March 23rd, 2005, 05:52 PM
Here is a link to a tutorial I wrote a while back that may have some relevance.
I would suggest that you look at the posts by groovicus in the forensics forum. I recall he did some testing of data erasure and recovery.
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
March 23rd, 2005, 11:11 PM
Thanks for all your help guys. This is a really interesting topic...one which i myself am interested in, and there is a good scope for interviews with employees on thier policy, linking it to business - whilst also stressing the importance of this for a home user. The stats would be could, and i'm sure would bring up some interesting results.
I will look into other tools, (I know some people who work in law enforcement and are invloved that way, so maybe I can use that angle. Maybe i can use a copy of Encase from one of them...who knows.
I could also show techniques for secure deletion of data, and actually demeonstrate how it works. The only other thing I was considering was the use of how hard drives can be encrypted, how would this effect getting information off the drive (obviously it needs to be unencrypted) but I hear that there are some encryption that is impossible to break. Does anyone have any info on encryption of hard drives, the best programs to use, and how someone would go about decrypting it?
A really good idea, I have a lot to discuss with my tutor!
\"Get busy livin\', or get busy dyin\'...\" Come visit www.computer-tutorials.org
March 24th, 2005, 04:33 AM
Yes there are many, have a google search on "assembly language" on the net and you will find many.good luck
Originally posted here by andrewsco
Thanks again for the reply's. One thing; I tried to google on what a 'degaussing ring' is, but couldn't find any info on actually using it to wipe an entire drive...could you explain please?
Gostmachine: I will have a look into that thanks, that would be really interesting if i could put some programming into my dissertation somehow. I dont suppose there are any tutorials you know of explaining this in a bit more detail?
March 24th, 2005, 06:04 PM
I think Sony already use some form of encryption on there disk (magic gate i beleive) but thats to prevent priracy of the disks, so that only there stuff can be used in there products.
Check out the nintendo ds for information on media encryption, --> delsinux.org
there many open source disk encryption drivers
March 25th, 2005, 04:39 PM
Didn't XP include this in SP2, the option to encrypt the hdd data ? I was wanting to say it came up in the forensics class I was in and although I don't think it will have/cause any issues with actually copying the data off the disk (you are just transferring bytes, which is irrespective of the data content; however, it was mentioned you would need the key to be able to access anything...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
May 26th, 2005, 03:06 AM
Originally posted here by andrewsco
Second thing - How exactly can data be recovered. I know that programs such as Encase are used, but i have also read that data can be recovered, even after being re-written a number of times (I gather this has to do with the hardware?) Does anyone know any more on this, and where I could find some information?
I've confirmed, using before-and-after direct disk view software, that at least one program does indeed wipe data: Eraser 5.7 (open source software). That includes wiping small files that reside in the Master File Table (MFT).
However, there's a catch: on NTFS systems, there is journaling data temporarily stored in a file called $LogFile. This system file, which essentially serves as a short-term record of what's written to the disk so that the system can recover should power be lost, consists of a bunch of 4kB records. That can include information that's from a file you wanted to wipe.
The good news, from a privacy point of view, is that the $LogFile is routinely overwritten, so any information stored there has a very limited shelf life (perhaps less than 24 hours during normal computer use, or less with heavy disk access activities).
However, there are other places for file recovery programs like Encase to find data. When disks are defragmented, files shortened or data moved from one disk to another, old data is frequently left in its old positions on the disk, data which is now orphaned. The computer's pagefile and hibernation file can both leave lots of data behind, too. If disk freespace is not routinely overwritten, there can be a surprising amount of info left through normal use. And, of course, Encase can find all sorts of info in obscure, non-deleted files.
Encase isn't magic. It can't recover data that's been overwritten. But you'd better make sure that there aren't other copies or fragments of copies lying around on the disk, or it can find them.
May 26th, 2005, 03:21 AM
On the topic of encryption, a program I've been experimenting with is Truecrypt 3.1a (also open source). It incorporates basically unbreakable on-the-fly encryption in several ways, has quite a few clever options and can even be used, with an add-on, to encrypt a user's entire profile on disk.
In addition to the above, I use both WinPT and Enigmail, which use GnuPG public-key encryption.
All of these are open-source programs that are available for Windows XP.
Eraser (website is down this evening, presumably temporarily):
Enigmail (plug-in for Mozilla and Mozilla Thunderbird email programs):