data categories stored there are shown in the left part of the Little Registry Cleaner window. Press the Scan Registry button to scan your registry for errors and unused keys and then press the Fix Problems button.

Little Registry Cleaner
Little Registry Cleaner

A useful utility called Startup Manager can be found in the Tools menu: it removes all unnecessary elements from the startup configuration; the required changes in the registry are made automatically.

USB Oblivion is another easy-to-use program removing sensitive information from the registry. Launch it, check the Do Real Clean box, and press the Clean button.

USB Oblivion
USB Oblivion

The utility will restart on behalf of the admin, stop all unnecessary Windows services, and clear the registry from confidential data. Then USB Oblivion will restart the computer.

DNS cache

Information about websites you had visited is stored not only in the browsing history – but in the DNS cache as well. When you enter an address in the browser, your computer addresses the Domain Name System to convert the site name into its IP address. The cache of received names is stored locally on your PC. You can view it using the command ipconfig /displaydns. To clear the DNS cache, use the console command ipconfig /flushdns.

Conclusions

Of course, all the above operations can be performed using specialized tools (e.g. Wise care 365). But personally, I don’t trust such programs for a number of reasons: (1) free utilities often include adware; (2) they delete sensitive data very selectively and always miss something; and (3) after the CCleaner scandal, I am reluctant to install such stuff on my PC.

It’s much more efficient to do everything manually or with simple scripts provided above. As a homework, you can assemble from them a universal script suitable for all situations.

ShəLMā

Cyberpunk and technorat


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>