Jump to content
RESET Forums (homeservershow.com)

Need advice on a couple of issues - clearing pagefile and sector re-alignment


dvn
 Share

Recommended Posts

Guys, I need an opinion on a couple things. Any experience with either issue would be helpful, but feel free to throw something out there if it makes sense to you. Thanks. - Rich

 

1.       ClearPageFileAtShutdown
 

a.      Does anyone still do this on their personal PC/laptop?

b.      Can anyone tell me if their IT dept uses this setting as policy?

 
2.       If I needed to re-align a System Reserved and OS partition sitting on an Bitlocker encrypted SSD because the partitions were not 4k aligned, how should I do it?
 

Here's my my current plan. Can you tell me if it makes sense, or if I'm missing anything?

 

1.       Turn off Bitlocker *
2.       Make an Acronis image of the drive – System Reserved + OS
3.       Properly align the drive partitions on 4k boundaries
4.       Restore the two partitions from the Acronis image to their respective, newly aligned partitions
5.       Re-encrypt the drive with Bitlocker

 

*The reason BitLocker needs to be turned off is because it forces Acronis to make a sector-by-sector image of the entire drive. That would not allow the usual Acronis flexibility to restore partitions to smaller (slightly smaller in this case) partitions.  It’s possible that I could suspend Bitlocker, but in that case I would have to install Acronis on the machine. 
 
For this scenario, do you see a problem with turning Bitlocker off/on?
Is my thinking good here, or would you do it another way? If so, how?

Link to comment
Share on other sites

To be honest, I think I can assume that no one is clearing pagefiles on their personal machines. As far as corporate IT doing it, I'm going to assume that if it's done, it's only done by a fractional percentage not represented here.

 

As to the Bitlocker partition realignment, I believe my current plan is good. I'll do my usual due diligence and in this case, I'll create a sector-by-sector backup of the whole drive before making any modifications. Then proceed with the plan that involves suspending Bitlocker. Assuming I'm able to create a normal partition backup from the Acronis boot media, I'll will continue with the rest of the steps. If I run into trouble after the realignment, I have the sector-by-sector image as my fail-safe. I think I'm good to go.

Link to comment
Share on other sites

It's done! Bitlocker-enabled SSD on a TPM-enabled laptop is now 4k-aligned. 4k & 4k queued benches look better, particularly writes. Excess writes due to misalignment are no more. A good day!

  • Like 1
Link to comment
Share on other sites

To be honest, I think I can assume that no one is clearing pagefiles on their personal machines. As far as corporate IT doing it, I'm going to assume that if it's done, it's only done by a fractional percentage not represented here.

 

As to the Bitlocker partition realignment, I believe my current plan is good. I'll do my usual due diligence and in this case, I'll create a sector-by-sector backup of the whole drive before making any modifications. Then proceed with the plan that involves suspending Bitlocker. Assuming I'm able to create a normal partition backup from the Acronis boot media, I'll will continue with the rest of the steps. If I run into trouble after the realignment, I have the sector-by-sector image as my fail-safe. I think I'm good to go.

 

Regarding clearing the page file at shutdown, it is a mandatory security policy for military computers.

Link to comment
Share on other sites

The military also destroys HDDs by shredding, turning into powder, or de-Gaussing so that even the system board on the HDD is rendered nonfunctional.

This has been interesting to investigate, the pagefile wipe issue. There are tools/ways to find strings in a pagefile. How useful a string would be depends on why you're analyzing the pagefile in the first place. A file less than 4k could be entirely recovered  Not sure what would be involved in reconstructing a larger file, especially if it wasn't stored in contiguous sectors. You'd have to know your headers, I guess. I might have to fire up a Linux distro and see how well some of the free methods work.

 

Still waiting to hear if any corps or schools are doing this.

Link to comment
Share on other sites

I somewhat understand why they would want to clear the page file, but if the entire drive is encrypted via Bitlocker, truecrypt or others, wouldn't that protect any data inside the pagefile anyways?  Seems rather pointless to encrypt the entire hard drive except for one file - granted that file is basically just a bunch of RAM data.  Relying on the system to wipe it during shutdown would make the computer more vulnerable to attack by a power loss then as well, wouldn't it?

  • Like 1
Link to comment
Share on other sites

Ha! I have visions of rogue agents cutting the power to a building just as the CEO goes to shut off his computer for the night, like an episode of 24.  :D

 

My pagefile question arises from a concern over performance and user experience. Since there is a security component involved, and since my perspective on pagefile clearing is one of a private individual and not an agency or organization charged with national security, or a business or hospital, I'm trying to better understand when the practice might be used. If you throw BitLocker encryption into the mix, what is the likelihood that pagefile clearing is being done as well? Just looking for experience here, someone who has worked in a setting besides other than those related to national security.

 

And I'll add to that. If pagefiles are being cleared, are they being reconfigured, say to a fixed size of 1 GB or similar? I suppose an average user might be fine. But someone playing with huge spreadsheets or doing some other intense data crunching might start having some crashes.

 

timekills mentioned the military's policy and that reminded me that there's more than schools or businesses to think about, though some businesses are certainly linked to national security. Again, I'm really just interested in settings other than those.

Link to comment
Share on other sites

If not used for national or other security reasons (which is why I used it), I think it depends mostly on a person's desire for privacy.

 

Some people are pretty much open books, and are comfortable with that, while others have no interest in other people nosing into their lives. I'm mostly in the latter camp. I've seen what people can do when they are able to nose into the privacy of others, and I find it astounding how thoughtless, careless, and even cruel, malicious and evil people can be when they sense they have an advantage... just think Steubenville, and then realize Steubenville is an extremely mild example compared to others.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...