RE: Hard Drive Forensics Question

["Murda Mcloud" <murdamcloud () bigpond com>]

So you mean similar to writing 0 s to the drive?
Like dd if=/dev/zero of=/dev/hdax ? 
or from dev/random?
Just wasn't sure why you said 'copy and paste and delete'-it didn't make
sense to me.
Also, what would be the point of deleting the data after you have randomly
generated it? Surely if you have overwritten everything then deleting it
seems superfluous.
And why do you feel that random is better?



> > -----Original Message-----
> > From: Razi Shaban [mailto:razishaban () gmail com]
> > Sent: Monday, October 06, 2008 6:45 AM
> > To: Murda Mcloud
> > Cc: security-basics () securityfocus com
> > Subject: Re: Hard Drive Forensics Question
> >
> > On Mon, Oct 6, 2008 at 12:26 AM, Murda Mcloud <murdamcloud () bigpond com>
> > wrote:
> > > Can you clarify what you mean by this?
> > >
> > > > > Perhaps it would be a good idea to copy+paste+delete a few very large
> > > > > random files on there (99.5% occupying the drive) a few times, just
> > in
> > > > > case.
> > >
> > > Is this so that it can overwrite any free/unallocated space?
> >
> > Yes.
> >
> > > Do you mean he should copy a few files that are like 90Gb in size to
> > his
> > > drive by pasting them and then delete those files?
> >
> > That works, I guess (assuming that you completely fill up the drive).
> > However, I personally feel that it would be better to randomly
> > generate data (random is always better) and store it on the hard drive
> > until there is no longer any free space left, then delete the data.
> > Several cycles of this will make it virtually impossible to recover
> > any data from the unallocated space. I know of several scripts that
> > will do this, they're easy to find and even easier to make.
> >
> >
> > --
> > Razi Shaban