Just out of curiosity sake. I f the FBI were to seize a computer during a raid.....I heared they can retrieve any info off of it even if u have tried to erase it. Is this true? :2pick:
Printable View
Just out of curiosity sake. I f the FBI were to seize a computer during a raid.....I heared they can retrieve any info off of it even if u have tried to erase it. Is this true? :2pick:
depnads what the dude did to its pc.... if you send a emc sockwave trough it, you won't get much.... if he has an explosif rigged to the case, same thing, but make sure the charge is big enough ( i'm pretty sure i read something about some finnish? agency recovering data from a burned hd)
if it is encrypted, it depands on the type, strenght of the scheme used, but they'll get through
otherwise they 'll get everything for sure... when you delete a file, the os, usualy, just erase the filename's location and not the data itself...
so you got to use a shredder (norton's got one i'm not sure what it's worth) a shredder will overwrite the data several times (at least 7 ?) so run twice and that's it...
Hmmm, why would the FBI want to raid your computer? Are you doing something you shouldn't?
If the FBI or any other agency takes your computer they can find ANY information that is on there. Your computer is like a tape recorder. It recordes everything that you do. All of your activities. Damn near every thing that you've ever done on your box can be traced. It depends on how old the information is.. but yeah, they can. ;)
Remote_Access_
Hrms...everything? I knew it just deletes the file location, but after a while wouldn't your system just overwrite that sector, therefore making the previous data on it unrecoverable?
Alrighty then, thank u all for the interesting replies....sheds some light on the subject. And, by the way "smirc".....the FBI would not want to take my pc. Also, did I even say such a thing? :2pick:
Hey RA are you back? Wasn't today the ....day?
ra, getting a bit paranoid ???
a lowlevel format gets rid of any data.
(or get a tool that rewrites all sectors... )
btw... ever used encryption ??
RA, are you sure about that "everything" comment? A few low-level formats (writing zeros to the entire drive) should erase prettymuch any trace of anything. . . Or so I have believed. . .
ahhh, the beauty of linux....unless I'm mistaken the shred command first overwrites the contents then hides it from the OS, that way it's securely deleted..
I have to agree with RA, they can get everything you have on there....unless you physically slice and dice your HD! And even then who knows....
Also, just FYI for those who don't know, they copy your HD onto a new one, and then **** with it!
The last test I heard, the NSA had found a way to read information from sectors that had been rewritten to something like 10 times. If they are admitting this, then they can probably go back 12 to 15 times. You can get programs off the internet to completely erase files (even pgp has a wipe utility) that overwrite a deleted file anywhere from 1 to 24 times.
okay. . .that's kinda scarey, but I'm not surprised. . , everything leaves an electromag residual.
and yes, though you can dice your HDD, they can peice together almost anything there. . .it's kinda scary. . .ressurecting the dead. . .
(I've done it with broken CDs, just to see if it worked. . .i got *some* data)
for a *REALLY* secure wipe, I would say 15000 degrees should do just fine. . .
I agree...15000 is probably about right
this is an article from 1995..."they've" been doing it a long time...at least over written up to 9 times...article seems to say that 10 is the magic number...
http://www.wired.com/wired/archive/3.10/data_pr.html
i remember hearing a rumbling a month or so ago about a new data recovery technique using scanning electrons...can't remember now and couldn't google it...
for most cases a good shredder is enough
i've use supershredder from analogx ..it's free
I've also been using sure delete...it's also free and is customizable with 3 levels of security..plus it's drag and drop and you can do single files or whole drives...
to be absolutely sure...i'd encrypt you whole drive then shred it ...then if "they" do recover it...they also have to decrypt...then do a hard drive polish...(do a search for defraggling in the archives...if ya haven't seen how to defraggle...you just have to... :D )
i would use a shredder 200 times, than u can be sure that it´s really down
I read about a program that you can use that basically destroys your whole computer's data with a single words entry is that true?
that's what these "shredder" progs do...they repeatedly overwrite the file.
basics
files are magnetically written to disk using 1's and 0's
when you delete a file in windows/dos it doesn't delete it...it just marks the physical space the file is occupying as free. it can remain there in it's entirety until something else writes over it
problems in terms of security
files stick around until they are overwritten even when they are deleted from recycle
files are not stored in contiguous chunks...a single file can be stored in many different phsyical parts of a disk (that's why we defrag...) so even if part of the file is over written, parts might not be and some data may be exposed.
because we are dealing with magnetism, there is a residual background "noise" that can be read by sensitive equipment and data recovered..even after being overwritten several times.
the shredder programs work on various schemes by writing patterns overtop of the full phsyical space taken up by a file..the more times the disk/file is written over, the less likely the chance that it can be recovered...
Quote:
Originally posted here by jcmcb
Also, just FYI for those who don't know, they copy your HD onto a new one, and then **** with it!
Yep... :D
Keep it forever as evidence too.
The recovery depends a lot on how you removed the data, and whether you maintain a backup of the partition. The safest method is to encrypt the files that would be searched for and have only a memory cached version you view. A RAM disk is nice for this you decrypt to a RAM disk and us it. When you shutdown..... the information is destroyed. Just remember to keep the encryption keys away from the system.
and here I thought that my info was safe when I trurned off my monitor
Take a look at encase from guidance.
Data has been recovered that has been erased and overwritten up to 7 times that I know of and on some drives that have been formatted several times.... :rolleyes:
So yes.
Check into ontrack data recovery systems.... :
You have to remember who you're talking about here. It's the FBI
not your local police station. It dosen't matter what encryption you use
cause I'm sure that they have a key. Even if they didn't how long do you
really think it would take for the FBI to decrypt the data? It dosen't really
depend on how you've removed the data cause they'll find it. If you want to
completely erasy your HD smash it into a million pieces and then burn it. After you've
burned it hide the ashes.
BTW, I'm not parinoid and I am sure about the everything comment.
Let's call it being 'cautious'. ;)
Remote_Access_
if u format it atleast 7 times thats the government standard.
they will not be able to find anything except the stuffu overwrote with because when u delete or remove something all you are really deleting is the FAT table so the info u thought u deleted is in perfect condition on the hard drive you just cant get to it without the fdat table unless u back it up.
but i would format at least 14 times just to be safe.
NABYLBT hit it pretty good though.
oh as far as encryption goes they have the time and the proccessor power to use brute force
so sorry encrytpion will not save ur ass
just delay them
That may be the 'standard' but that dosen't mean any thing.
They have technology in forensics (and other things)
that we've never even heard about. They always have something
up their sleves. Yeah, just delete the data eh? Hehe, sure thing.
It it was me I'd go with my method of destroying the data but
what ever. It's not my box being poked and proded at.. you'd be
suprised at what they can do with computer forensics.
Remote_Access_
hell no...15000 degree's?! HA! I **** out hotter feces...
...25000 should do the trick
As a Data Recovery Expert I find most freeware shredders are crap. The best one I have come across is Wipe Info in Norton Utilities 2002.
You should see how suprised my friends are at school when I recovery there passwords off their floppy's when they thought that they deleted them for good! :D
I've never used this virus before but it's called the Hard Drive Killer Pro. It claims to mutilate the hard drive physically. If you want to try it, give me an email (mcgill@dcsi.net.au). I forgot what website I got it from.
the dod standard for file shredding is 7 swipes of random data. remember that wiping a file isn't the same as the whole drive, there's always the slack space, and some operating systems save everything you type in a keyboard buffer. when you close the program you were typing into, it's usually dump the contents of the buffer into the slack space.
if someone were determined enough, it's possible to use an electron microscope to find traces of data on a disc, no matter how many times you've overwritten it.
it's pretty easy to find things like hex editors online. if you're interested, type something into a file like in notepad or something onto a floppy, deleted it, then check out the disc with norton undelete or the hex editor. you'd pry be surprised by what you find.
Nothing short of a sledge hammer and an intense heat......lol.
Use thermite, massive heat (the iron produced in the reaction melts), plenty to burn the drive into nothingness.
There are a few tools for defeating most forensic programs. Evidence Elliminator is a nice program that writes to your free sectors and also kills all the little logs and databases that can identify what you have been doing.
Another is called Santigov. It is actually a secure erasing program that will clean your hard drive and write junk to each sector as many times as you wish.
However, if the FBI really wants information about you, they probably already have what they need.
hmmmm i remember reading in some post that they even managed to recover data from a HD that had not only been formatted and over-written but actually had 6'' nails hammered through it - the only data they couldn't get was that which occupied the place where the nail went through :)
btw :echelon3 - HDK is from hackology.com
v_Ln
vmn boasts a a million bit encryption... Take no chances, removable media is the way for me..
did you know that: CD's/Mag. tapes/Flopyes burn really well? they do....
Best way to get rid of pesly 1'z and 0'z is flames.....hehe, I'm not a Pyromaniac, I just like setting fire to things....j/k
- Noia
low level format... nope (but you keep believing that) :-)
shread.... nope
over writing... nope
FBI... not a chance - but they know who to give it to15000 deg... maybe...
better get a can of silver polish and clean wrags and pull the disks to be sure... still, maybe not even then...
The procedure for removing a hard drive from a secured area, at least the security level the government enforces on my company, it must go through several stages of formatting and left without power for a full year. At this point they feel secure in the fact that the information is unrecoverable.
It takes over three months to even get memory out of the vault. Apparently there are methods to read that too.
I would suggest building and putting a powerful potential electromagnetic device in your computer. When you plug the computer in, it charges a capacitor. When you unplug (hard power) your device without performing certain precautions, the capacitor discharges into the electromagnetic coil right next to your hard drive. :)
I think massive radition is the way to go...but again how can you obtain such deadly sustance
except if you work in a nuclear station..Then you could just somehow dump your hd,cd's,floppy's.etc. in the reactor.