On Wed, 2007-06-13 at 23:41 +0300, Ghiora Drori wrote: > Hi, > I heard a story about how a program called > encase by http://www.guidancesoftware.com/ > was supposedly used to recover web mail (yahoo) from a disk of a person > after the person had deleted the cache etc > <snip> > The web browsers does use a cache to speed up browsing but I assume that > things like web mail pages get overwritten pretty fast. If not it would > be possible to go into an Internet cafe or university and read all web > mail read there in the past from the disk.
Yes. I'm not familiar with this specific tool, but the browser cache simply stores the files downloaded from the internet in the local disk, and when not needed - simply deletes them. Cleaning the cache involves just deleting all the files that are not yet scheduled for deletion. As we know - deleting a file in most file systems doesn't involve destroying the data but simply marking the data as deleted. In some operating systems its better then in others, for example FAT keeps all the clusters, their order and what file they were related to, while ext2/3 just keeps the data inodes (although because other characteristics of the filesystem, its more likely that deleted files on FAT would be overwritten). Assuming no software needs the disk space, its very easy to recover all the files on a FAT file system, and only slightly harder on an ext2/3 file systems. If you want to really make sure no one can recover your files, you need to "shred" them, which is a feature offered by some security minded software - for example, kgpg from the KDE project. This involves overwriting the files with a series of 0s and 1s in specific patterns (doing so more then once, if you really want to be safe). Unfortunately to the best of my knowledge there's no feature to automatically "shred" files deleted during the normal operation of standard software, so your browser cache is still vulnerable. -- Oded ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
