HDD geschreddert, Daten noch sichtbar

weschi

kennt sich schon aus
Hallo, mein HDD Schreddervorgang ist soeben nach 68 Stunden endlich beendet. Habe meine Platte mit Claviscom SHREDDER auf der höchsten Stufe 35 mal mit der Peter-Gutman-Methode geschreddert.
Wenn ich jetzt aber mit PC Inspector File Recovery meine HDD lade, dann kann ich meine Musikdateien etc. immernoch sehen, genau das, was vorher drauf war. Ich kann sie zwar öffnen wenn ich sie wiederhergestellt habe, aber die Dateien sind komplett leer! Das erfreut mich natürlich, aber wie kann ich es vermeiden dass sie noch im Recoverytool angezeigt werden?
Ist das normal? Hab ich was falsch gemacht?
Über Antworten würde ich mich freuen :)
 

little tyrolean

Elder Statesman
weschi schrieb:
Ist das normal? Hab ich was falsch gemacht?
Falsch gemacht hast du eventuell,
daß du Verzeichnis- und Dateinamen nicht in die Aktion einbezogen hast , wenn das überhaupt geht.

Und wenn nicht - wo ist das Problem?
Aus leeren Dateien kann dir keiner einen Strick drehen,
außer er legt xx.000 Euro für eine Wiederherstellung aus,
die ohnehin kaum verwertbare Resultate bringen dürfte... :D

Wenn du ganz sichergehen willst:
Irgendwie umbenennen (nicht Lied.mp3), löschen und gut ist.
 

weschi

kennt sich schon aus
Habe alles einbezogen, was auszuwählen war (Freispeicher, Clustertips, Verzeichnis- und Dateieinträge). Nur vom Dateinamenlesen kann mir ja keiner was anhängen, das ist gut....
 

Smuggler

schläft auf dem Boardsofa
Nimm dir eine Knoppix-CD und gebe in eine "Konsole" folgendes ein:

sudo shred -f -z /dev/DEINEPLATTE

geht wunderbar - danach siehst du auch mit Recoverytools nix mehr ....
 

Tequilla

assimiliert
Auch zu empfehlen und hier wahrscheinlich angebrachter Eraser.

HDD komplett löschen und danach die leere Platte mit 3 Durchgängen überschreiben lassen, danach ist ebenfalls mit gängigen Tools nichts mehr zu finden und dauert bei 100GByte knappe 5-6 Stunden ;)

Mehr wie 3 Durchgängen ist dabei Übertrieben ;)
 

ollitello

treuer Stammgast
das beste das isch dazu je hatte war data erasure von Ontrack. ist ne Bootable Diskette kann aber auch unter win gestartet werde um BEreiche zu schreddern. Wen von Disk gebootet überschreibt das Proggy knallhart auf Bitebene die Platte 1 - 3- 7 mal und man kann auch einstellen ob jedes Bit oder nur jedes 3. oder Randomized ... . Danach is nichtmal ein MBR mehr da. Aber den kriegt man ja schnell wieder. [...]*

Da zeigt dir kein Datenrettungtool auch nur irgendwas an.


*Mod-Edit durch t_matze: Bitte keine rechtlich fragwürdigen Angebote.
Du kannst Dir ja mal die Homepage anschauen, weschi.
 
Zuletzt bearbeitet von einem Moderator:

weschi

kennt sich schon aus
bin gerade dabei knoppix zu laden. kann man eigentlich auch nur den freien Speicher schreddern oder nur die gesamte platte?
 

Smuggler

schläft auf dem Boardsofa
Hier die Originalbeschreibung:

shred: Remove files more securely

shred overwrites devices or files, to help prevent even very expensive hardware from recovering the data.

Ordinarily when you remove a file, the data is not actually destroyed. Only the index listing where the file is stored is destroyed, and the storage is made available for reuse. There are undelete utilities that will attempt to reconstruct the index and can bring the file back if the parts were not reused.

On a busy system with a nearly-full drive, space can get reused in a few seconds. But there is no way to know for sure. If you have sensitive data, you may want to be sure that recovery is not possible by actually overwriting the file with non-sensitive data.

However, even after doing that, it is possible to take the disk back to a laboratory and use a lot of sensitive (and expensive) equipment to look for the faint "echoes" of the original data underneath the overwritten data. If the data has only been overwritten once, it's not even that hard.

The best way to remove something irretrievably is to destroy the media it's on with acid, melt it down, or the like. For cheap removable media like floppy disks, this is the preferred method. However, hard drives are expensive and hard to melt, so the shred utility tries to achieve a similar effect non-destructively.

This uses many overwrite passes, with the data patterns chosen to maximize the damage they do to the old data. While this will work on floppies, the patterns are designed for best effect on hard drives. For more details, see the source code and Peter Gutmann's paper Secure Deletion of Data from Magnetic and Solid-State Memory, from the proceedings of the Sixth USENIX Security Symposium (San Jose, California, 22-25 July, 1996). The paper is also available online <http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>.

Please note that shred relies on a very important assumption: that the filesystem overwrites data in place. This is the traditional way to do things, but many modern filesystem designs do not satisfy this assumption. Exceptions include:

* Log-structured or journaled filesystems, such as those supplied with AIX and Solaris.
* Filesystems that write redundant data and carry on even if some writes fail, such as RAID-based filesystems.
* Filesystems that make snapshots, such as Network Appliance's NFS server.
* Filesystems that cache in temporary locations, such as NFS version 3 clients.
* Compressed filesystems.

If you are not sure how your filesystem operates, then you should assume that it does not overwrite data in place, which means that shred cannot reliably operate on regular files in your filesystem.

Generally speaking, it is more reliable to shred a device than a file, since this bypasses the problem of filesystem design mentioned above. However, even shredding devices is not always completely reliable. For example, most disks map out bad sectors invisibly to the application; if the bad sectors contain sensitive data, shred won't be able to destroy it.

shred makes no attempt to detect or report these problem, just as it makes no attempt to do anything about backups. However, since it is more reliable to shred devices than files, shred by default does not truncate or remove the output file. This default is more suitable for devices, which typically cannot be truncated and should not be removed.

shred [option]... file[...]

The program accepts the following options. Also see Common options.


-f
--force
Override file permissions if necessary to allow overwriting.
-NUMBER
-n NUMBER
--iterations=NUMBER
By default, shred uses 25 passes of overwrite. This is enough for all of the useful overwrite patterns to be used at least once. You can reduce this to save time, or increase it if you have a lot of time to waste.
-s BYTES
--size=BYTES
Shred the first BYTES bytes of the file. The default is to shred the whole file. BYTES can be followed by a size specification like k, M, or G to specify a multiple. See Block size.
-u
--remove
After shredding a file, truncate it (if possible) and then remove it. If a file has multiple links, only the named links will be removed.
-v
--verbose
Display status updates as sterilization proceeds.
-x
--exact
Normally, shred rounds the file size up to the next multiple of the filesystem block size to fully erase the last block of the file. This option suppresses that behavior. Thus, by default if you shred a 10-byte file on a system with 512-byte blocks, the resulting file will be 512 bytes long. With this option, shred does not increase the size of the file.
-z
--zero
Normally, the last pass that shred writes is made up of random data. If this would be conspicuous on your hard drive (for example, because it looks like encrypted data), or you just think it's tidier, the --zero option adds an additional overwrite pass with all zero bits. This is in addition to the number of passes specified by the --iterations option.
-
Shred standard output.

This argument is considered an option. If the common -- option has been used to indicate the end of options on the command line, then - will be interpreted as an ordinary file name.

The intended use of this is to shred a removed temporary file. For example

i=`tempfile -m 0600`
exec 3<>"$i"
rm -- "$i"
echo "Hello, world" >&3
shred - >&3
exec 3>-

Note that the shell command shred - >file does not shred the contents of file, since it truncates file before invoking shred. Use the command shred file or (if using a Bourne-compatible shell) the command shred - 1<>file instead.

You might use the following command to erase all trace of the file system you'd created on the floppy disk in your first drive. That command takes about 20 minutes to erase a 1.44MB floppy.

shred --verbose /dev/fd0

Similarly, to erase all data on a selected partition of your hard disk, you could give a command like this:

shred --verbose /dev/sda5

Und - nein, KNOPPIX läuft nicht unter Windows. Wie du nun auf der Seite von Knopper gesehen hast, ist das ein von CD/DVD bootbares Linux-Betriebssystem mit dem man eine Menge machen kann....
 
Oben