Keylogger

[Ralf Mardorf]

>On Sun, 03 Dec 2017 09:19:59 +0100, Xen wrote:  
>>Ralf Mardorf schreef op 03-12-2017 8:36:    
>>> On Sun, 03 Dec 2017 08:25:41 +0100, Xen wrote:      
>>>> dd      
>>> 
>>> Apart from myths about forensics, let's assume that overwriting data
>>> one time is secure, but you still can't compare overwriting a whole
>>> HDD using dd and shredding files on a partition of a HDD using the
>>> shred command. There's something maintaining the available free HDD
>>> space, e.g. to ensure a good performance. Again, we don't need to
>>> defragment HDDs, it's an automated process were data is moved and
>>> copied.      
>>
>>Actually this is incorrect.
>>
>>In 2009 there was work on a kernel patch that would allow a defrag 
>>daemon.
>>
>>https://lwn.net/Articles/317787/
>>
>>Apparently, it was never completed.
>>
>>http://www.spinics.net/lists/linux-ext4/msg45084.html
>>
>>Ext4fs does NOT automatically defragment files, unless I am mistaken 
>>here.
>>
>>It intelligently pre-allocates files, but it does not defragment
>>after the fact.
>>
>>So there is no data being moved and copied (except by userspace 
>>programs).
>>
>>
>>Of course user space programs can still leave temporary copies on
>>disk.
>>
>>For which "sfill" is needed.    
>
>HDD's firmware might copy and move data, so a simple shred command,
>even for a default mounted (not data) journaling ext file system
>remains to be an issue, but indeed
>http://manpages.ubuntu.com/manpages/xenial/man1/sfill.1.html seemingly
>is working around this issue, but software that "shred"s data usually
>doesn't call sfill, too.  

The sfill manpage mentions "LIMITATIONS" in capital letters ;).