Still working to recover. Please don't edit quite yet.
Difference between revisions of "undelete attack"
m (from infoAnarchy) |
Carlostmpl (Talk | contribs) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | '''Undelete attack''' is a type of attack that locates and restores [[file]]s that have been [[delete (computing)|deleted]] but not yet overwritten. This is commonly used against [[computer]]s that are suspected of having illegal materials but can be used as a form of [[espionage]]. The same [[technology]] is used as a convinience for processes as simple as recovering accidentally deleted files such as with [[Norton Utilities]]. | |
| − | + | ||
| − | + | ||
Sometimes, files can be retrieved in the laboratory using [[computer]] [[forensic]]s even after they have been deleted and overwritten. | Sometimes, files can be retrieved in the laboratory using [[computer]] [[forensic]]s even after they have been deleted and overwritten. | ||
| − | [[ | + | All [[partition type]]s are vulnerable to this, but [[File Alocation Table]] and some simmilar ones is actually more vulnerable than others. In FAT only the first letter of the [[file name]] is actually erased, the rest of the file is left completely intact. But [[bleeding track file recovery]] can be used on almost every magnetic storage media. |
==== Defeating the Undelete Attack ==== | ==== Defeating the Undelete Attack ==== | ||
| − | * [[ | + | * [[file wipe]] - akin to a document-shredder, overwriting swap file space or the entirety of a hard-drive's free space |
| − | * [[ | + | * [[encrypted volumes]] - only useful once "unmounted," or disconnected, from |
| − | * Good [[physical security]] to prevent access | + | * Good [[physical computer security]] to prevent access |
| + | |||
| + | ==See also== | ||
| + | * [[computer security]] | ||
| + | * [[forensic]] | ||
{{infoanarchy|Undelete_Attack|Undelete Attack}} | {{infoanarchy|Undelete_Attack|Undelete Attack}} | ||
| + | |||
| + | [[Category:Privacy]] | ||
| + | [[Category:Forensics]] | ||
Latest revision as of 12:10, 13 July 2006
Undelete attack is a type of attack that locates and restores files that have been deleted but not yet overwritten. This is commonly used against computers that are suspected of having illegal materials but can be used as a form of espionage. The same technology is used as a convinience for processes as simple as recovering accidentally deleted files such as with Norton Utilities.
Sometimes, files can be retrieved in the laboratory using computer forensics even after they have been deleted and overwritten.
All partition types are vulnerable to this, but File Alocation Table and some simmilar ones is actually more vulnerable than others. In FAT only the first letter of the file name is actually erased, the rest of the file is left completely intact. But bleeding track file recovery can be used on almost every magnetic storage media.
Defeating the Undelete Attack[edit]
- file wipe - akin to a document-shredder, overwriting swap file space or the entirety of a hard-drive's free space
- encrypted volumes - only useful once "unmounted," or disconnected, from
- Good physical computer security to prevent access
See also[edit]
| This article is based on a public domain infoAnarchy article: Undelete_Attack | iA |
