What stops the PC from writing over all your data in the hidden partition when you aren't using it?
Plausible Deniability
- Thread starter yhack
- Start date
What stops the PC from writing over all your data in the hidden partition when you aren't using it?
Nothing. If your machine was aware of the inner partition, then so would the FBI
The best way, in theory, would be an encrypted OS partition, then an encrypted data partition containing the hidden inner volume. That way you should be able to control the disk usage such that overwriting the volume is unlikely.
The OS partition should contain your programs, swapfile, etc, so windows has no reason to write anything to the data partition.
see the following link:
http://www.truecrypt.org/docs/?s=hidden-volume-protection
this describes a mechanism where you can protect the inner volume, but at the cost of increased risk of the volume being found (if the FBI get their hands on your computer with the outer volume mounted)
Man of Honour
I haven't read all this thread but only last year a bloke refused to give his password after the authoriteeeez believed he'd got a drive full of porno material and all he got was 16 weeks.
It was a thread on here.
It was a thread on here.
Soldato
Why does DBAN and eraser etc have 35 pass methods, if overwriting with 1 pass is sufficient?
I usually just use the 3 pass MOD one, must be pretty secure if the MOD use it.
I think file systems work from the outside inwards, I don't think they just place files all over the place. Truecrypt on linux has a feature that stops it writing over, you have to enter the password for the normal partition.
In fairness, a hard disk platter has no concept of 1s and 0s. The disk controller reads the platter(s) and interprets a pattern found on the disk as 1s and 0s.
The idea is (probably) that not all 1s are identical, and not all 0s are identical.
A "1" that was previously "0" may be slightly different to a "1" that was previously "1". To recover data (which I still don't think is entirely possible, or easy), you would have to bypass the disk controller and directly examine the platters.
The chances of this ever happening unless you're on the FBI's most-wanted terrorist suspect list are pretty small, I would think. And that's even if it's possible, and not just a theory.
Soldato
I get what you're saying but I also think it is just a theory and not possible.
No idea where all the nay-sayers went that insist that recovery of data that has been overwritten IS possible. I guess they will pipe in with something when they have finished reading up on it and realise their mistake
I'm pretty sure it is possible as FoxEye suggests. you wont recover the erased data by reading the disk. The discs will be taken apart in a clean room and the platters examined with some high tech tools and microscopes with a lot of work done by hand over many weeks or months. The retrieved data is probably very noisy and the costs of doing this are probably astronomical.
I've heard of hard disks being dropped in the seas, recovered by divers and the data read off the drive by directly examining the disk platters.
Unless your the next Bin laden no one will bother.
I've heard of hard disks being dropped in the seas, recovered by divers and the data read off the drive by directly examining the disk platters.
Unless your the next Bin laden no one will bother.
Agreed. Which leads me to suggest, as I already have done in this thread, that a single-pass random-data overwrite is enough to erase your disk, for all intents and purposes.
Because your data is simply not worth the effort to recover, and there are no "off-the-shelf" software solutions which will recover a disk erased this way.