Keylogger
Ralf Mardorf
silver.bullet at zoho.com
Sun Dec 3 08:49:45 UTC 2017
>On Sun, 03 Dec 2017 09:19:59 +0100, Xen wrote:
>>Ralf Mardorf schreef op 03-12-2017 8:36:
>>> On Sun, 03 Dec 2017 08:25:41 +0100, Xen wrote:
>>>> dd
>>>
>>> Apart from myths about forensics, let's assume that overwriting data
>>> one time is secure, but you still can't compare overwriting a whole
>>> HDD using dd and shredding files on a partition of a HDD using the
>>> shred command. There's something maintaining the available free HDD
>>> space, e.g. to ensure a good performance. Again, we don't need to
>>> defragment HDDs, it's an automated process were data is moved and
>>> copied.
>>
>>Actually this is incorrect.
>>
>>In 2009 there was work on a kernel patch that would allow a defrag
>>daemon.
>>
>>https://lwn.net/Articles/317787/
>>
>>Apparently, it was never completed.
>>
>>http://www.spinics.net/lists/linux-ext4/msg45084.html
>>
>>Ext4fs does NOT automatically defragment files, unless I am mistaken
>>here.
>>
>>It intelligently pre-allocates files, but it does not defragment
>>after the fact.
>>
>>So there is no data being moved and copied (except by userspace
>>programs).
>>
>>
>>Of course user space programs can still leave temporary copies on
>>disk.
>>
>>For which "sfill" is needed.
>
>HDD's firmware might copy and move data, so a simple shred command,
>even for a default mounted (not data) journaling ext file system
>remains to be an issue, but indeed
>http://manpages.ubuntu.com/manpages/xenial/man1/sfill.1.html seemingly
>is working around this issue, but software that "shred"s data usually
>doesn't call sfill, too.
The sfill manpage mentions "LIMITATIONS" in capital letters ;).
More information about the ubuntu-users
mailing list