[SOLVED] If I open bank document/image from a USB flash drive but do not save it to the computer, can someone access the files?

[sharkmark220]

Greetings, I've got some questions, I have bank document statements in both a .pdf and .png image file, they are both written on a thumb usb drive, I'm using a public library computer to quickly look at the files. If I open the image file or pdf file, but don't save anything or drag the files to the computer, can someone access the file's contents as in will it be possible for a subsequent user to retrieve the document and image and open it after I remove the USB drive?

I've heard of RAM being volatile temporary data but would be lost after a reboot of pc, but its the swap/page.sys file on the HDD that I'm worried about. I've heard if the memory ram is mostly used up, some virtual memory is written to the HDD, now is that data on the page.sys file on HDD volitile like the RAM?

 

[USAFRet]

Pagefile doesn't work like that.
There is a tiny possiblity that it might exist in a temp file.


Highly unlikely anyone can "see" this file after you remove the thumb drie.
But, if you have access to a PC or laptop, you can test this yourself.

Some random file on a thumb drive.
Open it in the PC.
Close it.
Remove the thumb drive.
Can you still access the image?

I just tried it, and no. A cursory check shows no existence of that .png file.

 

[sharkmark220]

Pagefile doesn't work like that.
There is a tiny possiblity that it might exist in a temp file.


Highly unlikely anyone can "see" this file after you remove the thumb drie.
But, if you have access to a PC or laptop, you can test this yourself.

Some random file on a thumb drive.
Open it in the PC.
Close it.
Remove the thumb drive.
Can you still access the image?

I just tried it, and no. A cursory check shows no existence of that .png file.

What about the Swapfile.sys, whats its purpose do? Would any kind of temp data be recovered through those forensic programs that recover vanished temp files, or is it gone forever like the RAM when the pc is shut off?

 

[USAFRet]

The swapfile/pagefile is when the system runs out of regular RAM space, and swaps in and out of space to the HDD.
Your pic is not stored there either.

Your file exists on the thumb drive, and in RAM when the application opens it. Close that application, and that RAM is freed up for other use.
It does not exist on the hard drive in the system.

Now...if the NSA or FSB has possession of this library PC...all bets are off.
Do you REALLY think that is a likely occurrence?

 

[SamirD]

Technically if the file somehow was written to the drive or swapped to the swap file than a forensics expert might be able to retrieve it. But in almost all ordinary cases, no.

 

[sharkmark220]

Technically if the file somehow was written to the drive or swapped to the swap file than a forensics expert might be able to retrieve it. But in almost all ordinary cases, no.

Does forensics only look for HDD? what about the computer motherboard, ram, gpu etc?

 

[USAFRet]

Does forensics only look for HDD? what about the computer motherboard, ram, gpu etc?

If the NSA were to seize the PC not long after you used it, and before it has been turned off....in theory...they could analyze the RAM and possibly pull out your precious bank pdf.

Is this likely to happen in your world?

Nothing is stored on the motherboard or GPU.

 

[SamirD]

Does forensics only look for HDD? what about the computer motherboard, ram, gpu etc?

Honestly if you are worried this much, whatever you are doing, you shouldn't do it.

Motherboard, ram, and gpu are volatile memory, ie is erased when the power is turned off. Correction, motherboard has some nvram, but that's for the bios, otherwise there is no memory.

 

[TerryLaze]

You should be much more vary about the library PCs having malware that just outright sends all files the hacker chooses to the internet (or stores them away hidden on the hdd) , than for someone scrubbing the PC to try and find the file.


Depending on what software you use for opening the files they might keep a history a cache or even outright backup files, all the advice you got was supposing a proper tool that doesn't do any of that.

 

[CountMike]

There are always traces of any file opened from any device, even removable drive. Depending on SW installed it may even make backups of some files.
If that PC in the library allows it, best way would be ti make a bootable USB with a live Linux distro (with persistance) enabled, any program you may need, boot from it. That way nothing is left in host PC.
I do that for banking and other sensitive stuff even on my own PCs.

 

[SamirD]

If that PC in the library allows it, best way would be ti make a bootable USB with a live Linux distro (with persistance) enabled, any program you may need, boot from it. That way nothing is left in host PC.
I do that for banking and other sensitive stuff even on my own PCs.

This is the only way for something to be untraceable, and you really need to use the TENS live cd as it is based on Lightweight Portable Security which is literally just in ram with zero access to local drives.