I hope this helps
> > I am wondering, is there any software I can use with Linux that can
> scramble
> > everything on my hard disk while running in memory, so I can prepare for a
> > new install? I want it to be impossible to recover deleted files.
It is one of the surprising realities of recording upon magnetic
media, that once
it is written that it in a fundamental sense CANNOT be erased, the very
very best that can
be hoped for is to be able to put noise over the data, reducing the signal
to noise ratio by
many dbs. Keep doing this and you might manage to to make the data
irretrievably
unrecoverable. AND what makes it worse is that this is the most optimistic
possibility !
In practice things like head misalignment make it possible that a
lobe of the track won't get
hit nearly as hard as the rest. I have actually seen this on a floppy disk
with a data scope which
displayed a coloured 2d map of a disk.
The only ultimate solution is to destroy the media.
> >
> > Also what of shredders? There is one in the gnome desktop, how does it
> work?
> > Does it follow the blocks in the inode table and overwrite with garbage or
> > whatever?
It would have to overwrite the data blocks of the file, I don't
think it matters much
if this is done via a dev-raw driver or be opening and overwriting the data
using normal
file IO calls. Of course it matters a great deal just what the data is you
use to overwrite,
one standard had several patterns which chopped the magnetic flux
transitions in suitable
ways, of course to do this properly one needs to know the method of
encoding. In the old
days this started as 'FM' which probably hasn't been used since diskettes
where single density.
Double density diskettes used 'MFM' which was also used on early hard
drives, but then a series
came along with increased density which was misleadingly called 'RLL' (run
length encoding) whereas
it was really 'GCR' (group code recording), of course Apple to be different
(and to increase capacity)
used GCR from the start (even on the Apple II !)
The problem is that each of these schemes (and GCR is actually a
whole family), will have their own
optimum and most destructive data patterns.
One would also want to use random data just in case, and there are
even more problems here, it has
to be cryptographically random data and they burn entropy at an enormous rate.
And then having destroyed the data one then has to destroy the
information that you once had
the data. This is like the military technique called traffic analysis,
where even without breaking the messages one
can derive information from the frequency and size of messages.
> If I were to write software like this, do I need to run it as a
> > kernel module? Can I do it entirely in C by dereferencing pointers? I am
> > still a bit of an amateur with assembly language.
This is entirely off track.
> >
> > And the software that recovers deleted files that the police use etc, know
> > any programmes like this?
Well the simplest simply use the fact that mostly deleted files
are not
really destroyed, just have their space returned to the category 'free to
be allocated',
the old CP/M and MSDOS file systems had common tools for this, using them was
good fun, often required creative thinking, I remember stringing together
blocks
from a lost file, and from the text ending one block having to predict and
search for
the next word or letters, whereupon the task leapfrogged to the end of the
next block.
>looking to cover your tracks? :P
It really depends upon just who you are trying to cover your
tracks from. What
their level of interest and budget comes to. On the other hand it is
nearly always simpler
to get information by threatening to put a gun in someone's ear !
Good luck in keeping your hot emails out of
the family law court !
Ross Mitchell
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
