Sender: "Steve Eppley" <•••@••.•••> David Cloutman <•••@••.•••> wrote: ><much unneeded political posturing deleted> >I caught a bit of a TV show last night that apparently might answer your >question. Appearently forensics experts can retrieve deleted files from a >hard disk. Short of reformatting the drive, there is no way to actually >erase a file from disk. Deleting a file simply removes it from the file >allocation table. Because backing up the disk would only serve to copy >the material indexed in the file allocation table, seizing the hardware >is a must for cyber-cops. Hope this answers your query. Nice try, but no cigar. Software utilities like Norton's WIPEFILE do a fine job of permanently deleting individual files too. And during normal usage, the deallocated disk space soon gets reused by other files anyway, overwriting the deleted data. My sentence which you deleted was: >>If ignorance of the law is no excuse, neither should be law >>enforcement's ignorance of technology. You characterize this as "much unneeded political posturing"?? I could say the same about your characterization. My point was that with technology evolving so rapidly, it's important to keep rethinking established methods. Particularly during this shift to an information society. ---Steve (Steve Eppley •••@••.•••) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Sender: Bill W Smith Jr <•••@••.•••> Subject: Re: Unreasonable seizures (was Re: Scientology causes seizure...) [cr-95/9/3] > Sender: David Cloutman <•••@••.•••> > > I caught a bit of a TV show last night that apparently might answer your > question. Appearently forensics experts can retrieve deleted files from a > hard disk. Short of reformatting the drive, there is no way to actually > erase a file from disk. Deleting a file simply removes it from the file > allocation table. Because backing up the disk would only serve to copy > the material indexed in the file allocation table, seizing the hardware > is a must for cyber-cops. Hope this answers your query. This would be true of a DOS system, or even Mac's (I think) but not Unix systems (which most ISP's run). If the system is running anything above traditional security (such as C2) then any file delete incorporates an overwrite of specific sequence of patterns which completely obliterates the previous data. You cannot 'undelete' a file on such a Unix system. ------------------------------------------------------------------------------ Bill W Smith Jr <•••@••.•••> (Compuserve) 76460,1443 Senior Programmer Around Utah, past Phoenix, Sunland Resources, Inc. over San Antonio, through Orlando... (713) 955-2800 (Voice) Nothin' but net! (713) 955-7564 (Fax) Houston Rockets - 1994 & 1995 NBA World Champions! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Sender: •••@••.••• (Glen Raphael) Subject: Re: Unreasonable seizures (was Re: Scientology causes seizure...) [cr-95/9/3] > David Cloutman <•••@••.•••> wrote [Regarding the Feds confiscating an entire computer system for evidence] > Appearently forensics experts can retrieve deleted files from a >hard disk. This is true. Anybody can use commonly-available disk utilities to recover "deleted" files from a hard disk, if they were deleted with the normal Macintosh, Windows or DOS system commands. >Short of reformatting the drive, there is no way to actually >erase a file from disk. This is false. Anybody can use the same commonly-available disk utilities (such as _Norton_) to *really* delete their files. If you want your deleted data to be safe from los Federales and from your competitors, you can install a utility that makes your normal file deletion command secure. What a secure deletion does is zero out all the bytes of the file before removing that file from the allocation table. This takes longer than a normal deletion, which is why it isn't done by default. But it can be done. >Because backing up the disk would only serve to copy >the material indexed in the file allocation table, seizing the hardware >is a must for cyber-cops. This is true. Although they could copy the ENTIRE disk image to tape, this could take a prohibitively long time. Perhaps a more reasonable demand is that they back up the indexed data onto tape, take the drive with them, but leave that tape in the hands of the suspect. But doing that on-site would still require really computer-savvy cops -- who are able to figure out how your system works and how to back it up without damaging it while-you-wait and without your help -- to be part of the confiscation detail. And it would still require that all the cops stand around and wait the hour or more it might take to back your system up, and it would still require that they have drivers, peripherals, and backup utilities that work on your obscure system. In practice, I just can't see it working out. Maybe our best bet is just to think of "the government" as one more variety of natural disaster -- like fire, flood, and earthquake -- that simply can't be reasoned with and might on any given day randomly decide to destroy all your equipment and data. If your data is valuable to you, MAKE AND KEEP OFFSITE BACKUPS. -- Glen Raphael, •••@••.••• President, Stanford/Palo Alto Macintosh User's Group <A HREF="http://www.batnet.com/liberty/raphael">Home Page</A><BR> Libertarian Harry Browne for President -- watch the Oct 6 televised debates! ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by -- Andrew Oram -- •••@••.••• -- Cambridge, Mass., USA Moderator: CYBER-RIGHTS (CPSR) World Wide Web: http://jasper.ora.com/andyo/cyber-rights/cyber-rights.html http://www.cs.virginia.edu/~hwh6k/public/cyber-rights.html FTP: ftp://jasper.ora.com/pub/andyo/cyber-rights You are encouraged to forward and cross-post messages and online materials, pursuant to any contained copyright & redistribution restrictions. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
