JoeDirtCar
New Member
Here's a question I've had for awhile about all data shredders/erasers, etc. I'm working with the following assumptions:
*The point of the program is to defeat software and hardware forensics from discovering current and/or previous contents.
*A machine upon which sensitive programs & data reside will invariably create and delete temporary files which may or may not contain some or all of the sensitive data upon which work is being done.
*The location and nature of these temporary files is not always known nor controllable.
If these assumptions are correct, wouldn't it be possible, or even probable that a particular region of a disk is used for a temporary file containing sensitive data, then erased by the system (non-securely), then overwritten with valid data, or even a newly installed program? If so, couldn't the forensic programs which are targeted by the repetive overwriting methods such as Gutmann detect the previous state of the drive in the relative location?
Would this necessitate a "wipe and preserve" mechanism where the "good" data is moved to an alternate location, the location is wiped, and then the "good" data restored? I know much of this issue can be combated with a strongly encrypted drive, but was wondering if this could indeed be a problem.
--jdc
*The point of the program is to defeat software and hardware forensics from discovering current and/or previous contents.
*A machine upon which sensitive programs & data reside will invariably create and delete temporary files which may or may not contain some or all of the sensitive data upon which work is being done.
*The location and nature of these temporary files is not always known nor controllable.
If these assumptions are correct, wouldn't it be possible, or even probable that a particular region of a disk is used for a temporary file containing sensitive data, then erased by the system (non-securely), then overwritten with valid data, or even a newly installed program? If so, couldn't the forensic programs which are targeted by the repetive overwriting methods such as Gutmann detect the previous state of the drive in the relative location?
Would this necessitate a "wipe and preserve" mechanism where the "good" data is moved to an alternate location, the location is wiped, and then the "good" data restored? I know much of this issue can be combated with a strongly encrypted drive, but was wondering if this could indeed be a problem.
--jdc
