September 29th, 2005, 03:45 PM
Not many of us have a clean room complete with ££££'s of VOGON forensics kit. However basic tests on secure erasure can be easily performed with PC Inspector file recovery:
Personally I use Cyberscrub; its much more professional and you can create your own algorithims. Guttmann wipe is slow but effective.
Your Network is only as secure as the dumbest user.
September 29th, 2005, 03:51 PM
I think for most people (unless your being pursued by mysterious black helicopters) it would be sufficient to use linux and dd if=/dev/random of=/dev/hda , a few times, maybe overwrite with zero's every other time. 5-10 times should pretty much fsck anything underneath.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
September 29th, 2005, 04:16 PM
And how about those flash devices? Those pen devices or Compact Flash memory cards... For EUR 100 you can already buy one with a 1 GB size. So, if you would use them to store sensitive data, then format them, are they clean enough? Or is forensics even able to read data from these devices?
And how about rewriteable CD/DVD disks? After formatting the sensitive data from those disks, is there still a way to retrieve the data again or won't even the most advanced forensics lab be able to retrieve anything from it?
September 29th, 2005, 04:37 PM
You can recover from flash devices from slackspace anyway. I suppose due to the nature of the technology the data will persist until it is overwritten.
Low level formatting and rewriting should take the flash devices beyond reasonable recovery. I don't know if it's possible (even in theory) to recover overwritten data from flash.
CD/DVD considering the cost of disks, if you want the data gone shred them physically or scratch the top surface down to the dye. I wouldn't mess about with formatting.
I suppose it could be possible to detect subtleties in the dyes of CD/DVD after formatting. Black helicopter time there though.
September 30th, 2005, 02:59 AM
A quick question (not to hijack the thread) that I thought would fit into this thread.
You have a file server setup. The clients connect to the file server and copy a file to their machine. On the client machine, the file is saved to a temporary location and then written to disk. So, there are two places one might find a file. The temporary location (normally RAM?) and on the disk.
Does the server put the file in a temporary location (either in RAM or a temporary folder) and then transmit it?
I just recently picked up one of my forensics books again today doing some review. However, I never remember seeing that mentioned. I suppose it would be an easy test using filemon...
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
February 24th, 2006, 01:06 AM
Use TrueCrypt with a good algorithim and a long complex password and only store your incriminating information on there.
Now and then securely remove caches and such. I use FireFox Portable and Miranda-IM so I know where all of that is stored, the only thing left is the swap file.
To erase a hard drive so that it is completely unrecoverable, or unrecoverable to the point that anything recovered would be inadmissable, just load your favorite linux live and do:
dd if=/dev/random of=/dev/hda1
I guarantee, all of this is more than sufficient to protect yourself from a FBI/CIB investigation. As long as you don't leave any loose ends lieing around. :-)
February 24th, 2006, 02:38 AM
Well since the thread is back, I guess I might as well ask, If you turn windows page file usage to 0, will it still use page files ? At all ? I know that it shouldn't, but considering window's track record on things like that, I gotta ask.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
February 24th, 2006, 09:00 AM
I don't think that you can do that, there is a "minimum allowed" value these days. It is 2Mb on this Win 2000 box.
February 24th, 2006, 09:30 AM
BC Wipe will wipe file slacks, and it also can encrypt your swap file.
Maybe he was running an older version of EE and it missed some of the cache? Maybe he p.o.'ed someone and got setup? Maybe his computer was "0wn3d"? There was a case in KY a couple of years back where the guy used that defense. He claimed his computer was hacked and used as a server. I've seen similar cracks firsthand.
No telling from the article what really happened but Katja's right: pretty dumb doing that at work.
“Everybody is ignorant, only on different subjects.” — Will Rogers