FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-15-2010, 07:34 PM
Andrei Popescu
 
Default simple way to securely destroy deleted files in a file system

On Jo, 15 iul 10, 13:55:21, H.S. wrote:
>
> I was looking for just making the already deleted files unrecoverable by
> a casual user. In other words, since a deleted file frees the space on
> disk, by filling up the disk with all zeros and then deleting that zeros
> file would be overwriting the earlier deleted files with zero. Am I
> correct in this?

You could also try recovering files with some common tools (PhotoRec
from package testdisk comes to mind).

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 07-15-2010, 08:41 PM
green
 
Default simple way to securely destroy deleted files in a file system

thib wrote at 2010-07-15 13:13 -0500:
> Take a look at shred (coreutils), wipe and secure-delete.

+1 wipe; I have used it to wipe an entire block device.
Also wipe2fs for zeroing unused space; and zerofree seems very similar.
 
Old 07-15-2010, 08:55 PM
Mark
 
Default simple way to securely destroy deleted files in a file system

On Thu, Jul 15, 2010 at 1:41 PM, green <greenfreedom10@gmail.com> wrote:

thib wrote at 2010-07-15 13:13 -0500:

> Take a look at shred (coreutils), wipe and secure-delete.



+1 wipe; I have used it to wipe an entire block device.

Also wipe2fs for zeroing unused space; and zerofree seems very similar.

Do you have an example of what your wipe and wipe2fs commands are that you've used?* Didn't see much info on the websites here http://wipe.sourceforge.net/ or here http://web.cecs.pdx.edu/~cklin/wipe2fs/.* Would like to learn.


Thanks,
Mark
 
Old 07-15-2010, 09:53 PM
Aaron Toponce
 
Default simple way to securely destroy deleted files in a file system

On 07/15/2010 11:55 AM, H.S. wrote:
> I was looking for just making the already deleted files unrecoverable by
> a casual user. In other words, since a deleted file frees the space on
> disk, by filling up the disk with all zeros and then deleting that zeros
> file would be overwriting the earlier deleted files with zero. Am I
> correct in this?

If the filesystem is NTFS, then it's rather trivial to recover
overwritten data, due to the journal. While you're probably safe in
assuming that the next user won't bother doing anything like that, the
only way to truly, and securely remove the previous data, is to wipe out
the filesystem too, which means taking out the OS.

On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/

Good luck.

--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
 
Old 07-16-2010, 12:45 AM
Jordon Bedwell
 
Default simple way to securely destroy deleted files in a file system

On 7/15/2010 4:53 PM, Aaron Toponce wrote:
> On 07/15/2010 11:55 AM, H.S. wrote:
>> I was looking for just making the already deleted files unrecoverable by
>> a casual user. In other words, since a deleted file frees the space on
>> disk, by filling up the disk with all zeros and then deleting that zeros
>> file would be overwriting the earlier deleted files with zero. Am I
>> correct in this?
>
> If the filesystem is NTFS, then it's rather trivial to recover
> overwritten data, due to the journal. While you're probably safe in
> assuming that the next user won't bother doing anything like that, the
> only way to truly, and securely remove the previous data, is to wipe out
> the filesystem too, which means taking out the OS.
>
> On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
>
> Good luck.
>

On 7/15/2010 4:53 PM, Aaron Toponce wrote:
> On 07/15/2010 11:55 AM, H.S. wrote:
>> I was looking for just making the already deleted files unrecoverable by
>> a casual user. In other words, since a deleted file frees the space on
>> disk, by filling up the disk with all zeros and then deleting that zeros
>> file would be overwriting the earlier deleted files with zero. Am I
>> correct in this?
>
> If the filesystem is NTFS, then it's rather trivial to recover
> overwritten data, due to the journal. While you're probably safe in
> assuming that the next user won't bother doing anything like that, the
> only way to truly, and securely remove the previous data, is to wipe out
> the filesystem too, which means taking out the OS.
>
> On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
>
> Good luck.
>

Anything, and I repeat anything, is recoverable, even if you remove the
filesystem you can recover pieces of the file. You can remove remnants
of the file using over write methods but you need to make sure they
properly implement the algorithm and do your own research on the
algorithms to make sure they were designed or were updated for modern
hard drives. EXP: Gutmann method was designed for older HD's and will
not work on newer HD's most of the time (depending on who implements
it). Now, removing remnants of the file doesn't make it unrecoverable
(in all circumstances), you might be able to still do a very low level
recovery, something they would generally reserve for say, a RICO
investigation, terrorists an those sorts. The only way to stop any and
all data leaks, recoveries or anything of the sort is to either Degauss,
Destroy or use Encryption on the drive from the get go and to be honest,
the only proper implementation of drive encryption (beyond the actual
encryption) would be RedHat (and this is only because they offer the
ability to span encryption across multiple drives and recommend it) and
no drive encryption (beyond truecrypt) offers deniability. Something
I've brought up on both Debian and Ubuntu and even to Redhat. As a
matter of fact, Ubuntu developers fought with me over the idea telling
me that only criminals could possibly want plausible deniability, but
Ubuntu is rather closed minded most of the time when it comes to this
sort of thing.


--
Cheers,

Jordon Bedwell
http://envygeeks.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C3FABB5.3050105@envygeeks.com">http://lists.debian.org/4C3FABB5.3050105@envygeeks.com
 
Old 07-16-2010, 12:46 AM
Michael Iatrou
 
Default simple way to securely destroy deleted files in a file system

When the date was Thursday 15 of July 2010, green wrote:

> thib wrote at 2010-07-15 13:13 -0500:
> > Take a look at shred (coreutils), wipe and secure-delete.
>
> +1 wipe; I have used it to wipe an entire block device.
> Also wipe2fs for zeroing unused space; and zerofree seems very similar.

I am skeptical whether there is any good reason for tools like wipe2fs,
zerofree and friends (if there are any...), when a dd && sync && rm have the
same result.

--
Michael Iatrou


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201007151946.47484.m.iatrou@freemail.gr">http://lists.debian.org/201007151946.47484.m.iatrou@freemail.gr
 
Old 07-16-2010, 12:57 PM
Jordan Metzmeier
 
Default simple way to securely destroy deleted files in a file system

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/15/2010 08:46 PM, Michael Iatrou wrote:
> I am skeptical whether there is any good reason for tools like wipe2fs,
> zerofree and friends (if there are any...), when a dd && sync && rm have the
> same result.
>

You could say this about many things. These commands make things
convenient. Why do those things manually when software can do it for you?

Example:

Under the same logic I could say that there no good reason for dget. I
can manually wget the .dsc, .tar.orig and .changes to accomplish the
same thing... but why when I can just dget the .dsc?

- --
Jordan Metzmeier

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJMQFdFAAoJEKj/C3qNthmTn5AQAMmaKvluxNTegvwDvy3KB9Zc
JSTVmhEIHclLe5PGpcUAWeapxndblGqTUuOYNvdbSzbBc8pOJr MCmfmNEqDs8A0M
oMYTcxJnTpbM/Wfn9IuehGMFIXfCc73h932Zt5XwNYHnPTjTfyQOFvm3ZNNNO31 b
wYAsmA6fEnPUWYt6fZpO7I1xIt5zCnSKVdLdgBwDEXcW8I7Bem iJw5gTSsy7zafF
USLkucuchyB1XrEffWwVpYBsWQu1A9ge5LZXquTUj6M42kiPov S38yL5ytw6k9rk
uFb+CgFwsQ8rRh2ndxuBUDzDMf2bAnuOKAzfCldHyjkNVABhZ4 iJchV8lU6RvEEy
DoWj8DO8kAAX7qszeiPG6rviQ5S8uCYf4lp2QITGBq3Frly1Jh EG0Kk8efSu0Rhh
TEbPQ2bLVcDxpwqk6xFMQ5GC575UgZYP8qSEq8qbF6H+KEIFRs HwwrwtNjwV4heE
E5X/hB9WnKBluXxdhMly48jEs8fjkYkz06DK+Ykk+t9Qu6y/9A+7js6D6Q3iVNy8
j8sf4hvKZtJC1WoLLAhpmsUsaurH+qFjf5j6480Xy9OweB5Dhh s3eaCrFZYKqHay
khXPVfsyl7Md//UeDrQGLk2kGXf5fC2MwqIZsZ5dhki89yzY3Ra4iLBukN3E+JcW
X8pzceBFE2AYGNn8h4AL
=fod2
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C405746.6030106@gmail.com">http://lists.debian.org/4C405746.6030106@gmail.com
 
Old 07-16-2010, 03:01 PM
green
 
Default simple way to securely destroy deleted files in a file system

Mark wrote at 2010-07-15 15:55 -0500:
> Do you have an example of what your wipe and wipe2fs commands are that
> you've used? Didn't see much info on the websites here
> [2]http://wipe.sourceforge.net/ or here

$ man wipe
There are even examples.

> [3]http://web.cecs.pdx.edu/~cklin/wipe2fs/. Would like to learn.

$ man wipe2fs

I'm not sure whether it is okay to do a readonly mount with wipe2fs, but it is
with zerofree.

$ man zerofree


If you don't understand the man pages, feel free to ask again.
 
Old 07-16-2010, 04:37 PM
Aaron Toponce
 
Default simple way to securely destroy deleted files in a file system

On 07/15/2010 06:45 PM, Jordon Bedwell wrote:
> Anything, and I repeat anything, is recoverable, even if you remove the
> filesystem you can recover pieces of the file.

[citation needed]

When you do a low-level write to the disk, you're wiping out anything
and everything. One single pass of zeroes, and not a single hard drive
recovery company on the planet will be willing to attempt a recovery of
your data. It's gone. Two writes, if you're ultra paranoid. Any
additional writes, and you're just wasting your time.

Further, if you physically damage the disks even the slightest, by
bending them, drilling holes, exposing them to high degrees of heat,
etc, again, not a single hard drive recovery company on the planet will
make the attempt. It's not worth their time. It's not worth your money.

> You can remove remnants
> of the file using over write methods but you need to make sure they
> properly implement the algorithm and do your own research on the
> algorithms to make sure they were designed or were updated for modern
> hard drives. EXP: Gutmann method was designed for older HD's and will
> not work on newer HD's most of the time (depending on who implements
> it).

With any modern hard drive that implements an RLL encoding algorithm
since the mid-1990s, can be securely erased with a single pass of
zeroes. The bit alignments are too accurate to leave the fragments that
Gutmann mentions in his paper, that microscopes can pick up. Now with
perpendicular bit encoding, and the areal density of disk platters,
there's just no room for fragmentation. Each bit gets written exactly in
the same place it did before. This wasn't the case with MFM encoding
(pre-1990 drives).

> Now, removing remnants of the file doesn't make it unrecoverable
> (in all circumstances), you might be able to still do a very low level
> recovery, something they would generally reserve for say, a RICO
> investigation, terrorists an those sorts. The only way to stop any and
> all data leaks, recoveries or anything of the sort is to either Degauss,
> Destroy or use Encryption on the drive from the get go and to be honest,

No, not really. Encryption is definitely good enough, and erasing only
the first and last gigabyte or so with random data, will destroy any
clues about using encryption on the disk. As far as the investigator
would be concerned, the whale disk was just overwritten with random
data, which creates perfect deniability.

> the only proper implementation of drive encryption (beyond the actual
> encryption) would be RedHat (and this is only because they offer the
> ability to span encryption across multiple drives and recommend it) and
> no drive encryption (beyond truecrypt) offers deniability.

[citation needed]

As far as I know, RHEL isn't doing anything special beyond LUKS and
dm-crypt, which is available in Debian and just about every other
GNU/Linux-based operating system. And, as mentioned above, it's trivial
to create deniability with any encrypted disk.

> Something
> I've brought up on both Debian and Ubuntu and even to Redhat. As a
> matter of fact, Ubuntu developers fought with me over the idea telling
> me that only criminals could possibly want plausible deniability, but
> Ubuntu is rather closed minded most of the time when it comes to this
> sort of thing.

Generally, when I've interfaced with Ubuntu developers, they've had rock
solid reasons on why something does or does not get implemented. It's
never been due to hard heads or closed minds, as you suggest.

--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
 
Old 07-16-2010, 05:42 PM
Michael Iatrou
 
Default simple way to securely destroy deleted files in a file system

When the date was Friday 16 of July 2010, Jordan Metzmeier wrote:

> On 07/15/2010 08:46 PM, Michael Iatrou wrote:
> > I am skeptical whether there is any good reason for tools like wipe2fs,
> > zerofree and friends (if there are any...), when a dd && sync && rm
> > have the same result.
>
> You could say this about many things. These commands make things
> convenient. Why do those things manually when software can do it for you?
>
> Example:
>
> Under the same logic I could say that there no good reason for dget. I
> can manually wget the .dsc, .tar.orig and .changes to accomplish the
> same thing... but why when I can just dget the .dsc?

This is rather a philosophical question than a technical one: it is part of
UNIX mentality to have simple tools that can be put together to complete
complicated tasks. Practically seen, if the original poster was educated
with the principles of UNIX design, he wouldn't try to find a specialized
tool to perform a simple task.

Just my 2cents.

--
Michael Iatrou


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201007161242.41719.m.iatrou@freemail.gr">http://lists.debian.org/201007161242.41719.m.iatrou@freemail.gr
 

Thread Tools




All times are GMT. The time now is 01:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org