Date: Wed, 18 Feb 2015 19:00:12 +0100 From: Polytropon <freebsd@edvax.de> To: Ralf Mardorf <ralf.mardorf@rocketmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: [Bulk] Re: What's in my hard drive? How can I get rid of it? Message-ID: <20150218190012.d865cbdf.freebsd@edvax.de> In-Reply-To: <20150218020243.366fe968@archlinux> References: <54E39F83.70002@gmail.com> <mc0ad5$qu2$1@ger.gmane.org> <alpine.LRH.2.11.1502171829280.7759@sas1.nber.org> <51803.128.135.70.2.1424219858.squirrel@cosmo.uchicago.edu> <20150218020243.366fe968@archlinux>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Feb 2015 02:02:43 +0100, Ralf Mardorf wrote: > Actually criminal investigation departments seems to be unable to > recover all the data that was deleted by a simple rm command, even on > journaling file systems. Why is it recommended to mount read only, as > soon as possible, if we lose data, to be able to recover that data? Because they use expensive and certified software, highly recommended by qualified and certified consultants, which are also expensive. The highly sophisticated equipment is only accessed by a very restricted set of professional officers who can already distinguish the left mouse button from the right mouse button and have been trained (by skilled and certified educators) to click on little pictures. This approach is safe, because there are procedures, and those are certified. Nothing can go unnoticed, as all involved parts are free of any imaginable error or misbehaviour: the software is idiot-proof, and the officers are... highly qualified experts. Our tax money at work. So what do you expect? :-) > The NSA is able to recover all the data that was deleted all over the > world even by a shred command on a non-journaling FS? If so, the NSA > isn't willing to give hints against child molesters and other criminals, > because the NSA is the watchdog of more important crimes? That's > grotesque. Any organisation has to carefully define its priorities, and when the NSA states: "We could undelete those files, and a child molester has been arrested as a result", the society would scream in fear because they would begin to admit the thought that everything which is possible WILL BE DONE (no matter if we are able to recognize it in the first place). Also keep in mind: there's a difference between "to protect" and "to investigate" - and put that into context with defining priorities... In the end, anti-forensics is where the "real criminals" are actually really good at. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150218190012.d865cbdf.freebsd>