| 1 |
Hi Hemmann,, |
| 2 |
on Sunday, 2005-10-30 at 19:05:20, you wrote: |
| 3 |
> > Oh, no doubt that they can recover from burned platters. |
| 4 |
> > But have you ever seen, that they can recover overwritten |
| 5 |
> > data? |
| 6 |
> |
| 7 |
> not seen, but read about it. They can recover overwritten data. |
| 8 |
|
| 9 |
Maybe those overwritten once with a simple pattern. Not after a dozen |
| 10 |
times with random bits, no way. |
| 11 |
|
| 12 |
> > I've only heard the opposite - that they CANNOT do that. |
| 13 |
> |
| 14 |
> maybe you should ask one of the forensic/data saving companies that do this |
| 15 |
> all day. |
| 16 |
|
| 17 |
They don't. |
| 18 |
|
| 19 |
> Recovering overwritten data is as easy as recovering from damaged drives. |
| 20 |
> |
| 21 |
> Basically, you need a very, very sensitive magnetic coil ;) |
| 22 |
|
| 23 |
If you've ever seen the noisy output of a regular coil reading regular |
| 24 |
data you start wondering how it comes out the same error-free sequence |
| 25 |
in the first place. Recovering data from damaged drives isn't exactly |
| 26 |
easy either, but they're still on the platters. Finding an overwritten |
| 27 |
signal under several others is magnitues harder. |
| 28 |
|
| 29 |
On the original question: for wiping free space, a repeated |
| 30 |
dd if=/dev/urandom of=/path/to/file bs=4096 |
| 31 |
should be suffcicient, if slow. |
| 32 |
To just wipe unused data to reduce the sice of a compressed image, I do |
| 33 |
the same with /dev/zero. It fills the whole partition with a file full |
| 34 |
of zeroes that you can remove afterwards. It's not quite as efficient as |
| 35 |
really zeroing all free blocks but it works on every FS and should even |
| 36 |
be unaffected by journaling. |
| 37 |
|
| 38 |
regards |
| 39 |
Matthias |
| 40 |
|
| 41 |
-- |
| 42 |
I prefer encrypted and signed messages. KeyID: 90CF8389 |
| 43 |
Fingerprint: 8E1F 1081 A466 2946 B98A B9E2 099F 3B91 |
Archives