delete deleted data

In gmane.os.openbsd.misc, you wrote:
>
>  I'll put up a website with all the details and pictures... I'll call
>  it 'Put Up Or Shut Up' Anyone who wants a crack at recovering data
>  from the drive may do so (as long as they pay the shipping charges
>  both ways). If they can name one file that existed on the drive before
>  the dd overwrite from an OpenBSD install CD, then they can keep the
>  drive and be crowned king of data recovery and get $40 USD. Come on,
>  let's actually *do* and not just *talk*, OK?

I'm assuming it's a drive that had openbsd 4.2 on it.  If that was the
case, I can recover the name of at least one file.  The filename will
be "/" (without the quotes).  Please send me the drive and $40.


-Toby.
--
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

On Fri, Jan 04, 2008 at 02:56:12AM -0700, weingart@... wrote:

I can do two more: . and ..

        -Otto

On Thu, 3 Jan 2008 20:35:11 -0500, "Douglas A. Tutty"
<dtutty@...> said:
People keep quoting what governments can do. This is nothing but
hearsay.
Please point out one single source, one actual documented source not
what
some friend of a friend said they saw some guy do, that actually shows
someone recovered data from a completely overwritten disk.
If there is proof of this I would honestly like to be proven wrong.
I have had a casual interest in this for several years (and no, not for
any
illicit purpose, just casual curiosity) and I have yet to come across
any
proof it is possible. Not formatting or damage(even fire) or deletion,
complete overwriting. I am aware of what commercial data recovery
companies can do and as far as I have been able to ascertain this is
not within there realm or *anyones* realm.

On Thu, 3 Jan 2008 20:21:27 -0500, "Harpalus a Como"
<harpalus.como@...> said:
> Myth? Why are you so upset about this? It's not myth.
>
> The techniques involved in recovering data in the manner Marco and the
> NSA,
> DoD, and many others describe isn't a matter of running a simple software
> tool. It's a long, slow, annoying process that is also costly. But it is
> possible.
 
Hearsay.

Because myths and misinformation should always be dispelled.

> It's by no means a myth. If it is, there are a
> number of companies and government institutions interesting in how they
> recover data in this fashion if it's "not possible."

Hearsay.

I'm having a hard

On Thu, 03 Jan 2008 16:08:08 -0800, "Marco S Hyman" <marc@...>
said:
You throw out this document like it proves anything.
I was in the military. I was in Military Intelligence (yes, I know. Hold
the jokes)
I also had some experience with the degaussing and destruction
of disks. This does not prove *anyone* not even a government
can recover the data from a completely overwritten disk.
Not everything the government or the military does is necessary.
Sometimes precautions are taken well above what anyone
might even imagine might be possible.
Sorry if I sound in any way confrontational.
I just would really like to know.

Just a little point.  Sometimes precautions are taken
not so much for the sake of what can be done today but
what someone might figure out how to do in the future.
I am not an engineer, but the explanation that I have
heard of how data is read from a wiped drive sounds
plausable (if not possible) given that the equiptment
is available.  Who's to say that next week or next year
someone won't come up with a way of reading data from a
wiped drive by a method that we haven't even thought
of?  After all... man was never supposed to be able to:

-fly
-break the sound barrier
-understand women

oh wait... that last one I really do believe is
impossible.

s

this is way off OT but I'll reply anyway. :-)

On Fri, 4 Jan 2008, Eric Furman wrote:

Eric if you were in MI (I really want to make a joke, but I won't)
then you know that techniques related to data recovery from hard
drives would be classified.   The intelligence community is not
prone to publicaly publish whitepapers on their operations.

diana

On 1/4/08 3:03 AM, Greg Thomas wrote:
Pretty sound text but proves nothing, you have to live with it that you don't
know.

As pointed out, if enough money is involved chances are there that recovery is
possible.


DDR Stasi agents and American embassy people in Iran all destroyed paper with
military grade paper destroyers and it has proved to be readable.


Also keep in mind what Diana wrote: Intelligence people need to keep things
secret. If it was known they "could" break a type of code people would start
using other codes that they cannot break. That would always lead to a
seriously unwanted arms race.

I can add to that: Police people are by nature even less interested in
cracking techniques because for sound justice they have to be clear about
their methods and sources.

Police will tell you which locks are good for your door as long as they are
sure they can get in themselves if necessary.

+++chefren

Diana Eichert wrote:

Eric if you were in MI (I really want to make a joke, but I won't)
then you know that techniques related to data recovery from hard
drives would be classified.   The intelligence community is not
prone to publicaly publish whitepapers on their operations.

diana

I know how they do it. I have a friend who knows a guy that once worked for some government agency. Once my friend's friend had a bit too much to drink at a dinner party and he spilled the beans. He said that they divide the hard disk platters by zero and the data just automatically reassembles itself. He never actually saw it done, but he's positive that is the method used. Apparently only God and Governments actually know how to divide by zero :)

Greg Thomas wrote:
>> Myth?
>
> Have you read this:
> http://www.nber.org/sys-admin/overwritten-data-guttman.html?

You still haven't convinced me as to why I should believe a tax
analyst's rebuttal to a data security analyst's paper.  Feenberg has no
expertise in this area, and Gutmann does.  You're both trying to prove a
negative, him by asking an Australian homicide investigator and you by
sending your drive to one data-recovery company.

On Fri, Jan 04, 2008 at 11:22:16AM +0100, Otto Moerbeek wrote:
>
> I can do two more: . and ..

Damn.  Split it with you 3 ways...  :)

-Toby.
--
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

If you never write cleartext, there is nothing to recover.

http://dlock.com.tw/

Kevin

(P.S. I might be a satisfied dLock customer, if only they'd make it
easier to buy their product!)

Just FYI about security of deleted data..

I purchase used computers for parts every so often. Many of them have
working hard drives in them.

For fun, I analyze the hard drive out and see what I can find.. just as
a little game of mine.

When I run my undelete/recovery tools on them I can see basically
everything the previous owner had on the drive.. including passwords.
Some of the stuff may be overwritten.. but not much. I don't look at the
stuff for malicious use, I just do it out of curiosity to study whether
or not formatted drives really are secure. And I can say for sure they
are not secure. I don't go in looking at each password I recovered or
anything either.. i basically just confirm for fun that I can recover
the disk.. it's a cheap thrill and only someone with no life would do
such a thing. me. Actually there was a goal in all this.. it was to find
the best undelete tool that worked generically in the most situations.
And yes I found a few for MS Winblows that worked very well, since most
computers I buy had ms windows on them.

One thing I found was that some undelete tools are not nearly as good as
others.  I thought many of them used similar algorithms.. but some of
them really worked much better and completely differently

L505

Ok.. well seeing how I got 2 usefull responses after some 30 emails
with most others just randomly emailing _crap_ I decided to search the
web based on the suggestions from Hannah. (the first responder)

I think I am going to try working with THC-SecureDelete
(http://freeworld.thc.org/releases.php?o=1&s=4) which seems to be
working of the more popular delete algorithms.

Jon-


On Jan 3, 2008 2:55 PM, Jon <hypermails@...> wrote:

On Fri, Jan 04, 2008 at 03:55:41PM -0800, Jon wrote:
> Ok.. well seeing how I got 2 usefull responses after some 30 emails
> with most others just randomly emailing _crap_ I decided to search the
> web based on the suggestions from Hannah. (the first responder)
>
> I think I am going to try working with THC-SecureDelete
> (http://freeworld.thc.org/releases.php?o=1&s=4) which seems to be
> working of the more popular delete algorithms.

Hi,

I haven't read every message in this thread, and I can't be bothered to
do it just now ;-)

I did want to mention svnd(4), vnconfig(8), et al. Depending on your
needs it may be even better to keep everything in encrypted form the
whole time. If someone has already mentioned this then sorry for the
noise.

--
Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG
dwchandler@...   |  http://phxbug.org/      |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

On Jan 4, 2008 3:55 PM, Jon <hypermails@...> wrote:
> Ok.. well seeing how I got 2 usefull responses after some 30 emails
> with most others just randomly emailing _crap_ I decided to search the
> web based on the suggestions from Hannah. (the first responder)
>
> I think I am going to try working with THC-SecureDelete
> (http://freeworld.thc.org/releases.php?o=1&s=4) which seems to be
> working of the more popular delete algorithms.

see my last email.  if rm -P isn't good enough, that won't be either.

rm -P wont work... I looking to clean up deleted data ... not securely
delete a file.


On Jan 4, 2008 5:45 PM, Ted Unangst <ted.unangst@...> wrote:

2008/1/5, Jon <hypermails@...>:
> rm -P wont work... I looking to clean up deleted data ... not securely
> delete a file.
>
>

Just create a file and filling it with /dev/zero until it takes up all
the free spaces, then rm -P that file.

Or just use an encrypted file system next time you set up an OS, that
you don't have to worry about free space inside your encrypted
partitions, but the encryption strength.

--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

On 1/4/08, Jon <hypermails@...> wrote:
> rm -P wont work... I looking to clean up deleted data ... not securely
> delete a file.

i was curious how they do this, but it's nothing fancier than creating
a big file and filling it up.  i notice that they are using the magic
guttman incantation.  i am inherently distrusting of anyone who does,
because it means they didn't really pay attention.  nobody uses MFM or
RLL disks.

i was also curious how they claimed to clear inodes.  so i looked at
the code, and technique is pretty weak.  and the code is a complete
clusterfuck.  regardless of whether it (mostly) works or not, i firmly
believe that such juvenile code should not be allowed near any secure
data.

void sdel_wipe_inodes(char *loc, char **array) {
    char *template = malloc(strlen(loc) + 16);
    int i = 0;
    int fail = 0;
    int fd;

    if (verbose)
        printf("Wiping inodes ...");

    array = malloc(MAXINODEWIPE * sizeof(template));
    strcpy(template, loc);
    if (loc[strlen(loc) - 1] != '/')
        strcat(template, "/");
    strcat(template, "xxxxxxxx.xxx");

    while(i < MAXINODEWIPE && fail < 5) {
        __sdel_random_filename(template);
        if (open(template, O_CREAT | O_EXCL | O_WRONLY, 0600) < 0)
            fail++;
        else {
            array[i] = malloc(strlen(template));
            strcpy(array[i], template);
            i++;
        }
    }
    FLUSH;

    if (fail < 5) {
        fprintf(stderr, "Warning: could not wipe all inodes!\n");
    }

    array[i] = NULL;
    fd = 0;
    while(fd < i) {
        unlink(array[fd]);
        free(array[fd]);
        fd++;
    }
    free(array);
    array = NULL;
    FLUSH;
    if (verbose)
        printf(" Done ... ");
}

Are you willing to share the names of those programs ?

Kind regards
Kasper

L wrote: