|
Posted by Geoff on August 31, 2006, 8:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
Sebastian Gottschalk wrote:
> Keith (Southend) wrote:
>
>> The last programme to execute is MSN Messenger that she uses a lot.
>
> So you can safely consider the system compromised.
>
>> I also installed Process Explorer but nothing I see looks suspect.
>
> Well, I've seen many funny things that weren't related to malware at all.
> Disabled hard disk caching, disabled process cache, overclocked RAM, ...
>
>> Could anyone perhaps point me to what perhaps my next course of action
>> may be?
>
> Autoruns from Sysinternals? Flattening and rebuilding?
Thanks Sebastian, yes MSN Messenger does compromise things among other
things she runs I'm sure, but it will be interesting to see what other
startups are going on besides the ones I know about. I imagine this
doesn't run as the computer starts up, as it would be interesting to see
exactly what running during those long waits.
--
Keith (Southend)
http://www.southendweather.net
e-mail: kreh at southendweather dot net
|
|
Posted by TwistyCreek on August 31, 2006, 12:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Geoff wrote:
> Hello,.
>
> I have spent time on & off trying to understand the abilitie(s) of Defrag
> and file wiping.
>
> My question is simple, ( well at least in typing it) Does or does not
> defragging eventually cleanse a hard-drive to the extent that nothing
> could be recovered?
Does not. Not only is it possible that the stuff you actually deleted
could be recovered because it's outside any sectors that ever get
written over by the defrag process, defragging does absolutely nothing
to obscure files or fragments of files that haven't been deleted at
all. And "eraser" programs are notoriously flawed. I doubt even
Micro$oft themselves knows every little hiding place Windows might
stash bits of your data. How is Joe from Joe's Eraser going to get them
all? :(
> I have heard that if a drive is defragged often enough not even military
> software can rebuild or identify anything the hard-drive may have had
> on it.
I've heard that if you dance naked under a full moon and chant the
words "baradda nikto filezgobyebye" you're safe too. <grin>
Think about it. Defrag generally tries to align and make contiguous
sectors of data that are scattered across a drive. IOW, if you have a
track that looks like this....
--------------------------------------------------------------------
File1 | File2 | File 1 | empty space | File1 | File2 |
--------------------------------------------------------------------
Defrag tries to make it look like this....
--------------------------------------------------------------------
File1 | File2 |
--------------------------------------------------------------------
See all the empty space at the end where parts of File1 and File 2 use
to be? They may or may not have been overwritten at all. Probably not.
And even if they were it's a one or two step overwrite, with other
data you might not want revealed no less. So it's a VERY good chance
that at least part of your "deleted" data is going to be recoverable.
> I personally have a program called "super-shredder"., but if I feed it
> anything larger than a 'meg' it seems to balk....... should I even
> bother with this?
Don't know a thing about your super-shredder, but there's literally
hundreds of utilities both big and small to "securely delete" files.
Some are better than others, some are total snake oil, and it's
debatable to what extent they're effective in the first place. Military
Wipe is pretty much a meaningless buzz word because you're not using
the same equipment the military uses. Their read/write heads are
likely to be a whole lot more sensitive and powerful than the heads in
your consumer grade drive, so it's possible that you'll NEVER be able
to completely wipe a drive to the point it will stand up to "Military
Grade" analysis. Note that "military" might mean FBI or their ilk in
this context.
If you want the best possible protection against having your files
recovered by LE or other attackers then encrypt them. Whole disk
encryption if you possibly can. If they're that valuable the penalty
for not handing over the pass phrases will be less than them having the
evidence (if there's any penalty at all), and you can be just shy of
100% sure they'll not be able to recover anything. Use very strong pass
phrases, like in the 25-30 random character range, and you're golden.
Mainstream, peer reviewed whole disk encryption using known secure
algorithms in conjunction with pass phrases of equal or better strength
and I'd even go out on the limb and give it the 100% unrecoverable seal
of approval. With a "for all practical purposes" disclaimer. ;) You
never know if space aliens haven't given your government ultra-secret
methods of factoring very large numbers or something. ;)
|
|
Posted by on September 15, 2006, 9:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
>drive, so it's possible that you'll NEVER be able
>to completely wipe a drive to the point it will stand up to "Military
>Grade" analysis. Note that "military" might mean FBI or their ilk in
>this context.
>
Security Services have a three or four level deletion process the last
of which entails reducing the actual drive to a fine metallic powder.
Recover that..!! :-)
|
|
Posted by Inquirer on September 15, 2006, 4:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Security Services have a three or four level deletion process the last
>of which entails reducing the actual drive to a fine metallic powder.
>Recover that..!! :-)
Why do they bother with the first two or three then?
--
Email address invalid. Please reply to group. Thank you.
|
|
Posted by Moe Trin on September 16, 2006, 3:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>On Fri, 15 Sep 2006 14:33:41 +0100, JB wrote:
>>Security Services have a three or four level deletion process the last
>>of which entails reducing the actual drive to a fine metallic powder.
Do you have a citation for that?
>Why do they bother with the first two or three then?
Start with the paper of Peter Gutmann of the University of Auckland from
1996, (http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) even
though it's quite dated now.
Then look at the paper by Gordon F. Hughes of the UC San Diego Center for
Magnetic Recording Research in October 2004
(http://cmrr.ucsd.edu/hughes/CmrrSecureEraseProtocols.pdf) which notes
that in 2004, a disk fragment that contains a single 512-byte record block
in size (about 1/125" or 0.20 mm) can be read in about an hour. Given the
then common disk size of (perhaps) 10 Gigabytes, the problem of finding the
"right" disk block (or disk fragment) becomes apparent.
Then look at the NISPOM (DoD 5220.22M), and see what it _requires_ for
the "sanitizing" of media that held (officially) classified material. Up
to (US) Secret, it's just a triple wipe (ones, zeros, random). Above that,
it's (basically) to slag the media. The idea is to first destroy the
magnetic media (either by using an extremely strong magnet, or raising
the temperature of the media above the Curie temperature for a long
enough period in hours to demagnetize it), and then to make sure of the
results, melting/dissolving the remains (which involves much higher
temperatures or down-right dangerous chemicals). The residue is then
buried in a secure land-fill, but I'm not sure this isn't a requirement
of the results of the dangerous materials used.
The average home user is rarely able to find a magnet of the required
strength (we're well into the 8-10,000 Oersted range now - several orders
of magnitude more than that refrigerator magnet produces), and the Curie
temperatures are generally in excess of what mummy's oven is capable of.
Finding and actually obtaining suitable chemicals is rather difficult,
never mind the hazards of using them and disposing of the results.
Thus, you're stuck with sanding the media off the platters (use 600 or
"Ultra Fine" silicon carbide grit), or chucking the platters in a drill
press (using a large bolt and nut) and using a fine file to grind the
platter to a powder with a grain size less than 0.001 inch or 0.025 mm.
Not entirely practical, and you should wear a breathing (dust) mask and
safety glasses for either method.
The fairly common urban legend cited by posers everywhere is to stick the
drive (or even just the platters themselves) in a microwave oven. While the
sparks may look impressive, this causes far more damage to the microwave
oven than to the disk drive or platters. The similar idea of passing it
through the metal detector or X-ray machines at the airport is equally
useless.
But then, if you are in England, all this is unnecessary. A recent post to
the Usenet newsgroup "alt.humor.best-of-usenet" (the original posting was
to "uk.misc") has a cheap and perfect solution:
-----
> What's the best way of disposing of them in such a way that the hard
> disks can never be used again, not even if they swap parts with 'donor'
> hard disks?
Post them to yourself via City Link to destroy them, and then post
them again via Parcel Force for disposal.
-----
Look it up if you don't know the two organizations.
Old guy
|
| Similar Threads | Posted | | find out the hosting company of the web site | July 18, 2007, 7:18 pm |
| Find the most professional tutorials in a couple of clicks !!! | April 1, 2006, 11:28 am |
| Are you financially frustrated? Relax! This is your answer. | September 15, 2005, 11:04 pm |
| Device Authentication - The answer to attacks lauched using stolen passwords? | September 2, 2006, 7:44 pm |
| This post may be ill-placed | March 7, 2006, 6:19 am |
| I can't post to this group | March 11, 2006, 11:42 am |
| Newsgroup Post Interference | December 28, 2005, 3:34 pm |
| Re: Newsgroup Post Interference | December 28, 2005, 6:10 pm |
| If I could afford the bandwidth this how I would post | October 28, 2006, 9:59 pm |
| Can somebody post the wordlist from Openwall (for aircrack) thanks ..... | March 31, 2006, 6:01 am |
|
XML site map