Matthias Bethke wrote: > Hi Hemmann,, > on Sunday, 2005-10-30 at 19:05:20, you wrote: > >>>Oh, no doubt that they can recover from burned platters. >>>But have you ever seen, that they can recover overwritten >>>data? >> >>not seen, but read about it. They can recover overwritten data. > > > Maybe those overwritten once with a simple pattern. Not after a dozen > times with random bits, no way. > > >>>I've only heard the opposite - that they CANNOT do that. >> >>maybe you should ask one of the forensic/data saving companies that do this >>all day. > > > They don't. > > >>Recovering overwritten data is as easy as recovering from damaged drives. >> >>Basically, you need a very, very sensitive magnetic coil ;) > > > If you've ever seen the noisy output of a regular coil reading regular > data you start wondering how it comes out the same error-free sequence > in the first place. Recovering data from damaged drives isn't exactly > easy either, but they're still on the platters. Finding an overwritten > signal under several others is magnitues harder. > > On the original question: for wiping free space, a repeated > dd if=/dev/urandom of=/path/to/file bs=4096 > should be suffcicient, if slow. > To just wipe unused data to reduce the sice of a compressed image, I do > the same with /dev/zero. It fills the whole partition with a file full > of zeroes that you can remove afterwards. It's not quite as efficient as > really zeroing all free blocks but it works on every FS and should even > be unaffected by journaling. > > regards > Matthias > I am wondering if this discussion is irrelevent to anonymity and/or security, as if the /tmp and swap partitions are not dealt with, then what use is a secure erase?
Rob -- gentoo-user@gentoo.org mailing list