Avoid caching USB stick Notebook sections to local PC

[alainr]

Is there a way to avoid the cashing of notebook section located on a USB
stick to the local PC. For example if this section contains sensitive
information, when I remove the USB stick, I want no trace left on the PC.

I understand that setting a password could prevent access to the cached
section, but this is not considered an option.
Manually opening/closing the notebook/section everytime is too inconvenient.

Any other options?


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/com...9d2b-38b7f1992736&dg=microsoft.public.onenote

 

[John Guin [msft]]

Hello AlainR,

You can change the location of the cache for all notebooks in Tools |
Options | Save. This is not a per notebook setting, though, so it would only
be useful if you have notebooks only on USB drives and did not try to run
OneNote without the USB device connected. You could back up your data and
see if you can use this to make a viable workflow for your situation.

And since you want no traces left on the hard drive, you can change the
backup location on that dialog as well.

 

[Ilya Koulchin]

Is there a way to avoid the cashing of notebook section located on a USB
stick to the local PC. For example if this section contains sensitive
information, when I remove the USB stick, I want no trace left on the PC.

You cannot avoid caching. However, once you're done working with a
notebook, you can get OneNote to remove it from the cache. To do so, you
first need to close the notebook, then go to Tools->Options->Save and
select "optimize all files now". This will force an optimization of the
cache, which will remove the cached data.

That said, there could still be remnants of the data on the system,
since optimize does not wipe out the contents of the old file (it'll
delete it, but the bits are still there on the harddrive, though you'd
need special tools to access them). If the data is really sensitive,
your best bet is to password protect all the sections in the notebook,
or not access it from computers you do not trust altogether.

Ilya

 

[Rainald Taesler]

You cannot avoid caching. However, once you're done working with a
notebook, you can get OneNote to remove it from the cache. To do
so, you first need to close the notebook, then go to
Tools->Options->Save and select "optimize all files now". This will
force an optimization of the cache, which will remove the cached
data.

Given the stick was big enough (can't test as no stick big enough is
available):
Wouldn't the following be possible to move the cache to the *stick* by
assigning the path for the cache in "Tools | Options"?
What do you think?

If the storage place for the cache is re-located to a place different
from the standard directory, no critical data would appear on the
computer itself.

BTW: As we are at the topic: Although on my system (Vista) I moved the
cache to my data partition, I meanwhile detected that in
%LOCALAPPDATA%\Microsoft\OneNote\12.0\ the subdirectory "Audiocache"
holding "*.fi" and "*ri" reappeared.
How come? Are these file excluded from the settings for the path of the
cache?
Seems that I would have to a symbolic Link (NTFS-Link) to keep the cache
at a different location.

That said, there could still be remnants of the data on the system,
since optimize does not wipe out the contents of the old file (it'll
delete it, but the bits are still there on the harddrive, though
you'd need special tools to access them).

This could solved by running an erase utility like, f.e. O&O Safe Erase
[1]

If the data is really
sensitive, your best bet is to password protect all the sections in
the notebook, or not access it from computers you do not trust
altogether.

Just wondering: Couldn't the protection of the respective directory by
encryption do the job?

Rainald
[1] http://www.oo-software.com/home/en/products/oosafeerase/

 

[Rainald Taesler]

John,
AFAICS the OP's problem is not the storage of the notebooks, nor the
backups.
The problem is the *CACHE*.

Would it work to keep the cache on the stick too? (pls also see my reply
to Ilya).

Rainald

 

[Rainald Taesler]

Is there a way to avoid the cashing of notebook section located on
a USB stick to the local PC. For example if this section contains
sensitive information, when I remove the USB stick, I want no trace
left on the PC.

IMO a most importan thing would be:
Which are environment are you using?
Do you work with your own User-Profile?
Are you using a network with a domain and profiles stored on the server?

As the cached data by default are stored in
%LOCALAPPDATA%\Microsoft\OneNote\12.0\ , wouldn't be better to just
protect this (YOUR) directory from unauthorized eyes?

I understand that setting a password could prevent access to the
cached section, but this is not considered an option.
Manually opening/closing the notebook/section everytime is too
inconvenient.

I don't fully understand what the above might mean.
AFAIK password protection does work for the *notebooks'*sections*, it
does not work for the *cache*.

The cache can only be used with the corresponding notebooks and their
sections. So no one but you can use cached data held in ON's
OneNoteOfflineCache.onecache file.
And due to format of this file it's impossible that someone might read
the data held in there and/or extract information from there (well
except - possibly - the CIA or the FBI <g>).

The situation is totally different for the additional files in the
subdirectory "OneNoteOfflineCache_Files".
If you open embedded/linked files in ON a copy of the file is stored in
this subdirectory in its native format (*.xls, *.doc, *.wav etc.)
And everyone having access to this directory can use/inspect these
files.
"Optimizing" will not delete these files.
If you want to leave no traces behind in so far, you'd have to delete
the files in this directory and - if it's sensitive data - *erase* the
files by overwriting (with some "safe erase utility).

Rainald

 

[David]

Thought about how to do this without bending OneNote out of shape...

I guess security is inconvenient.

 

[Ilya Koulchin]

Given the stick was big enough (can't test as no stick big enough is
available):
Wouldn't the following be possible to move the cache to the *stick* by
assigning the path for the cache in "Tools | Options"?
What do you think?

OneNote will block setting the cache paths to anything that isn't a
fixed local drive. The reason is that OneNote relies heavily on the
cache (all changes go into the cache first), and if the drive where the
cache is stored is removed or somehow disconnected, OneNote will crash
shortly thereafter, and will fail to boot afterwards until the drive is
brought back. Other than that, if you can somehow trick OneNote into
thinking its cache is on an USB stick, it'll probably work.

If the storage place for the cache is re-located to a place different
from the standard directory, no critical data would appear on the
computer itself.


Just wondering: Couldn't the protection of the respective directory by
encryption do the job?

OneNote does not encrypt the data in memory when it's rendering a page,
so it is still possible for fragments to be available in the windows
pagefile. While it may be difficult to get useful data that way, for a
determined adversary it's certainly possible. In the end, it'll depend
on how sensitive the data is, how determined someone else is to get at
it, and how determined you are to keep it out of their hands. But unless
you're the CIA or the FBI, noone else probably cares about your data
enough to go through all the trouble.

And due to format of this file it's impossible that someone might read
the data held in there and/or extract information from there (well
except - possibly - the CIA or the FBI <g>).

You'd be surprised - you can open your cache with Notepad (be careful
not to hit save!!!), and you'll be able to make out the text in there.
You won't be able to make out how to put the individual paragraphs into
pages, but the text is readable.

BTW: As we are at the topic: Although on my system (Vista) I moved the
cache to my data partition, I meanwhile detected that in
%LOCALAPPDATA%\Microsoft\OneNote\12.0\ the subdirectory "Audiocache"
holding "*.fi" and "*ri" reappeared.
How come? Are these file excluded from the settings for the path of the
cache?

They should be getting moved as well. I'll try it out.

 

[Rainald Taesler]

Thank you much, Ilya fro your comprehensive reply on the posting which
just had been meant as a "rough idea".

OneNote will block setting the cache paths to anything that isn't a
fixed local drive.

Thanks for the clarification.
I did not (could not) see this part of the basic technology.

The reason is that OneNote relies heavily on the
cache (all changes go into the cache first), and if the drive where
the cache is stored is removed or somehow disconnected, OneNote
will crash shortly thereafter, and will fail to boot afterwards
until the drive is brought back.

Makes a lot of sense!
Good to know. One learns day by day ;-)

Other than that, if you can somehow trick OneNote into thinking
its cache is on an USB stick, it'll probably work.

No idea on how to invent such kind of a trick :-( :-(

OneNote does not encrypt the data in memory when it's rendering a
page, so it is still possible for fragments to be available in the
windows pagefile.

Oh yes, now I see.

While it may be difficult to get useful data that
way, for a determined adversary it's certainly possible. In the
end, it'll depend on how sensitive the data is, how determined
someone else is to get at it, and how determined you are to keep it
out of their hands. But unless you're the CIA or the FBI, noone
else probably cares about your data enough to go through all the
trouble.
ACK!


You'd be surprised - you can open your cache with Notepad (be
careful not to hit save!!!), and you'll be able to make out the
text in there. You won't be able to make out how to put the
individual paragraphs into pages, but the text is readable.

Interesting, indeed!
Checked it meanwhile with readers and hex-editors.
Yes, there's quite some parts with text clearly visible.
Not enough to really produce a "re-construction" of notebooks' content
for a supervisor or so. But enough for the CIA to detect critical
keywords as used by Bin Laden's comrades ;-)

They should be getting moved as well. I'll try it out.

Could you find out something on this meanwhile?
As said:
Although the cache is located on my data-partition (E:\ON cache) the
"Audiocache" subdirectory" reappeared and still is held in
"%LOCALAPPDATA%\Microsoft\OneNote\12.0\ " ;.
There also is a subdir "OneNoteOfflineCache_Files" but it's empty.

Thanks again
Rainald