Find the answer to your Linux question:
Results 1 to 6 of 6
Ok, I have been wondering about this for a while, and a recent episode of the TV show Numbers has brought it back to my attention. I understand that when ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Nov 2004
    Location
    New York
    Posts
    150

    File deletion conceptual question


    Ok, I have been wondering about this for a while, and a recent episode of the TV show Numbers has brought it back to my attention.

    I understand that when you typically delete a file, you are not doing much to the data it contains, but you are simply removing the ("inode"?) pointer that allows the operating system to see the data as a coherent block of information rather than just random garbage data. This garbage data will eventually be overwritten with new files, unless special software is used to reconstruct it. Am I correct so far?

    Why is it then, that tools like shred try to rewrite to the file location on disk using complicated distortion algorithms, in order to make a file unrecoverable? Why can't you just set that chattr option that resets the file data to a series of zeros when its hard link is removed? The only thing I can think of is that there's some sort of physical magnetic property of the hard drive that causes it to retain traces of information even when itís theoretically erased - or at least that's what I'm gathering from the dialog on Numbers.

    Any thoughts / knowledge?
    \"Nifty News Fifty: When news breaks, we give you the pieces.\" - Sluggy Freelance

  2. #2
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766
    There are forensic tools that allow the recovery of files, even after they've been over written several times. The concept that you're talking about from the show is valid.

    There have been a number of federal cases where the hard drive was wiped, yet the investigators were able to retrieve the information from the drive.

    Bottom line is this. If you REALLY want that information to disappear, destroy the drive. (e.g., sand the oxide off the platter).
    Registered Linux user #384279
    Vector Linux SOHO 7

  3. #3
    Linux Newbie
    Join Date
    Nov 2004
    Location
    New York
    Posts
    150
    Thanks for the info.

    What if the storage device isn't a hard drive? Let's say it's a removable disk, like a rewritable cdrom, a usb flash drive, or a 3 1/2 floppy - are those subject to the same phenomenon?
    \"Nifty News Fifty: When news breaks, we give you the pieces.\" - Sluggy Freelance

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie
    Join Date
    Jan 2005
    Posts
    104
    should be easier to destroy then

  6. #5
    Linux Guru Cabhan's Avatar
    Join Date
    Jan 2005
    Location
    Seattle, WA, USA
    Posts
    3,252
    Magnets.


    My assumption is that a non-HD device would have different properties (CDs, flash drives, etc.). But someone's probably gonna come along and tell me I'm wrong and laugh at me. Still, it would seem this way, no?

  7. #6
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766
    The magnet required to permanently destroy the data on a disk isn't normally available to JQ Public. The output required is pretty high, in the level of thousands of ostereds.

    Anything with an oxide surface is written by means of magnetic fields. It's because of this they're able to retrieve information.

    As for flash devices, I don't know. Been out of that portion of the field for a while and haven't kept up with the technological forensic advances.

    I remember a case back in the late 80's, early 90's where an investigative agent was able to reassemble a floppy disk that had been cut up and retrieve enough information off of it to obtain a conviction. This guy was good. VERY good.
    Registered Linux user #384279
    Vector Linux SOHO 7

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •