simple way to securely destroy deleted files in a file system
On Jo, 15 iul 10, 13:55:21, H.S. wrote:
>
> I was looking for just making the already deleted files unrecoverable by
> a casual user. In other words, since a deleted file frees the space on
> disk, by filling up the disk with all zeros and then deleting that zeros
> file would be overwriting the earlier deleted files with zero. Am I
> correct in this?
You could also try recovering files with some common tools (PhotoRec
from package testdisk comes to mind).
Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
07-15-2010, 08:41 PM
green
simple way to securely destroy deleted files in a file system
thib wrote at 2010-07-15 13:13 -0500:
> Take a look at shred (coreutils), wipe and secure-delete.
+1 wipe; I have used it to wipe an entire block device.
Also wipe2fs for zeroing unused space; and zerofree seems very similar.
07-15-2010, 08:55 PM
Mark
simple way to securely destroy deleted files in a file system
On Thu, Jul 15, 2010 at 1:41 PM, green <greenfreedom10@gmail.com> wrote:
thib wrote at 2010-07-15 13:13 -0500:
> Take a look at shred (coreutils), wipe and secure-delete.
+1 wipe; I have used it to wipe an entire block device.
Also wipe2fs for zeroing unused space; and zerofree seems very similar.
Do you have an example of what your wipe and wipe2fs commands are that you've used?* Didn't see much info on the websites here http://wipe.sourceforge.net/ or here http://web.cecs.pdx.edu/~cklin/wipe2fs/.* Would like to learn.
Thanks,
Mark
07-15-2010, 09:53 PM
Aaron Toponce
simple way to securely destroy deleted files in a file system
On 07/15/2010 11:55 AM, H.S. wrote:
> I was looking for just making the already deleted files unrecoverable by
> a casual user. In other words, since a deleted file frees the space on
> disk, by filling up the disk with all zeros and then deleting that zeros
> file would be overwriting the earlier deleted files with zero. Am I
> correct in this?
If the filesystem is NTFS, then it's rather trivial to recover
overwritten data, due to the journal. While you're probably safe in
assuming that the next user won't bother doing anything like that, the
only way to truly, and securely remove the previous data, is to wipe out
the filesystem too, which means taking out the OS.
On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
Good luck.
--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
07-16-2010, 12:45 AM
Jordon Bedwell
simple way to securely destroy deleted files in a file system
On 7/15/2010 4:53 PM, Aaron Toponce wrote:
> On 07/15/2010 11:55 AM, H.S. wrote:
>> I was looking for just making the already deleted files unrecoverable by
>> a casual user. In other words, since a deleted file frees the space on
>> disk, by filling up the disk with all zeros and then deleting that zeros
>> file would be overwriting the earlier deleted files with zero. Am I
>> correct in this?
>
> If the filesystem is NTFS, then it's rather trivial to recover
> overwritten data, due to the journal. While you're probably safe in
> assuming that the next user won't bother doing anything like that, the
> only way to truly, and securely remove the previous data, is to wipe out
> the filesystem too, which means taking out the OS.
>
> On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
>
> Good luck.
>
On 7/15/2010 4:53 PM, Aaron Toponce wrote:
> On 07/15/2010 11:55 AM, H.S. wrote:
>> I was looking for just making the already deleted files unrecoverable by
>> a casual user. In other words, since a deleted file frees the space on
>> disk, by filling up the disk with all zeros and then deleting that zeros
>> file would be overwriting the earlier deleted files with zero. Am I
>> correct in this?
>
> If the filesystem is NTFS, then it's rather trivial to recover
> overwritten data, due to the journal. While you're probably safe in
> assuming that the next user won't bother doing anything like that, the
> only way to truly, and securely remove the previous data, is to wipe out
> the filesystem too, which means taking out the OS.
>
> On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
>
> Good luck.
>
Anything, and I repeat anything, is recoverable, even if you remove the
filesystem you can recover pieces of the file. You can remove remnants
of the file using over write methods but you need to make sure they
properly implement the algorithm and do your own research on the
algorithms to make sure they were designed or were updated for modern
hard drives. EXP: Gutmann method was designed for older HD's and will
not work on newer HD's most of the time (depending on who implements
it). Now, removing remnants of the file doesn't make it unrecoverable
(in all circumstances), you might be able to still do a very low level
recovery, something they would generally reserve for say, a RICO
investigation, terrorists an those sorts. The only way to stop any and
all data leaks, recoveries or anything of the sort is to either Degauss,
Destroy or use Encryption on the drive from the get go and to be honest,
the only proper implementation of drive encryption (beyond the actual
encryption) would be RedHat (and this is only because they offer the
ability to span encryption across multiple drives and recommend it) and
no drive encryption (beyond truecrypt) offers deniability. Something
I've brought up on both Debian and Ubuntu and even to Redhat. As a
matter of fact, Ubuntu developers fought with me over the idea telling
me that only criminals could possibly want plausible deniability, but
Ubuntu is rather closed minded most of the time when it comes to this
sort of thing.
--
Cheers,
Jordon Bedwell
http://envygeeks.com
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C3FABB5.3050105@envygeeks.com">http://lists.debian.org/4C3FABB5.3050105@envygeeks.com
07-16-2010, 12:46 AM
Michael Iatrou
simple way to securely destroy deleted files in a file system
When the date was Thursday 15 of July 2010, green wrote:
> thib wrote at 2010-07-15 13:13 -0500:
> > Take a look at shred (coreutils), wipe and secure-delete.
>
> +1 wipe; I have used it to wipe an entire block device.
> Also wipe2fs for zeroing unused space; and zerofree seems very similar.
I am skeptical whether there is any good reason for tools like wipe2fs,
zerofree and friends (if there are any...), when a dd && sync && rm have the
same result.
--
Michael Iatrou
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201007151946.47484.m.iatrou@freemail.gr">http://lists.debian.org/201007151946.47484.m.iatrou@freemail.gr
07-16-2010, 12:57 PM
Jordan Metzmeier
simple way to securely destroy deleted files in a file system
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 07/15/2010 08:46 PM, Michael Iatrou wrote:
> I am skeptical whether there is any good reason for tools like wipe2fs,
> zerofree and friends (if there are any...), when a dd && sync && rm have the
> same result.
>
You could say this about many things. These commands make things
convenient. Why do those things manually when software can do it for you?
Example:
Under the same logic I could say that there no good reason for dget. I
can manually wget the .dsc, .tar.orig and .changes to accomplish the
same thing... but why when I can just dget the .dsc?
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C405746.6030106@gmail.com">http://lists.debian.org/4C405746.6030106@gmail.com
07-16-2010, 03:01 PM
green
simple way to securely destroy deleted files in a file system
Mark wrote at 2010-07-15 15:55 -0500:
> Do you have an example of what your wipe and wipe2fs commands are that
> you've used? Didn't see much info on the websites here
> [2]http://wipe.sourceforge.net/ or here
$ man wipe
There are even examples.
> [3]http://web.cecs.pdx.edu/~cklin/wipe2fs/. Would like to learn.
$ man wipe2fs
I'm not sure whether it is okay to do a readonly mount with wipe2fs, but it is
with zerofree.
$ man zerofree
If you don't understand the man pages, feel free to ask again.
07-16-2010, 04:37 PM
Aaron Toponce
simple way to securely destroy deleted files in a file system
On 07/15/2010 06:45 PM, Jordon Bedwell wrote:
> Anything, and I repeat anything, is recoverable, even if you remove the
> filesystem you can recover pieces of the file.
[citation needed]
When you do a low-level write to the disk, you're wiping out anything
and everything. One single pass of zeroes, and not a single hard drive
recovery company on the planet will be willing to attempt a recovery of
your data. It's gone. Two writes, if you're ultra paranoid. Any
additional writes, and you're just wasting your time.
Further, if you physically damage the disks even the slightest, by
bending them, drilling holes, exposing them to high degrees of heat,
etc, again, not a single hard drive recovery company on the planet will
make the attempt. It's not worth their time. It's not worth your money.
> You can remove remnants
> of the file using over write methods but you need to make sure they
> properly implement the algorithm and do your own research on the
> algorithms to make sure they were designed or were updated for modern
> hard drives. EXP: Gutmann method was designed for older HD's and will
> not work on newer HD's most of the time (depending on who implements
> it).
With any modern hard drive that implements an RLL encoding algorithm
since the mid-1990s, can be securely erased with a single pass of
zeroes. The bit alignments are too accurate to leave the fragments that
Gutmann mentions in his paper, that microscopes can pick up. Now with
perpendicular bit encoding, and the areal density of disk platters,
there's just no room for fragmentation. Each bit gets written exactly in
the same place it did before. This wasn't the case with MFM encoding
(pre-1990 drives).
> Now, removing remnants of the file doesn't make it unrecoverable
> (in all circumstances), you might be able to still do a very low level
> recovery, something they would generally reserve for say, a RICO
> investigation, terrorists an those sorts. The only way to stop any and
> all data leaks, recoveries or anything of the sort is to either Degauss,
> Destroy or use Encryption on the drive from the get go and to be honest,
No, not really. Encryption is definitely good enough, and erasing only
the first and last gigabyte or so with random data, will destroy any
clues about using encryption on the disk. As far as the investigator
would be concerned, the whale disk was just overwritten with random
data, which creates perfect deniability.
> the only proper implementation of drive encryption (beyond the actual
> encryption) would be RedHat (and this is only because they offer the
> ability to span encryption across multiple drives and recommend it) and
> no drive encryption (beyond truecrypt) offers deniability.
[citation needed]
As far as I know, RHEL isn't doing anything special beyond LUKS and
dm-crypt, which is available in Debian and just about every other
GNU/Linux-based operating system. And, as mentioned above, it's trivial
to create deniability with any encrypted disk.
> Something
> I've brought up on both Debian and Ubuntu and even to Redhat. As a
> matter of fact, Ubuntu developers fought with me over the idea telling
> me that only criminals could possibly want plausible deniability, but
> Ubuntu is rather closed minded most of the time when it comes to this
> sort of thing.
Generally, when I've interfaced with Ubuntu developers, they've had rock
solid reasons on why something does or does not get implemented. It's
never been due to hard heads or closed minds, as you suggest.
--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
07-16-2010, 05:42 PM
Michael Iatrou
simple way to securely destroy deleted files in a file system
When the date was Friday 16 of July 2010, Jordan Metzmeier wrote:
> On 07/15/2010 08:46 PM, Michael Iatrou wrote:
> > I am skeptical whether there is any good reason for tools like wipe2fs,
> > zerofree and friends (if there are any...), when a dd && sync && rm
> > have the same result.
>
> You could say this about many things. These commands make things
> convenient. Why do those things manually when software can do it for you?
>
> Example:
>
> Under the same logic I could say that there no good reason for dget. I
> can manually wget the .dsc, .tar.orig and .changes to accomplish the
> same thing... but why when I can just dget the .dsc?
This is rather a philosophical question than a technical one: it is part of
UNIX mentality to have simple tools that can be put together to complete
complicated tasks. Practically seen, if the original poster was educated
with the principles of UNIX design, he wouldn't try to find a specialized
tool to perform a simple task.
Just my 2cents.
--
Michael Iatrou
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201007161242.41719.m.iatrou@freemail.gr">http://lists.debian.org/201007161242.41719.m.iatrou@freemail.gr
simple way to securely destroy deleted files in a file system
