1
Vote

Wipe plaintext copy of newly encrypted file

description

Currently EFS itself will delete the plaintext temporary copy once the datastream is completely encrypted. However , it can still be possible to recover the original plaintext file in deallocated space using a number of utilities. It would be an enhancement to me to wipe the plaintext copy if EFSAsst encrypts a formerly unencrypted file. Regular use of cipher /w or sdelete or a number of other utilities can also provide the same capabilities but it might be good feature wise to make the call after encrypting a file assuming CPU utilization isnt greatly impacted or if it doesnt impact the completion timeline by 1000%, which is an important determining factor. Updating EFSAsst to add a policy setting for this feature might be easier than updating EFS itself.

comments