On Wed, 2007-06-13 at 23:41 +0300, Ghiora Drori wrote:
> Hi,
> I heard a story about how a program called
> encase by http://www.guidancesoftware.com/
> was supposedly used to recover web mail (yahoo) from a disk of a person
> after the person had deleted the cache etc 
> <snip>
> The web browsers does use a cache to speed up browsing but I assume that
> things like web mail pages get overwritten pretty fast. If not it would
> be possible to go into an Internet cafe or university and read all web
> mail read there in the past from the disk.

Yes.
I'm not familiar with this specific tool, but the browser cache simply
stores the files downloaded from the internet in the local disk, and
when not needed - simply deletes them. Cleaning the cache involves just
deleting all the files that are not yet scheduled for deletion.

As we know - deleting a file in most file systems doesn't involve
destroying the data but simply marking the data as deleted. In some
operating systems its better then in others, for example FAT keeps all
the clusters, their order and what file they were related to, while
ext2/3 just keeps the data inodes (although because other
characteristics of the filesystem, its more likely that deleted files on
FAT would be overwritten). Assuming no software needs the disk space,
its very easy to recover all the files on a FAT file system, and only
slightly harder on an ext2/3 file systems.

If you want to really make sure no one can recover your files, you need
to "shred" them, which is a feature offered by some security minded
software - for example, kgpg from the KDE project. This involves
overwriting the files with a series of 0s and 1s in specific patterns
(doing so more then once, if you really want to be safe). Unfortunately
to the best of my knowledge there's no feature to automatically "shred"
files deleted during the normal operation of standard software, so your
browser cache is still vulnerable.

-- 

Oded


=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to