DOCSLIB.ORG

Anti Forensics Analysis of File Wiping Tools

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Anti Forensics Analysis of File Wiping Tools Anti Forensics Analysis of File Wiping Tools A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Security by Narendra Panwar 14MS013 Under the Supervision of Dr. Babu M. Mehtre Associate Professor Center For Cyber Security, Institute For Development And Research In Banking Technology, Hyderabad (Established by Reserve Bank of India) COMPUTER SCIENCE AND ENGINEERING DEPARTMENT SARDAR PATEL UNIVERSITY OF POLICE, SECURITY AND CRIMINAL JUSTICE JODHPUR – 342304, INDIA May, 2016 UNDERTAKING I declare that the work presented in this thesis titled “Anti Forensics Analysis of File Wiping Tools”, submitted to the Computer Science and Engineering Department, Sardar Patel Uni- versity of Police, Security and Criminal Justice, Jodhpur, for the award of the Master of Science degree in Cyber Security, is my original work. I have not plagiarized or submitted the same work for the award of any other degree. In case this undertaking is found in- correct, I accept that my degree may be unconditionally withdrawn. May, 2016 Hyderabad (Narendra Panwar) ii CERTIFICATE Certified that the work contained in the thesis titled “Anti Forensics Analysis of File Wiping Tools”, by Narendra Panwar, Registration Number 14MS013 has been carried out under my supervision and that this work has not been submitted elsewhere for a degree. Dr. Babu M. Mehtre Associate Professor Center For Cyber Security, Institute For Development and Research in Banking Technology, Hyderabad May, 2016 iii Acknowledgment The success of this project work and thesis completion required a lot of guidance. I would first like to thank my supervisor, Dr. Babu M. Mehtre , for his excellent guidance. His advice, encouragement, and critics are the source of innovative ideas, inspiration and causes behind the successful completion of this dissertation. I would like to extend my sincere thanks to Dr. A. S. Ramasastri Director, IDRBT for providing all the necessary resources for the successful completion of my project. I wish to express my sincere thanks to Sh. M.L. Kumawat, Ex. Vice Chancellor, SPUP and Dr. Bhupendra Singh, Vice Chancellor, SPUP, for providing me all the facilities required for my project work. I would like to express my sincere appreciation and gratitude towards faculty mem- bers at S.P.U.P., Jodhpur, especially Mr. Arjun Choudhary, Mr. Vikas Sihag, for their encouragement, consistent support, and invaluable suggestions. I thanks to Mr. Ghan- shyab Bopche Ph.D. scholar who helped me, guided me at the time I needed the most. iv Finally, I am grateful to my father Mr. Uttam Chand Panwar, my mother Mrs. Durga Devi Panwar for their support. It was impossible for me to complete this thesis work without their love, blessing and encouragement. - Narendra Panwar v Biographical Sketch Narendra Panwar E-Mail: [email protected], Contact. No. +91- 8233381245 Father’s Name : Mr. Uttam Chand Panwar Mother’s Name : Mrs. Durga Devi Panwar Education • Pursuing Master of Science in Cyber Security department from S.P.U.P., Jodhpur. • B.Tech. in Information Technology from Engineering College, Ajmer with 63.44% in 2013. vi Dedicated to My Loving Family for their kind love & support. To my friends for showing confidence in me. vii }Once you start a working on something, don’t be afraid of failure and don’t abandon it. People who work sincerely are the happiest.~ - Kautilya viii Synopsis Digital forensics is a process of exploring pieces of evidence from a seized digital device. On the other hand, Anti-Forensics is a collection of tools and techniques to counter the forensics process and to frustrate the forensics investigation. Anti-Forensics (AF) Tools are used for the privacy purpose or to avoid forensics investigation. In this research we have tested three AF file wiping tools namely, “Eraser”, “File Shredder” and “R-Wipe And Clean”, and examined the Anti-Forensics claims made by these tools. Apart from that, we provide results of forensics examination of the system after wiping files using these tools. We have also found some artifacts related to the wiped files in the system, which remain untouched even after wiping the files using these tools. We also show that “Eraser”, “File Shredder” and “R-Wipe and Clean” tools are not completely Anti-Forensics Tools. Interestingly, it is found that all these tools are leaving specific patterns (signature, trail) after wiping a file, which can be used to detect the actual tool used to wipe the file. Keywords: Digital Forensics Anti-Forensics(AF) Wiping AF tools Anti-Forensics tools ix Contents Acknowledgment iv Biographical Sketch vi Synopsis ix 1 Introduction 1 1.1 Problem Statement . 2 1.2 Scope of The Work . 2 1.3 Organization of Thesis . 3 2 Literature Survey 4 3 Anti Forensics: Science to Counter Forensics Investigation 6 3.1 Defining AF . 6 3.2 Classification of AF . 7 3.2.1 Evidence Source Elimination . 8 3.2.2 Artifact Wiping . 9 3.2.3 Hiding Evidences . 12 3.2.4 Trail Obfuscation . 14 3.2.5 Attack Against Forensics Tools . 15 x 3.3 Desirable Features of AF File Wiping tool . 17 4 Areas of Forensics Interest in Windows System 19 4.1 Windows Registry . 19 4.1.1 LastRun MRU . 20 4.1.2 Recently Open/Save Files . 20 4.1.3 Recently Open Executable . 21 4.1.4 Recent Docs . 21 4.1.5 User Assist . 22 4.1.6 Last Registry Change . 22 4.1.7 Shell Bags . 23 4.2 Artifacts as files . 23 4.2.1 Recent Items . 23 4.2.2 Windows Event Logs . 24 4.2.3 Prefetch Files . 24 4.2.4 Temp Folder . 25 4.2.5 Tumbcache Database . 25 5 Experimenting with AF tools 27 5.1 Experimental Setup . 27 5.2 Forensics Examination . 28 5.3 Results Of Forensics Examination . 30 5.3.1 File Traces . 30 5.3.2 Tool Traces . 32 5.3.3 Identification of Tools Used for Wiping . 34 6 Conclusions and Future Work 39 7 Author’s Publications 41 References 42 xi List of Figures 1 Classification of AF techniques. 7 2 Eraser main window left, and available algorithms right. 11 3 File Shredder main window left, and available algorithms right. 11 4 R-Wipe and Clean main window left, and available algorithms right. 12 5 File content and slack space filled with secret message. 13 6 Hidden message in the file “sample.txt”, using Alternate Data Stream. 14 7 Linux command to create a zip bomb. 16 8 Actual size of zip bomb. 16 9 Size when extracting zip bomb is 1GB. 16 10 An ideal AF file wiping tool components, dark color components show tool related artifacts and light color components show file related artifacts. 18 11 Windows registry entry of RunMRU, showing run items from “Windows Run” . 20 12 Windows registry, shows open/save “PNG” files using windows explorer. 20 13 Windows registry, shows open save files using windows explorer. 21 14 Windows registry, shows recently opened docs as “.txt” format. 21 15 Windows registry entry containing UserAssist information with GUID number. 22 16 Windows registry entry of last key edited. 22 xiv 17 Windows Shell Bags information show using “ShellBagsView”. 23 18 Event logs using Microsoft Event Viewer. 24 19 Prefetch file od “CMD.EXE” using “NirSoft WinPrefetchView”. 24 20 Thumbnail of an image exist in “thumbcache database”. 25 21 Artifacts of File “A” at various locations, after creating and accessing the file. 28 22 Files “Test-file.mp4” wiped using “Eraser”, “xyz.mp4” using “File Shred- der” and “anti-forensics-derbi-conf.mp4” using “R-Wipe And Clean” in- formation found in $LogFile . 31 23 Changes are shown in the figure after wiping the file, region 1 shows artifacts that are removed by wiping. Region 2 shows artifacts which remain unchanged after wiping. 31 24 Magnified area showing MFT information of the file before wiping (shaded area in region-1), after wiping the file using “Eraser” (shaded area in region-2). .................................. 35 25 Magnified area showing MFT information of the file before wiping (shaded area in region-1), after wiping the file using “File Shredder” (shaded area in region-2).................................. 36 26 Magnified area showing MFT information of the file before wiping (shaded area in region-1), after wiping the file using “R-Wipe And Clean” (shaded area in region-2). .............................. 36 xv List of Tables 1 AF techniques and tools. 8 2 Selective File wiping tools. 27 3 Results of forensics examination after wiping files. 33 4 Traces of the wiping tools at various locations. 34 5 Residual patterns or identification method of the wiping tools. 37 xvi Chapter 1 Introduction Anti-Forensics is a collection of techniques and tools to counter the forensics analysis. Anti-forensics is defined as; “Any attempt to compromise the usefulness and availability of digital evidence to the forensics process”[11]. To understand the term Anti-Forensics we now compare digital crime with traditional crime. There are two categories of AF in both scenarios, first is pre-incident, and another is post-incident. The first category of AF is useful in planned activity, and these tools are useful before the incident takes place like; use of gloves, face mask in traditional crime and use of Live-OS, TOR in digital crime. In the second scenario the AF tools are applied after the incident like; removal of fingerprints, hide tools in traditional crime and wipe a sensitive file, fill fake evidence in the digital crime. Anti-forensics tools are also useful for legitimate purposes like; encrypting sensitive files, wiping private information[15]. Now we can define the Anti-Forensics as, An attempt to reduce the quality and quantity of digital artifacts to ensure that any sensitive information or evidence is never exposed by the other person or forensics investigator.
Load more

Recommended publications
  • A New Generation of Hard Disk Recovery Software
    EASEUS Data Recovery Wizard Free Edition – A New Generation of Hard Disk Recovery Software NEW YORK CITY, N.Y., June 29 (SEND2PRESS NEWSWIRE) — EASEUS Data Recovery Wizard Free Edition, the innovative and leading data recovery software, has proven itself to be the first world-wide free hard disk recovery software and a new generation in its category since its release. Totally free and providing powerful features that no other free data recovery software like Recuva™ and Pandora™ have, even some commercial ones, it is the most popular and feature-rich hard disk recovery freeware for Windows today. With the use of computers continuing to increase, hard disk recovery is not a welcome task, but something that is very important for our business and daily life. Those who have computers know data loss is a common possibility because of accidental deletion, format, partition damage or loss, software crash, computer virus infection, power failure, etc. Whatever the cause, quality free hard disk recovery software is a preferable remedy to data loss and to get those lost files back quickly and easily. EASEUS Data Recovery Wizard Free Edition, the professional and comprehensive Windows disk recovery software, helps recover deleted or lost files easily from hard drive disks or other storage media whenever needed, and is tops in other areas due to: * Totally free and with powerful features of commercial ones; * Unformat files with original file name and storage paths; * FAT/NTFS Partition recovery when partitions are deleted or damaged; * Recover files from dynamic disk and RAID; * Recover lost files from Linux (EXT2/EXT3) files system under Windows; * Recover files from all kinds of storage media like external hard drive, USB disk, SD card, memory card; * Continue data recovery process at any time you want.
    [Show full text]
  • 101 Useful Linux Commands - Haydenjames.Io
    101 Useful Linux Commands - haydenjames.io Some of these commands require elevated permissions (sudo) to run. Enjoy! 1. Execute the previous command used: !! 2. Execute a previous command starting with a specific letter. Example: !s 3. Short way to copy or backup a file before you edit it. For example, copy nginx.conf cp nginx.conf{,.bak} 4. Toggle between current directory and last directory cd - 5. Move to parent (higher level) directory. Note the space! cd .. 6. Go to home directory cd ~ 7. Go to home directory cd $HOME 8. Go to home directory (when used alone) cd 9. Set permissions to 755. Corresponds to these permissions: (-rwx-r-x-r-x), arranged in this sequence: (owner-group-other) chmod 755 <filename> 10. Add execute permission to all users. chmod a+x <filename> 11. Changes ownership of a file or directory to . chown <username> 12. Make a backup copy of a file (named file.backup) cp <file> <file>.backup 13. Copy file1, use it to create file2 cp <file1> <file2> 14. Copy directory1 and all its contents (recursively) into directory2 cp -r <directory1> <directory2>/ 15. Display date date 16. Zero the sdb drive. You may want to use GParted to format the drive afterward. You need elevated permissions to run this (sudo). dd if=/dev/zero of=/dev/sdb 17. Display disk space usage df -h 18. Take detailed messages from OS and input to text file dmesg>dmesg.txt 19. Display a LOT of system information. I usually pipe output to less. You need elevated permissions to run this (sudo).
    [Show full text]
  • Wildlife Management Activities and Practices
    WILDLIFE MANAGEMENT ACTIVITIES AND PRACTICES COMPREHENSIVE WILDLIFE MANAGEMENT PLANNING GUIDELINES for the Edwards Plateau and Cross Timbers & Prairies Ecological Regions Revised April 2010 The following Texas Parks & Wildlife Department staff have contributed to this document: Mike Krueger, Technical Guidance Biologist – Lampasas Mike Reagan, Technical Guidance Biologist -- Wimberley Jim Dillard, Technical Guidance Biologist -- Mineral Wells (Retired) Kirby Brown, Private Lands and Habitat Program Director (Retired) Linda Campbell, Program Director, Private Lands & Public Hunting Program--Austin Linda McMurry, Private Lands and Public Hunting Program Assistant -- Austin With Additional Contributions From: Kevin Schwausch, Private Lands Biologist -- Burnet Terry Turney, Rare Species Biologist--San Marcos Trey Carpenter, Manager, Granger Wildlife Management Area Dale Prochaska, Private Lands Biologist – Kerr Wildlife Management Area Nathan Rains, Private Lands Biologist – Cleburne TABLE OF CONTENTS Comprehensive Wildlife Management Planning Guidelines Edwards Plateau and Cross Timbers & Prairies Ecological Regions Introduction Specific Habitat Management Practices HABITAT CONTROL EROSION CONTROL PREDATOR CONTROL PROVIDING SUPPLEMENTAL WATER PROVIDING SUPPLEMENTAL FOOD PROVIDING SUPPLEMENTAL SHELTER CENSUS APPENDICES APPENDIX A: General Habitat Management Considerations, Recommendations, and Intensity Levels APPENDIX B: Determining Qualification for Wildlife Management Use APPENDIX C: Wildlife Management Plan Overview APPENDIX D: Livestock
    [Show full text]
  • GNU Coreutils Cheat Sheet (V1.00) Created by Peteris Krumins ([email protected], -- Good Coders Code, Great Coders Reuse)
    GNU Coreutils Cheat Sheet (v1.00) Created by Peteris Krumins ([email protected], www.catonmat.net -- good coders code, great coders reuse) Utility Description Utility Description arch Print machine hardware name nproc Print the number of processors base64 Base64 encode/decode strings or files od Dump files in octal and other formats basename Strip directory and suffix from file names paste Merge lines of files cat Concatenate files and print on the standard output pathchk Check whether file names are valid or portable chcon Change SELinux context of file pinky Lightweight finger chgrp Change group ownership of files pr Convert text files for printing chmod Change permission modes of files printenv Print all or part of environment chown Change user and group ownership of files printf Format and print data chroot Run command or shell with special root directory ptx Permuted index for GNU, with keywords in their context cksum Print CRC checksum and byte counts pwd Print current directory comm Compare two sorted files line by line readlink Display value of a symbolic link cp Copy files realpath Print the resolved file name csplit Split a file into context-determined pieces rm Delete files cut Remove parts of lines of files rmdir Remove directories date Print or set the system date and time runcon Run command with specified security context dd Convert a file while copying it seq Print sequence of numbers to standard output df Summarize free disk space setuidgid Run a command with the UID and GID of a specified user dir Briefly list directory
    [Show full text]
  • Constraints in Dynamic Symbolic Execution: Bitvectors Or Integers?
    Constraints in Dynamic Symbolic Execution: Bitvectors or Integers? Timotej Kapus, Martin Nowack, and Cristian Cadar Imperial College London, UK ft.kapus,m.nowack,[email protected] Abstract. Dynamic symbolic execution is a technique that analyses programs by gathering mathematical constraints along execution paths. To achieve bit-level precision, one must use the theory of bitvectors. However, other theories might achieve higher performance, justifying in some cases the possible loss of precision. In this paper, we explore the impact of using the theory of integers on the precision and performance of dynamic symbolic execution of C programs. In particular, we compare an implementation of the symbolic executor KLEE using a partial solver based on the theory of integers, with a standard implementation of KLEE using a solver based on the theory of bitvectors, both employing the popular SMT solver Z3. To our surprise, our evaluation on a synthetic sort benchmark, the ECA set of Test-Comp 2019 benchmarks, and GNU Coreutils revealed that for most applications the integer solver did not lead to any loss of precision, but the overall performance difference was rarely significant. 1 Introduction Dynamic symbolic execution is a popular program analysis technique that aims to systematically explore all the paths in a program. It has been very successful in bug finding and test case generation [3, 4]. The research community and industry have produced many tools performing symbolic execution, such as CREST [5], FuzzBALL [9], KLEE [2], PEX [14], and SAGE [6], among others. To illustrate how dynamic symbolic execution works, consider the program shown in Figure 1a.
    [Show full text]
  • Jackson State University Department of Computer Science CSC 438-01/539-01 Systems and Software Security, Spring 2014 Instructor: Dr
    Jackson State University Department of Computer Science CSC 438-01/539-01 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Project 1: Exploring UNIX Access Control in a Virtual Machine Environment Due: February 26, 2014, 7.30 PM The objective of this project is to explore the different UNIX access control commands and their features. You will do this project in a virtual machine environment. If you already have a virtual machine installed (either in VM Player or Virtual Box, you can skip the following steps and proceed to Page 4). Installing VirtualBox 4.2 and Ubuntu OS Go to https://www.virtualbox.org/wiki/Downloads and download VirtualBox for your operating system. If you work on a lab computer, you need to use the Ubuntu VM .iso file that is stored on the local machine. If you work on your personal computer, you need to download the Ubuntu .iso file from the website listed in Step # 1 and continue. You may use the following steps for installing the Ubuntu VM on the virtualbox. 1. The Ubuntu installation file is located on the desktop of your PC (it can be downloaded from http://www.ubuntu.com/download/ubuntu/download if the .iso file cannot be located on your desktop). 2. On the VirtualBox Manager screen click on “New” 1 3. When prompted, put your J # for the name of the VM and select “Linux” as OS (when you choose Linux as OS, the program should automatically choose Ubuntu as Version, if not select Ubuntu) and click Next. 4.
    [Show full text]
  • SHRED DOCUMENTATION ZONGE Data Processing GDP Data
    SHRED DOCUMENTATION ZONGE Data Processing GDP Data Reformat Program version 3.2x Barry Sanders Mykle Raymond John Rykala November, 1996 Zonge Engineering & Research Organization, Inc. 3322 East Fort Lowell Road, Tucson, AZ 85716 USA Tel:(520) 327-5501 Fax:(520) 325-1588 Email:[email protected] GDP DATA PROCESSING MANUAL TABLE OF CONTENTS SHRED ............................................................................ page Introduction.............................................................................5 Usage .......................................................................................5 Software Operation.................................................................7 Calculation of Receiver Location ......................................................... 8 Survey Configurations ........................................................................... 8 Rx Definitions ........................................................................................ 8 Sorting the data file ................................................................................ 9 Splitting the data file .............................................................................. 9 Data Processing Flags.......................................................................... 10 Comment and Program Control Lines ................................................ 11 Transmitter Current Corrections ......................................................... 11 AMT Correlation Coefficient Filter...................................................
    [Show full text]
  • Gnu Coreutils Core GNU Utilities for Version 5.93, 2 November 2005
    gnu Coreutils Core GNU utilities for version 5.93, 2 November 2005 David MacKenzie et al. This manual documents version 5.93 of the gnu core utilities, including the standard pro- grams for text and file manipulation. Copyright c 1994, 1995, 1996, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. Chapter 1: Introduction 1 1 Introduction This manual is a work in progress: many sections make no attempt to explain basic concepts in a way suitable for novices. Thus, if you are interested, please get involved in improving this manual. The entire gnu community will benefit. The gnu utilities documented here are mostly compatible with the POSIX standard. Please report bugs to [email protected]. Remember to include the version number, machine architecture, input files, and any other information needed to reproduce the bug: your input, what you expected, what you got, and why it is wrong. Diffs are welcome, but please include a description of the problem as well, since this is sometimes difficult to infer. See section “Bugs” in Using and Porting GNU CC. This manual was originally derived from the Unix man pages in the distributions, which were written by David MacKenzie and updated by Jim Meyering.
    [Show full text]
  • Defraggler Windows 10 Download Free - Reviews and Testimonials
    defraggler windows 10 download free - Reviews and Testimonials. It's great to hear that so many people have found Defraggler to be the best defrag tool available. Here's what people are saying in the media: "Defraggler is easy to understand and performs its job well. if you want to improve computer performance, this is a great place to start." Read the full review. LifeHacker. "Freeware file defragmentation utility Defraggler analyzes your hard drive for fragmented files and can selectively defrag the ones you choose. The graphical interface is darn sweet." Read the full review. PC World. "Defraggler will show you all your fragmented files. You can click one to see where on the disk its various pieces lie, or defragment just that one. This can be useful when dealing with very large, performance critical files such as databases. Piriform Defraggler is free, fast, marginally more interesting to watch than the default, and has useful additional features. What's not to like?" Read the full review. - Features. Most defrag tools only allow you to defrag an entire drive. Defraggler lets you specify one or more files, folders, or the whole drive to defragment. Safe and Secure. When Defraggler reads or writes a file, it uses the exact same techniques that Windows uses. Using Defraggler is just as safe for your files as using Windows. Compact and portable. Defraggler's tough on your files – and light on your system. Interactive drive map. At a glance, you can see how fragmented your hard drive is. Defraggler's drive map shows you blocks that are empty, not fragmented, or needing defragmentation.
    [Show full text]
  • Owner's Manual Series 1 Hard Drive
    AMS-150HD/ AMS-150HD-SSD/ AMS-150-SSD AMS-300HD/ AMS-300HD-SSD/ AMS-300-SSD OWNER’S MANUAL SERIES 1 HARD DRIVE NOTICE: The information contained within this manual is correct at time of printing, but due to the continuing development of prod ucts, changes in specifications are inevitable. Ameri-Shred reserves the right to implement such changes without prior notice. Service Department: 888.270.6879 TABLE OF CONTENTS UNLOADING/UNPACKING ......................................................................................................................... 3 ELECTRICAL INSTALLATION ........................................................................................................................ 4 NAMEPLATE (LOG SHREDDER SPECIFICS) ................................................................................................... 4 SAFETY WARNINGS .................................................................................................................................... 5 SHREDDER OPERATION .............................................................................................................................. 6 START UP PROCEDURE ............................................................................................................................... 7 SERVER DRIVE JAM WARNING ................................................................................................................... 8 CLEARING A JAM .......................................................................................................................................
    [Show full text]
  • Name Link Description
    Name Link Description Rufus https://rufus.akeo.ie/ Create bootable USB drives the easy way Super Micro http://www.supermicro.com/support/ This is your one-stop area for access to product-specific resources resources/ including BIOS, Drivers, Manuals and Memory Compatibility Lists. Please choose from the following options: CCleaner http://download.cnet.com/CCleaner/? CCleaner is a freeware system optimization, privacy and cleaning tool. It tag=main;dlStartKitList removes unused files from your system allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. Glary http://download.cnet.com/Glary- Glary Utilities is a comprehensive system cleaner and performance booster Utilities/3000-2094_4- for your PC that includes an excellent suite of tools. You can take 10508531.html?tag=main;dlStartKit advantage of 1-Click Maintenance, or pick and choose the operations you'd List like the app to perform, all through its streamlined and intuitive interface. Kaspersky http://download.cnet.com/Kaspersky- Kaspersky Virus Removal Tool automatically removes viruses, Trojans, Virus Virus-Removal-Tool-2015/3000- rootkits, adware, or spyware. Removal 2239_4-76079830.html?tag=main;lsr Tool 2015 Tweaking.co http://www.bleepingcomputer.com/d A free suite of administration tools and system monitors that allows a user m ownload/tweakingcom-technicians- to quickly perform diagnostics on a computer. These tools allows for Technicians toolbox/ quickly fixing common problems on a computer or diagnosing what could Toolbox be causing them. It should be noted that this free version is only available for non-commercial users.
    [Show full text]
  • 10 Red Hat® Linux™ Tips and Tricks
    Written and Provided by Expert Reference Series of White Papers 10 Red Hat® Linux™ Tips and Tricks 1-800-COURSES www.globalknowledge.com 10 Red Hat® Linux™ Tips and Tricks Compiled by Red Hat Certified Engineers Introduction Are you looking for a quick and simple reference guide to help you navigate Red Hat® Linux™ systems? Look no further! Global Knowledge and Red Hat have assembled these 10 Tips and Tricks from Red Hat Certified Engineers® (RHCEs) to give you an edge on managing these systems. 1.Wiping a Hard Drive By Dominic Duval, Red Hat Certified Engineer Have you ever needed to completely wipe out critical data from a hard drive? As we all know, mkfs doesn’t erase a lot. (You already knew this, right?) mkfs and its variants (e.g., mkfs.ext3 and mke2fs) only get rid of a few important data structures on the filesystem, but the data is still there! For a SCSI disk connected as /dev/sdb, a quick dd if=/dev/sdb | strings will let anyone recover text data from a supposedly erased hard drive. Binary data is more complicated to retrieve, but the same basic principle applies: the data was not completely erased. To make things harder for the bad guys, an old trick was to use the ‘dd’ command as a way to erase a drive. Note: This command will erase your disk! dd if=/dev/zero of=/dev/sdb There’s one problem with this: newer, more advanced, techniques make it possible to retrieve data that were replaced with a bunch of 0s.
    [Show full text]