[Wolves] data removal procedures advice
James Turner
wolves at mailman.lug.org.uk
Tue Apr 1 23:56:01 2003
On Tuesday 01 Apr 2003 8:58 pm, Ron Wellsted wrote:
> fdisk/cfdisk etc. only remove the partition table, leaving all the original
> filesystem/files intact. Tools exist that can rebuild the partition table
> by finding superblock/FAT/MFT and deducing the orignal partion layout.
>
> A format will erase the filesystem but leave the orignal file data intact
> but not directly accessible. Some tools exist which can recover a (large)
> percentage of the data.
>
> So the best way to destory data would be to overwrite the entire disk with
> a pattern of "data" which would prevent data recovery.
>
> Try "yes UUUUUUUU > /dev/hda" (bonus point for why I suggested using U)
Well I note that the ASCII code for U is 01010101 in binary. I'd guess that
the alternating 1's and 0's make it less easy to recover any previously
stored data in some way.
Another possibility might be running the "shred" command (GNU coreutils) on
the device (eg /dev/hda), which repeatedly overwrites the data (25 times by
default) in order to impede forensic data recovery.
James