Hallo Eduard, * Eduard Bloch <edi@gmx.de> [05-10-01 16:39]: > cat /dev/zero > file > for x in 20; do sync; sleep 10; done > umount > mount > rm file ^^ Ich sehe gerade, dass da rm und nicht wipe steht. Wenn Du die Daten nur einmal mit Muell ueberschreibst und sie dann mit rm loescht, ist das nicht wirklich sicher. U.a. deswegen weil die Schreip-Lese-Koepfe nie zu 100% in der vorgesehenen Spur arbeiten. Beim Überschreiben der Daten bleiben deswegen an den Raendern der Spuren noch Reste der alten Daten ueberig. Wenn man die Platte zerlegt kann man diese Daten auslesen. Ausserdem sind die Instrumente zur Wiederherstellung der Daten um ein vielfaches kleiner als die Schreip-Lese-Koepfe usw. usw. Ich habe gerade ein interessantes paper zu dem Thema gefunden: http://www.cs.auckland.ac.nz/~pgut001/secure_del.html Ein paar Auszuege: ------------------------------------------------------------------- Faced with techniques such as MFM, truly deleting data from magnetic media is very difficult. The problem lies in the fact that when data is written to the medium, the write head sets the polarity of most, but not all, of the magnetic domains. This is partially due to the inability of the writing device to write in exactly the same location each time, and partially due to the variations in media sensitivity and field strength over time and among devices. ... In conventional terms, when a one is written to disk the media records a one, and when a zero is written the media records a zero. However the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one. Normal disk circuitry is set up so that both these values are read as ones, but using specialised circuitry it is possible to work out what previous "layers" contained. The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, ... The general concept behind an overwriting scheme is to flip each magnetic domain on the disk back and forth as much as possible (this is the basic idea behind degaussing) without writing the same pattern twice in a row. ... The erasability of the data depends on the amount of time it has been stored on the media, not on the age of the media itself ... The dependence of media coercivity on temperature can affect overwrite capability ... The easiest way to solve the problem of erasing sensitive information from magnetic media is to ensure that it never gets to the media in the first place. ... Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive. ------------------------------------------------------------------- Janto
Attachment:
pgpMi1fkHp4Oi.pgp
Description: PGP signature