Re: delete deleted data
new_guy wrote: Marco S Hyman wrote: Brad Tilley writes: performed from the OpenBSD 4.2 install CD. I'll send it to the one 'ISO Certified' company that agreed to examine it. If they cannot You keep throwing around the 'ISO Certified' tag as if it had some special meaning. Certified to what standard? I'm just parroting the *one* data recover company's marketing hype that agreed to take the drive. They make this claim: ISO 9001 - 2000 certified I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. The Great Zero Challenge - It is noble and just to dispel myths, falsehoods and untruths. http://16systems.com/zero/index.html -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p15058799.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
2008/1/6, Eric Furman [EMAIL PROTECTED]: On Sat, 5 Jan 2008 14:25:37 +1100, Sunnz [EMAIL PROTECTED] said: Just create a file and filling it with /dev/zero until it takes up all the free spaces, then rm -P that file. But from his original post he wants to make sure everything is cleanly deleted without affecting the existing OS. In this case I don't think what you are trying to do is possible, but it also depends on how So what problem is? Affecting the OS? Or that it won't be 100% 'clean'? As far as I am aware, the file system would only allow you to fill it up till it has 5% free space remaining... when it has reach that point you can even boot up in single user mode to do a rm -P. securely you are trying to make your deletes. Do you want to hide it from the schmo you are taking in to service your computer or are you trying to hide it from the FBI? If he is asking this on a public mailing list, it is probably the former and rm -P is adequate for that case... otherwise I think he would have taken the grinder advice!!! :p -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: delete deleted data
Notwithstanding the mentioned 5% issue, in context and for the purposes of secure wipes, is it not better to use /dev/arandom (or /dev/srandom) vs. /dev/zero as in dd if=/dev/arandom ... /S -Original Message- From: Sunnz [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Furman [EMAIL PROTECTED] Cc: Jon [EMAIL PROTECTED], OpenBSD Misc misc@openbsd.org Subject: Re: delete deleted data Date: Sun, 6 Jan 2008 21:13:42 +1100 Delivered-To: [EMAIL PROTECTED] 2008/1/6, Eric Furman [EMAIL PROTECTED]: On Sat, 5 Jan 2008 14:25:37 +1100, Sunnz [EMAIL PROTECTED] said: Just create a file and filling it with /dev/zero until it takes up all the free spaces, then rm -P that file.
Re: delete deleted data
2008/1/6, scott [EMAIL PROTECTED]: Notwithstanding the mentioned 5% issue, in context and for the purposes of secure wipes, is it not better to use /dev/arandom (or /dev/srandom) vs. /dev/zero as in dd if=/dev/arandom ... /S Well rm -P is going to overwrite the file 3 times anyway right? arandom is perhaps theoretically 'better', and we know that there are 5% unerased free space... but I think it is up to the reader to decide if this is enough for them. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: delete deleted data
Are you willing to share the names of those programs ? Kind regards Kasper L wrote: Just FYI about security of deleted data.. I purchase used computers for parts every so often. Many of them have working hard drives in them. For fun, I analyze the hard drive out and see what I can find.. just as a little game of mine. When I run my undelete/recovery tools on them I can see basically everything the previous owner had on the drive.. including passwords. Some of the stuff may be overwritten.. but not much. I don't look at the stuff for malicious use, I just do it out of curiosity to study whether or not formatted drives really are secure. And I can say for sure they are not secure. I don't go in looking at each password I recovered or anything either.. i basically just confirm for fun that I can recover the disk.. it's a cheap thrill and only someone with no life would do such a thing. me. Actually there was a goal in all this.. it was to find the best undelete tool that worked generically in the most situations. And yes I found a few for MS Winblows that worked very well, since most computers I buy had ms windows on them. One thing I found was that some undelete tools are not nearly as good as others. I thought many of them used similar algorithms.. but some of them really worked much better and completely differently L505
Re: delete deleted data
On 04/01/2008, at 8:19 AM, Brad Tilley wrote: One pass from /dev/zero is more than enough for all cases. I agree that after a single pass of zeroes, getting anything but zeroes from a fully working, unaltered drive is not going to happen. But if you remove the digital logic which masks residual signals via thresholds used to determine at what point a 1 is considered a 1 and a 0 a 0, then perhaps 1's and 0's could be restored from some drives. Through the use of a replacement device that samples each bit with a bit depth greater than 1, allowing analysis to interpret what I would have thought would not be constant uniform samples. I think more importantly, if it is comparatively very cheap to erase a drive in a paranoid manner and the leaking of that data could cost a fortune, then the comparatively small cost of paranoid erasure could be a risk worth taking. Shane
Re: delete deleted data
On 04/01/2008, at 12:21 PM, Harpalus a Como wrote: Myth? Why are you so upset about this? It's not myth. The techniques involved in recovering data in the manner Marco and the NSA, DoD, and many others describe isn't a matter of running a simple software tool. It's a long, slow, annoying process that is also costly. But it is possible. Not every company or person in the forensics industry is a master at their job. If they say it's not possible, perhaps it's just not something their software package does for them? (I'm not trying to be derogatory, but I do know a guy who does computer forensics work, and the software/hardware he uses is about all he knows. He just goes through the motions. Doesn't know all that much about filesystems or disks.) I agree. Most computer forensics people I have worked with, tended to stick to what they considered to be standard procedures with standard forensics software. They were mostly ex-police with computing training. I personally managed to get results which other forensics teams could not (or would not), which I believe was because I was willing to use some creative techniques that they wouldn't dare come to court with. As far as the data recovery industry goes, I think there are more frauds than experts advertising such services. Shane
OT YAG Re: delete deleted data
Okay, someone touched on this so I'll follow it a little further. Say you pull the platter(s) out of the drive and now start analysing the data as analog voltage levels and not highs/lows with threshold. Also, get the data off the platter(s) by driving a head across it in different directions. Now start doing signal processing on the data set(s) you've acquired. Any EE worth their weight in salt understands signal processing. I do believe a lot of younger engineers have grown up in the 1 0 digital world and forget about analog. g.day diana
Re: delete deleted data
It was shareware/trialware and I am looking for the name of it... usually it is right on my Wiki when I make notes.. but I can't find it there yet. L505 Kasper Revsbech wrote: Are you willing to share the names of those programs ? Kind regards Kasper L wrote: One thing I found was that some undelete tools are not nearly as good as others. I thought many of them used similar algorithms.. but some of them really worked much better and completely differently L505
Re: OT YAG Re: delete deleted data
On 06/01/2008, at 1:57 AM, Diana Eichert wrote: Any EE worth their weight in salt understands signal processing. I do believe a lot of younger engineers have grown up in the 1 0 digital world and forget about analog. I think the first computers I witnessed in a work place, were actually analog computers (Navy). Where a mix of humans, transistors, valves, gears and three-phase motors/sensors, got the job done.;-) Shane
Re: OT YAG Re: delete deleted data
On Sun, 6 Jan 2008, Shane J Pearson wrote: SNIP Where a mix of humans, transistors, valves, gears and three-phase motors/sensors, got the job done.;-) Shane No coal and steam? I had to say it. diana
Re: OT YAG Re: delete deleted data
On Jan 5, 2008, at 8:06 AM, Shane J Pearson wrote: I think the first computers I witnessed in a work place, were actually analog computers (Navy). Where a mix of humans, transistors, valves, gears and three-phase motors/sensors, got the job done.;-) They're still in use as of the late 90s.
Re: OT YAG Re: delete deleted data
On Saturday 05 January 2008 09:57:54 Diana Eichert wrote: Okay, someone touched on this so I'll follow it a little further. Say you pull the platter(s) out of the drive and now start analysing the data as analog voltage levels and not highs/lows with threshold. Also, get the data off the platter(s) by driving a head across it in different directions. Now start doing signal processing on the data set(s) you've acquired. Any EE worth their weight in salt understands signal processing. I do believe a lot of younger engineers have grown up in the 1 0 digital world and forget about analog. g.day diana Yeah, analog stuff is sorely lacking, as if RF stuff today. My only comment about data resurrection is that I'll bet that good analog data from the disk varies with the density. Getting data off an 800M to couple G disk? Absolutely. But I wonder far more about a 1T disk. I'm not saying it can't be done; logic says that disks of the modern era should still be destroyed, but I'd love to know how much data gets garbled when sniffing really high density disks. --STeve Andre'
Re: delete deleted data
Unix Fan wrote: L wrote: Restoring files from FAT partitions is easy.. I use fatback(http://sf.net/projects/fatback)... I will check that one out.. But either way, no such utility exists to restore data that has been overwritten.. regardless of the algorithms used. Unless there was a magnetic offline hardware utility of some sort that scanned magnetic fields?
Re: delete deleted data
L wrote: Unix Fan wrote: But either way, no such utility exists to restore data that has been overwritten.. regardless of the algorithms used. Unless there was a magnetic offline hardware utility of some sort that scanned magnetic fields? http://www.actionfront.com/ts_dataremoval.aspx It has been suggested that an electron microscope could be used to read and interpret any patterns that were not fully *overwritten* by the process. * snip* Electron microscopes have been used to detect and identify *magnetic* regions smaller than the fluxes used to represent data on a 200 megabyte *disk* *drive*. Unfortunately, at best, this type of process could be accomplished at a rate of perhaps 1 bit per second. Furthermore, since virtually every *drive* in production today records two or more *magnetic* fluxes (due to R.L.L. recording) to represent each bit the actual rate could be considerably slower.
Re: OT YAG Re: delete deleted data
On Sat, Jan 05, 2008 at 12:09:08PM -0700, Diana Eichert wrote: On Sun, 6 Jan 2008, Shane J Pearson wrote: SNIP Where a mix of humans, transistors, valves, gears and three-phase motors/sensors, got the job done.;-) Shane No coal and steam? I had to say it. What do you think generates the three-phase power on a ship at sea; extension cord to the dock? :) I wonder what media they use for data asternment? I hear that U.S. Navy S.E.a.L.'s use Flash(-Bang)s. :) Doug.
Re: delete deleted data
On Sat, 5 Jan 2008 14:25:37 +1100, Sunnz [EMAIL PROTECTED] said: 2008/1/5, Jon [EMAIL PROTECTED]: rm -P wont work... I looking to clean up deleted data ... not securely delete a file. Just create a file and filling it with /dev/zero until it takes up all the free spaces, then rm -P that file. But from his original post he wants to make sure everything is cleanly deleted without affecting the existing OS. In this case I don't think what you are trying to do is possible, but it also depends on how securely you are trying to make your deletes. Do you want to hide it from the schmo you are taking in to service your computer or are you trying to hide it from the FBI?
Re: delete deleted data
In gmane.os.openbsd.misc, you wrote: I'll put up a website with all the details and pictures... I'll call it 'Put Up Or Shut Up' Anyone who wants a crack at recovering data from the drive may do so (as long as they pay the shipping charges both ways). If they can name one file that existed on the drive before the dd overwrite from an OpenBSD install CD, then they can keep the drive and be crowned king of data recovery and get $40 USD. Come on, let's actually *do* and not just *talk*, OK? I'm assuming it's a drive that had openbsd 4.2 on it. If that was the case, I can recover the name of at least one file. The filename will be / (without the quotes). Please send me the drive and $40. -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: delete deleted data
On Fri, Jan 04, 2008 at 02:56:12AM -0700, [EMAIL PROTECTED] wrote: In gmane.os.openbsd.misc, you wrote: I'll put up a website with all the details and pictures... I'll call it 'Put Up Or Shut Up' Anyone who wants a crack at recovering data from the drive may do so (as long as they pay the shipping charges both ways). If they can name one file that existed on the drive before the dd overwrite from an OpenBSD install CD, then they can keep the drive and be crowned king of data recovery and get $40 USD. Come on, let's actually *do* and not just *talk*, OK? I'm assuming it's a drive that had openbsd 4.2 on it. If that was the case, I can recover the name of at least one file. The filename will be / (without the quotes). Please send me the drive and $40. I can do two more: . and .. -Otto
Re: delete deleted data
On Thu, 3 Jan 2008 20:35:11 -0500, Douglas A. Tutty [EMAIL PROTECTED] said: On Thu, Jan 03, 2008 at 04:08:08PM -0800, Marco S Hyman wrote: As for disk destruction... I don't know nor pretend to know what can and can not be recovered. Take a look at https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet/isp/odaa/documents/clear_n_san_matrix_06282007_rev_11122007.pdf The DSS (Defense Security Service, part of the DoD) calls what you have done clearing the disk. It does not sanitize the disk. To sanitize you need to either degauss or destroy the disk. The NIST article that (I think) started this thread says that it (the document) applies to commercial-grade privacy but not to government-grade classified material. In other words, there's an implied difference between the ability of a commercial data recovery company and a major government. So, you have to look at who your adversary is and the value of the data. If the value is less than the drive, then clear the disk and sell it. If you are keeping the disk in-house but just re-allocating it, then clear the disk and re-use it. However, if the agency you wish to not be able to read the disk has the backing of a major government: 1:distroy the disk 2:distroy the computer (the document actually says this re RAM chips) 3:re-evaluate the whole concept of using a computer at all, expecially if the hardware is at risk of being stolen (seized, confiscated, etc). If the data on the drive has always been in encrypted form, then you have to evaluate the strength of the encryption vs. the strength of the adversary. People keep quoting what governments can do. This is nothing but hearsay. Please point out one single source, one actual documented source not what some friend of a friend said they saw some guy do, that actually shows someone recovered data from a completely overwritten disk. If there is proof of this I would honestly like to be proven wrong. I have had a casual interest in this for several years (and no, not for any illicit purpose, just casual curiosity) and I have yet to come across any proof it is possible. Not formatting or damage(even fire) or deletion, complete overwriting. I am aware of what commercial data recovery companies can do and as far as I have been able to ascertain this is not within there realm or *anyones* realm.
Re: delete deleted data
On Thu, 3 Jan 2008 20:21:27 -0500, Harpalus a Como [EMAIL PROTECTED] said: Myth? Why are you so upset about this? It's not myth. The techniques involved in recovering data in the manner Marco and the NSA, DoD, and many others describe isn't a matter of running a simple software tool. It's a long, slow, annoying process that is also costly. But it is possible. Hearsay. Not every company or person in the forensics industry is a master at their job. If they say it's not possible, perhaps it's just not something their software package does for them? (I'm not trying to be derogatory, but I do know a guy who does computer forensics work, and the software/hardware he uses is about all he knows. He just goes through the motions. Doesn't know all that much about filesystems or disks.) Why are you so hellbent on proving everybody wrong, to the point of actually shipping your drive off? Because myths and misinformation should always be dispelled. It's by no means a myth. If it is, there are a number of companies and government institutions interesting in how they recover data in this fashion if it's not possible. Hearsay. I'm having a hard time believing On Jan 3, 2008 7:54 PM, new_guy [EMAIL PROTECTED] wrote: Marco S Hyman wrote: Brad Tilley writes: performed from the OpenBSD 4.2 install CD. I'll send it to the one 'ISO Certified' company that agreed to examine it. If they cannot You keep throwing around the 'ISO Certified' tag as if it had some special meaning. Certified to what standard? I'm just parroting the *one* data recover company's marketing hype that agreed to take the drive. They make this claim: ISO 9001 - 2000 certified I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14608861.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Just a little point. Sometimes precautions are taken not so much for the sake of what can be done today but what someone might figure out how to do in the future. I am not an engineer, but the explanation that I have heard of how data is read from a wiped drive sounds plausable (if not possible) given that the equiptment is available. Who's to say that next week or next year someone won't come up with a way of reading data from a wiped drive by a method that we haven't even thought of? After all... man was never supposed to be able to: -fly -break the sound barrier -understand women oh wait... that last one I really do believe is impossible. s
Re: delete deleted data
Greg Thomas wrote: Myth? Have you read this: http://www.nber.org/sys-admin/overwritten-data-guttman.html? You still haven't convinced me as to why I should believe a tax analyst's rebuttal to a data security analyst's paper. Feenberg has no expertise in this area, and Gutmann does. You're both trying to prove a negative, him by asking an Australian homicide investigator and you by sending your drive to one data-recovery company.
Re: delete deleted data
On 1/4/08 3:03 AM, Greg Thomas wrote: On Jan 3, 2008 5:21 PM, Harpalus a Como [EMAIL PROTECTED] wrote: Myth? Have you read this: http://www.nber.org/sys-admin/overwritten-data-guttman.html? Why are you so upset about this? Myth's that compel people to waste time and energy should be destroyed. It's not myth. Have you read this or any of the papers referenced here: http://www.nber.org/sys-admin/overwritten-data-guttman.html? Pretty sound text but proves nothing, you have to live with it that you don't know. As pointed out, if enough money is involved chances are there that recovery is possible. DDR Stasi agents and American embassy people in Iran all destroyed paper with military grade paper destroyers and it has proved to be readable. Also keep in mind what Diana wrote: Intelligence people need to keep things secret. If it was known they could break a type of code people would start using other codes that they cannot break. That would always lead to a seriously unwanted arms race. I can add to that: Police people are by nature even less interested in cracking techniques because for sound justice they have to be clear about their methods and sources. Police will tell you which locks are good for your door as long as they are sure they can get in themselves if necessary. +++chefren
Re: delete deleted data
On Fri, Jan 04, 2008 at 11:22:16AM +0100, Otto Moerbeek wrote: I can do two more: . and .. Damn. Split it with you 3 ways... :) -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: delete deleted data
If you never write cleartext, there is nothing to recover. http://dlock.com.tw/ Kevin (P.S. I might be a satisfied dLock customer, if only they'd make it easier to buy their product!)
Re: delete deleted data
Just FYI about security of deleted data.. I purchase used computers for parts every so often. Many of them have working hard drives in them. For fun, I analyze the hard drive out and see what I can find.. just as a little game of mine. When I run my undelete/recovery tools on them I can see basically everything the previous owner had on the drive.. including passwords. Some of the stuff may be overwritten.. but not much. I don't look at the stuff for malicious use, I just do it out of curiosity to study whether or not formatted drives really are secure. And I can say for sure they are not secure. I don't go in looking at each password I recovered or anything either.. i basically just confirm for fun that I can recover the disk.. it's a cheap thrill and only someone with no life would do such a thing. me. Actually there was a goal in all this.. it was to find the best undelete tool that worked generically in the most situations. And yes I found a few for MS Winblows that worked very well, since most computers I buy had ms windows on them. One thing I found was that some undelete tools are not nearly as good as others. I thought many of them used similar algorithms.. but some of them really worked much better and completely differently L505
Re: delete deleted data
Ok.. well seeing how I got 2 usefull responses after some 30 emails with most others just randomly emailing _crap_ I decided to search the web based on the suggestions from Hannah. (the first responder) I think I am going to try working with THC-SecureDelete (http://freeworld.thc.org/releases.php?o=1s=4) which seems to be working of the more popular delete algorithms. Jon- On Jan 3, 2008 2:55 PM, Jon [EMAIL PROTECTED] wrote: hi folks, again - the thread is deviating from the original request. windows has a open source software called erase (http://www.heidi.ie/eraser/features.php). the question is what is a software that would work similarly in OpenBSD. let the people who want to grind/hammer/burn/snort etc.. do what they want.. All I want is to ensure that my current disks don't have any recoverable data with out affecting the OS installed on it. -jon
Re: delete deleted data
On Fri, Jan 04, 2008 at 03:55:41PM -0800, Jon wrote: Ok.. well seeing how I got 2 usefull responses after some 30 emails with most others just randomly emailing _crap_ I decided to search the web based on the suggestions from Hannah. (the first responder) I think I am going to try working with THC-SecureDelete (http://freeworld.thc.org/releases.php?o=1s=4) which seems to be working of the more popular delete algorithms. Hi, I haven't read every message in this thread, and I can't be bothered to do it just now ;-) I did want to mention svnd(4), vnconfig(8), et al. Depending on your needs it may be even better to keep everything in encrypted form the whole time. If someone has already mentioned this then sorry for the noise. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: delete deleted data
On Jan 4, 2008 3:55 PM, Jon [EMAIL PROTECTED] wrote: Ok.. well seeing how I got 2 usefull responses after some 30 emails with most others just randomly emailing _crap_ I decided to search the web based on the suggestions from Hannah. (the first responder) I think I am going to try working with THC-SecureDelete (http://freeworld.thc.org/releases.php?o=1s=4) which seems to be working of the more popular delete algorithms. see my last email. if rm -P isn't good enough, that won't be either.
Re: delete deleted data
rm -P wont work... I looking to clean up deleted data ... not securely delete a file. On Jan 4, 2008 5:45 PM, Ted Unangst [EMAIL PROTECTED] wrote: On Jan 4, 2008 3:55 PM, Jon [EMAIL PROTECTED] wrote: Ok.. well seeing how I got 2 usefull responses after some 30 emails with most others just randomly emailing _crap_ I decided to search the web based on the suggestions from Hannah. (the first responder) I think I am going to try working with THC-SecureDelete (http://freeworld.thc.org/releases.php?o=1s=4) which seems to be working of the more popular delete algorithms. see my last email. if rm -P isn't good enough, that won't be either.
Re: delete deleted data
2008/1/5, Jon [EMAIL PROTECTED]: rm -P wont work... I looking to clean up deleted data ... not securely delete a file. Just create a file and filling it with /dev/zero until it takes up all the free spaces, then rm -P that file. Or just use an encrypted file system next time you set up an OS, that you don't have to worry about free space inside your encrypted partitions, but the encryption strength. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: delete deleted data
On 1/4/08, Jon [EMAIL PROTECTED] wrote: rm -P wont work... I looking to clean up deleted data ... not securely delete a file. i was curious how they do this, but it's nothing fancier than creating a big file and filling it up. i notice that they are using the magic guttman incantation. i am inherently distrusting of anyone who does, because it means they didn't really pay attention. nobody uses MFM or RLL disks. i was also curious how they claimed to clear inodes. so i looked at the code, and technique is pretty weak. and the code is a complete clusterfuck. regardless of whether it (mostly) works or not, i firmly believe that such juvenile code should not be allowed near any secure data. void sdel_wipe_inodes(char *loc, char **array) { char *template = malloc(strlen(loc) + 16); int i = 0; int fail = 0; int fd; if (verbose) printf(Wiping inodes ...); array = malloc(MAXINODEWIPE * sizeof(template)); strcpy(template, loc); if (loc[strlen(loc) - 1] != '/') strcat(template, /); strcat(template, .xxx); while(i MAXINODEWIPE fail 5) { __sdel_random_filename(template); if (open(template, O_CREAT | O_EXCL | O_WRONLY, 0600) 0) fail++; else { array[i] = malloc(strlen(template)); strcpy(array[i], template); i++; } } FLUSH; if (fail 5) { fprintf(stderr, Warning: could not wipe all inodes!\n); } array[i] = NULL; fd = 0; while(fd i) { unlink(array[fd]); free(array[fd]); fd++; } free(array); array = NULL; FLUSH; if (verbose) printf( Done ... ); }
Re: delete deleted data
Marco Peereboom wrote: bullshit. I decided to put my money where my mouth is :) I bought a 80GB, Western Digital IDE hard drive. $60 USD. Attached it to a Windows XP laptop (usb-ide bridge), initialized it, created one (1) primary partition, formatted it NTFS and copied an older subversion repository to it. I documented and screen-shot the entire process. I then booted the laptop with an OpenBSD 4.2 install CD and selected the 's' option and ran dd like this on the hard drive: dd if=/dev/zero of=/dev/rsd0c I called three (3) well-known data recovery companies. Two of them said recovery was not possible after the dd procedure, one of them said they'd be willing to try so long as no other data recovery company had opened the HDD case and offered to do a free analysis in one of their ISO certified labs. I'm sending the drive off tomorrow, I'll let you know in a few weeks how it turns out. Brad -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14604134.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
On Thu, 3 Jan 2008 11:55:16 -0800 (PST), new_guy [EMAIL PROTECTED] said: Marco Peereboom wrote: bullshit. I decided to put my money where my mouth is :) I bought a 80GB, Western Digital IDE hard drive. $60 USD. Attached it to a Windows XP laptop (usb-ide bridge), initialized it, created one (1) primary partition, formatted it NTFS and copied an older subversion repository to it. I documented and screen-shot the entire process. I then booted the laptop with an OpenBSD 4.2 install CD and selected the 's' option and ran dd like this on the hard drive: dd if=/dev/zero of=/dev/rsd0c I called three (3) well-known data recovery companies. Two of them said recovery was not possible after the dd procedure, one of them said they'd be willing to try so long as no other data recovery company had opened the HDD case and offered to do a free analysis in one of their ISO certified labs. I'm sending the drive off tomorrow, I'll let you know in a few weeks how it turns out. It can't be done. it's an urban legend, AFAICT. http://www.nber.org/sys-admin/overwritten-data-guttman.html Which references Gutmann's paper which started all this...
Re: delete deleted data
I'm sorry Marco, but I think what you've said is bullshit, as well contacted several so called data recovery organizations, after admitting to have zeroed the drive contents - They said recovery wasn't possible.. While it might be possible to get miscellaneous data off of a drive, it would likely be cost prohibitive (if even possible..). But let's see how new_guy(aka Brad)'s quest goes.. perhaps he can post any documents/paper would returned by the company.. -Nix Fan.
Re: delete deleted data
It can't be done. it's an urban legend, AFAICT. Yes I know. That's the whole point of this. It would have been better to donate a 100 bucks to OpenBSD. I'm just fed-up with the stupid drivel about needing to burn, grind, overwrite, and nuke drives... and even after all of that there's still a chance (albeit small) that the NSA can recover all data from the non-existent drive... out of the ether I guess /dev/zero is all you need :)
Re: delete deleted data
On Jan 3, 2008 3:35 PM, Marco Peereboom [EMAIL PROTECTED] wrote: Great. The companies I worked with charged $500 per megabyte. I am sure you'll spend that to prove whatever point you are trying to make. Free analysis. I pay shipping. The drive cost 60 bucks. I'll probably have a total of 100 bucks in it at most... cause they ain't gonna recover jack... even in their ISO certified labs. We need to put a stop to the notion that mulitiple overwrites and grinding and burning and nuking drives is *required*... it's silly and wasteful. One pass from /dev/zero is more than enough for all cases.
Re: delete deleted data
On Thu, 3 Jan 2008, Brad Tilley wrote: SNIP and nuking drives is *required*... it's silly and wasteful. One pass from /dev/zero is more than enough for all cases. HaHaHa, I wish my day job employer would let me take the drugs you're on. diana
Re: delete deleted data
Marco S Hyman wrote: Brad Tilley writes: performed from the OpenBSD 4.2 install CD. I'll send it to the one 'ISO Certified' company that agreed to examine it. If they cannot You keep throwing around the 'ISO Certified' tag as if it had some special meaning. Certified to what standard? I'm just parroting the *one* data recover company's marketing hype that agreed to take the drive. They make this claim: ISO 9001 - 2000 certified I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14608861.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Myth? Why are you so upset about this? It's not myth. The techniques involved in recovering data in the manner Marco and the NSA, DoD, and many others describe isn't a matter of running a simple software tool. It's a long, slow, annoying process that is also costly. But it is possible. Not every company or person in the forensics industry is a master at their job. If they say it's not possible, perhaps it's just not something their software package does for them? (I'm not trying to be derogatory, but I do know a guy who does computer forensics work, and the software/hardware he uses is about all he knows. He just goes through the motions. Doesn't know all that much about filesystems or disks.) Why are you so hellbent on proving everybody wrong, to the point of actually shipping your drive off? It's by no means a myth. If it is, there are a number of companies and government institutions interesting in how they recover data in this fashion if it's not possible. I'm having a hard time believing On Jan 3, 2008 7:54 PM, new_guy [EMAIL PROTECTED] wrote: Marco S Hyman wrote: Brad Tilley writes: performed from the OpenBSD 4.2 install CD. I'll send it to the one 'ISO Certified' company that agreed to examine it. If they cannot You keep throwing around the 'ISO Certified' tag as if it had some special meaning. Certified to what standard? I'm just parroting the *one* data recover company's marketing hype that agreed to take the drive. They make this claim: ISO 9001 - 2000 certified I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14608861.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
On Thu, Jan 03, 2008 at 04:08:08PM -0800, Marco S Hyman wrote: As for disk destruction... I don't know nor pretend to know what can and can not be recovered. Take a look at https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet/isp/odaa/documents/clear_n_san_matrix_06282007_rev_11122007.pdf The DSS (Defense Security Service, part of the DoD) calls what you have done clearing the disk. It does not sanitize the disk. To sanitize you need to either degauss or destroy the disk. The NIST article that (I think) started this thread says that it (the document) applies to commercial-grade privacy but not to government-grade classified material. In other words, there's an implied difference between the ability of a commercial data recovery company and a major government. So, you have to look at who your adversary is and the value of the data. If the value is less than the drive, then clear the disk and sell it. If you are keeping the disk in-house but just re-allocating it, then clear the disk and re-use it. However, if the agency you wish to not be able to read the disk has the backing of a major government: 1: distroy the disk 2: distroy the computer (the document actually says this re RAM chips) 3: re-evaluate the whole concept of using a computer at all, expecially if the hardware is at risk of being stolen (seized, confiscated, etc). If the data on the drive has always been in encrypted form, then you have to evaluate the strength of the encryption vs. the strength of the adversary. JM2c Doug.
Re: delete deleted data
On Jan 3, 2008 5:21 PM, Harpalus a Como [EMAIL PROTECTED] wrote: Myth? Have you read this: http://www.nber.org/sys-admin/overwritten-data-guttman.html? Why are you so upset about this? Myth's that compel people to waste time and energy should be destroyed. It's not myth. Have you read this or any of the papers referenced here: http://www.nber.org/sys-admin/overwritten-data-guttman.html? Greg -- Up mesons in the low desert: http://lodesertprotosites.org Dethink to survive - Mclusky
Re: delete deleted data
new_guy wrote: I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. Awesome :) I totally like the idea, I'd like to put the 1 pass is not enough myth to rest as well... I've been in the computing industry for 20 years, and I still refuse to submit to the Americas NSA knows all dogmai. (I like the Put Up or Shut Up slogan as well!!) Keep us informed Brad :) -Nix Fan.
Re: delete deleted data
On 3 Jan 2008 18:55:14 -0800, Unix Fan [EMAIL PROTECTED] wrote: (I like the Put Up or Shut Up slogan as well!!) The problem is that none of us have the funds that the NSA has to aquire an answer that will actually silence this thread. The reality is: Who are you trying to protect it against? That question also allows you to guess what level of funding they have. If you are talking about $random_person_from_ebay, then sure probably /dev/zero is Good Enough (TM), however if you are talking about someone who can assign a dedicated team and spend months on it, with well over a million dollar budget then you will need to spend an equal amount to see that answer. This is precisely who some on this list are saying that isn't enough while others are going it's good enough because I suspect one is thinking on on a different budget level. While I haven't read every single message in this thread, I haven't seen anyone mention who they are trying to hide the data from.
Re: delete deleted data
On Thu, 3 Jan 2008, Mark Rolen wrote: Diana Eichert wrote: You can locate data from formatted and wiped hard drive, if you have the resources behind you. Can you point to an actual instance you know of where this has happened? I don't mean that in an aggressive or challenging way, I'm sincerely interested after reading that rebuttal of Guttman's paper. I've also always subscribed to the complete destruction idea. I'm sorry, I can't point to any particular instance. I know a lot of people don't believe it and think it is all black helicopter stuff et al. I am also not saying it's any one particular gov't TLA nor which nation(s)'s intelligence organization. I don't mean recovery of data where someone accidentally issued a del or rm command and the file is pieced back together, or recovery of some data after filesystem corruption, etc. I'm wondering if someone has truly recovered data from a drive where every single bit of data has been overwritten with zeroes/random data/whatever. Regards, Mark diana
Re: delete deleted data
Eric Furman wrote: It can't be done. it's an urban legend, AFAICT. http://www.nber.org/sys-admin/overwritten-data-guttman.html Which references Gutmann's paper which started all this... Of course I'm sure a tax analyst (http://www.nber.org/vitae/vita184.htm) knows more about data recovery than a security researcher with a history of researching overwritten-data-retrieval (http://www.cs.auckland.ac.nz/~pgut001/).
Re: delete deleted data
On 1/3/08, new_guy [EMAIL PROTECTED] wrote: I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. you are not proving that data cannot be recovered. you are proving that it cannot be recovered at a cost of $100. if you have not spent $1 million, you cannot claim that someone with $1 million cannot recover the data. that's just how things work. but this has, as ever when it comes up, gone terribly far astray. the first rule of data recovery: in order for your data to be recovered, there has to be someone willing to do (pay for) the recovery. the original question was about overwriting a file in such a manner that the drive could still be used. melting or shredding the drive does not result in a usable drive. if i never see another chucklehead recommending use thermite it will be too soon. overwriting the disk with /dev/zero or any other pattern does result in a usable drive, but not a usable filesystem. so now we're down to just scorched earth, but we won't salt the fields. again, not helping. so we come back to rm -P. this comes pretty damn close. it kills the targeted file with no collateral damage. it even does a reasonable job of overwriting more than once, though not with the guttman superpattern, but that's a load of crap anyway. but there are three things rm -P does not delete. it doesn't delete any temporary files created when the original was being edited. it doesn't delete any blocks or fragments that ffs may have rearranged in a cluster op. it doesn't delete any bad blocks that the disk itself moved around. it also doesn't delete any data that's been posted on youtube, but that's a whole nother issue. the first is an application issue, but it can be very difficult to control. this even applies to the thermite people. if /tmp is on a different disk than /home, nuking one won't destroy all the data. you have basically no control over what ffs does. this also applies if you have ever truncated the file down. rm -P can only overwrite the current file. you can solve both these issues by writing a tool that overwrites all unused disk blocks. the code for fsck would be a good place to start writing such a tool. then you can run it periodically and know that whatever free space is on your filesystem is clean. as for the disk relocating blocks, there's nothing you can do programatically. by the same token, however, it's not so trivial to recover and it depends on your secret data having been relocated. for most people, doing a cost/benefit risk analysis here should come up somewhere short of vaporization. the solution nobody ever comes up with but which is so totally obvious is to prevent the data from being stored on the hard drive in the first place. holy cryptographic kryptonite batman. if you encrypt the data, you don't have to worry about somebody reading it even if you don't delete it at all. if you are giving away a hard drive and intend for the recipient to use it, wiping it is the best you can do. in most cases though, hard drives are cheap, so you're not likely to give away a disk without data. instead, you want to dispose of the disk and data, permanently. in that case, a quick whack with a hammer to a control chip and a connector and tossing into an anonymous dumpster is even faster than wiping.
Re: delete deleted data
On Mon, Dec 31, 2007 at 12:25:02PM -0600, Marco Peereboom wrote: On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: hi I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) -jon Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. put a wood furnace in you garage, get a good hardwood fire going, pop the disk in there, and stoak it again in 2 hours. there you go. cel -- Christopher Linn celinn at mtu.edu | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.
Re: delete deleted data
On Tue, Jan 01, 2008 at 02:14:53PM -0500, Christopher Linn wrote: On Mon, Dec 31, 2007 at 12:25:02PM -0600, Marco Peereboom wrote: On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. put a wood furnace in you garage, get a good hardwood fire going, pop the disk in there, and stoak it again in 2 hours. there you go. Of course, both the grinder and the fire will have a negative effect on the OS installed on the drive :) Note that if you do choose the fire method, that there are components in the drive that you don't need to burn in order to securely delete data. Burning them will have a negative impact on the environment and perhaps on the stove. All you really need to do is burn the oxide off the platters. If the platters are aluminum, it shouldn't be too difficult to melt the platters but I don't know if that will render the oxide coating inoperable or if it just comes off as a sheet that could be read. Perhaps you need to grind up the platters into powder, mix in some powdered nitrogen fertilizer, and explode it with your annual fireworks :) Doug.
Re: delete deleted data
Still recoverable. I have dealt with pretty badly burnt disks that we recovered data off. Really the grinder is the way to go. On Tue, Jan 01, 2008 at 02:14:53PM -0500, Christopher Linn wrote: On Mon, Dec 31, 2007 at 12:25:02PM -0600, Marco Peereboom wrote: On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: hi I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) -jon Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. put a wood furnace in you garage, get a good hardwood fire going, pop the disk in there, and stoak it again in 2 hours. there you go. cel -- Christopher Linn celinn at mtu.edu | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.
Re: delete deleted data
Hi! On Tue, Jan 01, 2008 at 05:27:59PM -0600, Marco Peereboom wrote: Still recoverable. I have dealt with pretty badly burnt disks that we recovered data off. Really the grinder is the way to go. Thermite should do the work too. Hot enough to bring the material out of the ferromagnetic temperature range, i.e. to lose its magnetization. And nice special fx. *g* Grinding leaves small pieces of still magnetized material where a *very* determined (yeah, unlikely unless the data is worth *very* much) attacker could try playing jigsaw puzzle. Of course you could try combining a grinding and a demagnetizing technique (for the latter I'm still partial with applying heat that brings the material well out of the ferromagnetic range). Kind regards, Hannah.
Re: delete deleted data
Jon wrote: (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) What problem are you trying to solve?
Re: delete deleted data
Hi! On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) dd if=/dev/zero of=/mount/point/something bs=1024k (wait until disk is full) rm /mount/point/something -jon Kind regards, Hannah.
Re: delete deleted data
Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: hi I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) -jon
Re: delete deleted data
But as a stopgap, look into rm -P (on OpenBSD). Linux has shred too. On Dec 31, 2007 1:25 PM, Marco Peereboom [EMAIL PROTECTED] wrote: Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: hi I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) -jon
Re: delete deleted data
Jon-113 wrote: Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. /dev/zero or /dev/urandom either will work fine (the first being quicker than the last) -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561483.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
On Dec 31, 2007 10:25 AM, Marco Peereboom [EMAIL PROTECTED] wrote: Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. Someone linked me this article a couple calling into question the ability to actually read overwritten data: http://www.nber.org/sys-admin/overwritten-data-guttman.html I'de love to read something from the other side, showing real examples of getting usable data off of a disk that has been overwritten / wiped / etc any links or info?
Re: delete deleted data
xSAPPYx wrote: Someone linked me this article a couple calling into question the ability to actually read overwritten data: http://www.nber.org/sys-admin/overwritten-data-guttman.html I'de love to read something from the other side, showing real examples of getting usable data off of a disk that has been overwritten / wiped / etc any links or info? Not possible on today's drives. In fact, according to NIST, one overwrite with only zeros is sufficient. See The National Institute of Standards and Technology (NIST) Special Publication 800-88, Guidelines for Media Sanitation. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561973.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Marco Peereboom wrote: Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. Be sure that you do this yourself or personally witness the act. I just experienced this myself where a contractor was *paid* money to grind up hard drives in a bunch of old Sun hardware before the equipment was auctioned off online. The contractor even issued 'certificates of destruction' for the drives... long story short, the drives had not been destroyed. They were intact, untouched, not even a software wipe. The drives booted and worked fine. A simple 'boot cdrom -s' to change the root passwd was all it took to view the hard drive's content. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14562122.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
rm -P would be what you're looking for.. But is it even required? It's not exactly an easy task to undelete a file anyway... the process alone is an effecitve deterrent. -Nix Fan.
Re: delete deleted data
Some geeks have had hard drive roast featuring thermite placed on top of hard drives to melt them. That sounds like a fun way to securely delete data given enough thermite. --- Marina Brown Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by mail.surferz.net (Postfix) with ESMTP id 57CBA149AFC for [EMAIL PROTECTED]; Mon, 31 Dec 2007 14:04:36 -0500 (EST) Received: from mail.surferz.net ([127.0.0.1]) by localhost (mail.surferz.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 21140-04-14 for [EMAIL PROTECTED]; Mon, 31 Dec 2007 14:04:29 -0500 (EST) Received: from shear.ucar.edu (lists.openbsd.org [192.43.244.163]) by mail.surferz.net (Postfix) with ESMTP id 7081F149AF2 for [EMAIL PROTECTED]; Mon, 31 Dec 2007 14:04:19 -0500 (EST) Received: from openbsd.org (localhost.ucar.edu [127.0.0.1]) by shear.ucar.edu (8.14.1/8.13.6) with ESMTP id lBVIxZHP010613; Mon, 31 Dec 2007 11:59:35 -0700 (MST) Received: from mail.peereboom.us (adsl-76-250-126-209.dsl.austtx.sbcglobal.net [76.250.126.209]) by shear.ucar.edu (8.14.1/8.14.1) with ESMTP id lBVItobX025486 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for misc@openbsd.org; Mon, 31 Dec 2007 11:55:50 -0700 (MST) Received: by mail.peereboom.us (Postfix, from userid 0) id 6D83D5B702D; Mon, 31 Dec 2007 12:55:42 -0600 (CST) Received: from peereboom.us (dev.peereboom.us [192.168.0.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.peereboom.us (Postfix) with ESMTPSA id AFB6B5B7005; Mon, 31 Dec 2007 12:55:41 -0600 (CST) Date: Mon, 31 Dec 2007 12:25:02 -0600 From: Marco Peereboom [EMAIL PROTECTED] To: Jon [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: delete deleted data Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.17 (2007-11-01) X-Loop: misc@openbsd.org Precedence: list Sender: [EMAIL PROTECTED] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at surferz.net Grind them up. There is nothing else you can do to permanently wipe disks. Residual magnetism is always there provided good enough equipment. If your data is that sensitive there is nothing else but the grinder. On Mon, Dec 31, 2007 at 10:25:25AM -0800, Jon wrote: hi I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) -jon
Re: delete deleted data
On Mon, Dec 31, 2007 at 04:32:08PM -0500, [EMAIL PROTECTED] wrote: Some geeks have had hard drive roast featuring thermite placed on top of hard drives to melt them. That sounds like a fun way to securely delete data given enough thermite. nah, use one of these http://www.glasstorchtech.com/torches.html the Mirage will liquify the platters in about 40 seconds ... smells kinda bad though. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: delete deleted data
bullshit. On Mon, Dec 31, 2007 at 12:56:54PM -0800, new_guy wrote: xSAPPYx wrote: Someone linked me this article a couple calling into question the ability to actually read overwritten data: http://www.nber.org/sys-admin/overwritten-data-guttman.html I'de love to read something from the other side, showing real examples of getting usable data off of a disk that has been overwritten / wiped / etc any links or info? Not possible on today's drives. In fact, according to NIST, one overwrite with only zeros is sufficient. See The National Institute of Standards and Technology (NIST) Special Publication 800-88, Guidelines for Media Sanitation. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561973.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
To expand on bullshit a little... The longer you leave a 0 or 1 in a given place on a platter the more of an impression it makes there. Writing over it with with random bits, even several times, will not totally erase the deep magnetic impression of the former bit. Forensics are more than good enough to pick that up, if you pay the money. As always, the real question becomes how much of a chance is there of someone getting an old hard disk, and how much damage would be done if they read the data on it. This is where is usually falls apart. People want to completely wipe a disk, but want that to be essentially free in cost and hassle. Tough cookies. If it's worth it, then completely destroy the drives. If it's not worth it then write random data on it a few times and call it good. But make an informed choice. Writing random data might stop joe blow, but it won't stop someone serious with a lot to gain. On Mon, Dec 31, 2007 at 05:36:46PM -0600, Marco Peereboom wrote: bullshit. On Mon, Dec 31, 2007 at 12:56:54PM -0800, new_guy wrote: xSAPPYx wrote: Someone linked me this article a couple calling into question the ability to actually read overwritten data: http://www.nber.org/sys-admin/overwritten-data-guttman.html I'de love to read something from the other side, showing real examples of getting usable data off of a disk that has been overwritten / wiped / etc any links or info? Not possible on today's drives. In fact, according to NIST, one overwrite with only zeros is sufficient. See The National Institute of Standards and Technology (NIST) Special Publication 800-88, Guidelines for Media Sanitation. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561973.html Sent from the openbsd user - misc mailing list archive at Nabble.com. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: delete deleted data
hi the problem is to clean up the un-used storage locations. When I delete files / logs/ etc... I don't want any one to recover them. I am not asking how to securly discard my disks... The answers are (from the threads) 1. rm -P 2. fill up the disks with 0 and delete them when the disk is full or near full I am not looking for how to grind the disks or hammer the. How to get some one to dispose of the hard disks.. Again, Is there a way to wipe the un-used space in my hard disks clean with out afftecting the OS ? -jon On Dec 31, 2007 10:25 AM, Jon [EMAIL PROTECTED] wrote: hi I see a lot of programs that are available to clean up the disks for Windows OS. Not wipe a disk but clean up deleted files so they cannot be recovered. Is there any program for OpenBSD that will clean up the disks so that deleted files cannot be recovered. (not looking to delete a file securly - but to wipe the disk clean of deleted file with out affecting the OS) -jon
Re: delete deleted data
On Dec 31, 2007, at 11:19 PM, Jon wrote: hi the problem is to clean up the un-used storage locations. When I delete files / logs/ etc... I don't want any one to recover them. I am not asking how to securly discard my disks... The answers are (from the threads) 1. rm -P 2. fill up the disks with 0 and delete them when the disk is full or near full I am not looking for how to grind the disks or hammer the. How to get some one to dispose of the hard disks.. Again, Is there a way to wipe the un-used space in my hard disks clean with out afftecting the OS ? -jon Then it appears that you have your answer(s) -Jonathan