Is Notepad Really Safe for Sensitive Information?

Of course not. But recently, TCM Security shared something even more concerning. The latest versions of Windows store anything you type in Notepad, even if you don’t save it. Even worse, these changes persist through shutdowns and reboots. That’s insane! Think about how often we use Notepad for quick notes—sometimes even for sensitive information like credentials. It’s a useful tip for digital forensics and pentesting but a huge security risk for everyone else.

You Should Know:

1. How to Check Notepad’s Unsaved Data:

• Navigate to C:\Users\<YourUsername>\AppData\Local\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\LocalState.
• Look for files named `TabState` or SessionData. These files may contain unsaved Notepad data.

2. Clearing Notepad’s Unsaved Data:

• Open Command Prompt as Administrator.
• Run the following command to delete Notepad’s cached data:

  del /f /s /q %LocalAppData%\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\LocalState*
  

3. Using Alternative Secure Text Editors:

• Consider using more secure text editors like Notepad++ or VS Code for sensitive information.
• Install Notepad++ via PowerShell:

  winget install Notepad++.Notepad++
  

4. Disabling Notepad’s Auto-Save Feature (if possible):

• Currently, there’s no official way to disable this feature, but you can use Group Policy Editor to restrict Notepad’s functionality:
• Press Win + R, type gpedit.msc, and navigate to User Configuration > Administrative Templates > System > Files.
• Enable the policy “Do not preserve zone information in file attachments”.

5. Digital Forensics Tip:

• For penetration testers, this feature can be useful to recover unsaved data during investigations. Use the following command to search for Notepad artifacts:

  dir /s /b C:\Users\ | findstr /i "Notepad"
  

6. Secure Deletion of Sensitive Data:

• Use tools like SDelete from Sysinternals to securely delete files:

  sdelete -p 3 C:\path\to\file.txt
  

What Undercode Say:

Notepad’s auto-save feature, while convenient, poses a significant security risk for users handling sensitive information. Always opt for more secure text editors and regularly clear cached data. For IT professionals and cybersecurity enthusiasts, this feature can be a goldmine during forensic investigations. However, for everyday users, it’s a reminder to be cautious about where and how sensitive data is stored.

Additional Resources:

• TCM Security’s Official Website
• Notepad++ Download
• Sysinternals SDelete Tool

References:

Reported By: Flarexes Is – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram