News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Hard disk forensics

Started by Magnum, December 16, 2012, 11:32:01 PM

Previous topic - Next topic

Magnum

Quote:

zero_out: ; Set memory to zero
mov [random + bx],00h
inc bx
cmp bx,64000
jnz zero_out

I was gone for a couple of years, so only read this recently.

It refers to a 16 bit file file shredder program I along with many others wrote.

If this is true, there must be a lot of lot of holes in people's hard disk taking up space so disk forensic gurus can recover data.  :biggrin:

---------------------------------------------------------------------

This looks unfinished ... is the result really random ??? Confused


Quote:
at first glance it looks to work on my xp

zero_out: ; Set memory to zero
mov [random + bx],00h
inc bx
cmp bx,64000
jnz zero_out

Write caches are your enemy when erasing. Overwriting the file data (even multiple times) only makes sense if in every pass all data is really being transfered to the lowest level (HD head) and written to the disk. Another problem is remapping of sectors. HD's and even more non-mechanical devices may remap sectors between writing sensitive data and writing wipe data. The sensitive data is impossible to find or delete using file I/O, but it is still recoverable using forensic technologies.

Solution: burn down or melt the device at at least 911F Very Happy .
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

have you been hitting the egg nog ?

Vortex

QuoteThe sensitive data is impossible to find or delete using file I/O, but it is still recoverable using forensic technologies.

Use a tool like Linux dd to clean everything :

dd if=/dev/zero of=/dev/sda

Magnum

Vortex,

I am not looking for any tool for wiping data.

Some of my code mishaps do that.

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org