[clug] PC Forensics / Fun
rcrook at vtown.com.au
Thu Mar 29 13:46:06 GMT 2007
ROFL.... you forgot one Sam....
Never ever ever plug your PC into a network.
On Thu, 2007-03-29 at 23:11 +1000, Sam Couter wrote:
> Kane'0 <kane at areujoking.com> wrote:
> > I've used Ontrack's easyrecovery on drives that have been formatted +
> > reloaded 4+ times and had few problems getting the original data back. A few
> > corrputed imaged was about the worst loss. Dunno of a nix equivalent.
> This style of recovery method only works when "formatted" means "the
> directory information has been damaged or wiped but the files are still
> intact on the disk". It will not work if the disk has really been wiped.
> > Best way of wiping a drive is to physically destroy it. Rip it apart and
> > melt it in the fire drum.
> While this is true (it's the most reliable way to destroy data), it's
> overly paranoid in the majority of situations. Simply writing over the
> entire disk will make it prohibitively expensive to recover the data. It
> cannot be done with software, will require specialised equipment and
> skilled technicians, and will cost thousands to tens of thousands of
> Do this:
> dd if=/dev/zero of=/dev/hda bs=10240
> ... and wait a while. Maybe a long while for a big disk.
> Or do this:
> dd if=/dev/urandom of=/dev/hda bs=10240
> ... and wait longer. You've now increased the cost of recovery to
> hundreds of thousands to millions of dollars and substantially decreased
> the probability that anything useful at all will be recovered. Randomly
> tap on the keyboard and move the mouse a bit to increase the quality of
> the random data.
> If you think it's useful to do more and you're not doing most of the
> following, you're being irrationally paranoid and need to re-evaluate
> actual threats to your data security instead of going for the warm fuzzy
> "I'm safe from the Government" feeling:
> - Encrypted filesystems
> - Physically locking your computer in a safe when you're not using it
> - Only using your computer in a faraday cage or shielded room to avoid
> tempest attacks
> - Requiring multi-factor authentication (USB key, SecureID tag,
> thumbprint, whatever) and hard passphrases to log in
> - Using hardware-based intrusion detection systems with a monitored
> alarm on your computer and the rooms where you keep it and use it
> - Well-paid armed guards
More information about the linux