Keylogger

Ralf Mardorf silver.bullet at zoho.com
Sun Dec 3 08:31:31 UTC 2017


On Sun, 03 Dec 2017 09:19:59 +0100, Xen wrote:
>Ralf Mardorf schreef op 03-12-2017 8:36:
>> On Sun, 03 Dec 2017 08:25:41 +0100, Xen wrote:  
>>> dd  
>> 
>> Apart from myths about forensics, let's assume that overwriting data
>> one time is secure, but you still can't compare overwriting a whole
>> HDD using dd and shredding files on a partition of a HDD using the
>> shred command. There's something maintaining the available free HDD
>> space, e.g. to ensure a good performance. Again, we don't need to
>> defragment HDDs, it's an automated process were data is moved and
>> copied.  
>
>Actually this is incorrect.
>
>In 2009 there was work on a kernel patch that would allow a defrag 
>daemon.
>
>https://lwn.net/Articles/317787/
>
>Apparently, it was never completed.
>
>http://www.spinics.net/lists/linux-ext4/msg45084.html
>
>Ext4fs does NOT automatically defragment files, unless I am mistaken 
>here.
>
>It intelligently pre-allocates files, but it does not defragment after 
>the fact.
>
>So there is no data being moved and copied (except by userspace 
>programs).
>
>
>Of course user space programs can still leave temporary copies on disk.
>
>For which "sfill" is needed.

HDD's firmware might copy and move data, so a simple shred command,
even for a default mounted (not data) journaling ext file system remains
to be an issue, but indeed
http://manpages.ubuntu.com/manpages/xenial/man1/sfill.1.html seemingly
is working around this issue, but software that "shred"s data usually
doesn't call sfill, too.





More information about the ubuntu-users mailing list