Does this type of drive utility exist?
Hg
to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
rerunning the program make the drive appear normal again?
Rod Speed
Dont recall seeing one.
And why would you want to do that anyway ?
It wouldnt be that hard to check if its still got data on it.
Yousuf Khan
You must be thinking of a disk encryption utility. It does considerably
more than just making the drive "appear" wiped, it actually encrypts the
data. If you put the disk into a machine without the same software, it
will appear to be an unformatted drive. If you don't have the same
password, even if you have the software, then it will appear to be an
unformatted drive.
One example of such a program is:
But I've not used it myself. Others may provide other examples.
Yousuf Khan
Rod Speed
> Hg wrote
>> A little off topic as this is a sw ques rather than hw, does a
>> program exist to make a drive appear empty as if it has been
>> fdisk'ed/wiped? And then by rerunning the program make the drive
>> appear normal again?
> You must be thinking of a disk encryption utility. It does
> considerably more than just making the drive "appear" wiped,
In fact it doesnt appear to be wiped at all, it appears to be partially filled.
> it actually encrypts the data. If you put the disk into a machine
> without the same software, it will appear to be an unformatted drive.
> If you don't have the same password, even if you have the software,
> then it will appear to be an unformatted drive.
> One example of such a program is:
> But I've not used it myself. Others may provide other examples.
XP and Vista and Win7 will do encryption themselves.
Man-wai Chang to The Door (28800bps)
> to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
> rerunning the program make the drive appear normal again?
Ask Pentagon. :)
--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.31.6
^ ^ 12:48:01 up 12 days 1:53 2 users load average: 0.00 0.03 0.00
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
David Brown
fdisk would do that fine. Just make sure you re-enter the old partition
setup correctly when you want to restore your partitions.
You could also use dd to save, then wipe the partition table, and to
restore it later. You are doing the same thing as with fdisk, but it
would be easier to script.
Joep
Important: When replying to this mail, please include previous
correspondence!
"David Brown" <da...@westcontrol.removethisbit.com> schreef in bericht
news:4b0cf2ad$0$26307$8404...@news.wineasy.se...
> Hg wrote:
>> A little off topic as this is a sw ques rather than hw, does a program
>> exist
>> to make a drive appear empty as if it has been fdisk'ed/wiped? And then
>> by rerunning the program make the drive appear normal again?
>
> fdisk would do that fine. Just make sure you re-enter the old partition
> setup correctly when you want to restore your partitions.
which fdisk? Not the MS fdisk.
--
Kind regards,
Joep
David Brown
Even MS fdisk should be capable of deleting existing partitions (thus
hiding them, as required by the OP) and then later recreating them
without affecting the data if you give it the same partition setup?
It's been a long time since I've used MS tools for disk partitioning, so
I can't say for sure. Anyway, you'd want to do such manipulation from a
boot CD or USB drive, so a live Linux distro is the obvious choice. Of
course, I'm assuming the OP is happy with tools like that - if he needs
a point-and-click zero-thought interface, then he'll have to look elsewhere.
Arno
Not against any halfway competent person, no. It is a rather
fundamental limit that you cannot hide information. You can
encrypt in a way that the encryption is indistinguishable
from an overwrite with cryptographically strong
pseudo-randomness but that is the best you can do.
If it is just on the surface layer against a non-expert,
things can be done.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: ar...@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
Hg
>
> If it is just on the surface layer against a non-expert, things can be
> done.
>
> Arno
Exactly my requirement. Encryption not required either.
Some nice the suggestions from folks here, though I'm not sure about messing
with fdisk after all these years of not using it.
Rod Speed
> Hg wrote
>> A little off topic as this is a sw ques rather than hw, does a
>> program exist to make a drive appear empty as if it has been
>> fdisk'ed/wiped? And then by rerunning the program make the drive
>> appear normal again?
> fdisk would do that fine.
Nope, MS's fdisk doesnt make it look wiped and allow it to be restored.
> Just make sure you re-enter the old partition setup correctly when you want to restore your partitions.
There are plenty of partition table savers/restorers.
> You could also use dd to save, then wipe the partition table, and to
> restore it later. You are doing the same thing as with fdisk, but it
> would be easier to script.
But it still doesnt look wiped, just the partition table is wiped.
Rod Speed
> Joep wrote
>> David Brown <da...@westcontrol.removethisbit.com> wrote
>>> Hg wrote
>>>> A little off topic as this is a sw ques rather than hw, does a program exist
>>>> to make a drive appear empty as if it has been fdisk'ed/wiped? And
>>>> then by rerunning the program make the drive appear normal again?
>>> fdisk would do that fine. Just make sure you re-enter the old
>>> partition setup correctly when you want to restore your partitions.
>> which fdisk? Not the MS fdisk.
> Even MS fdisk should be capable of deleting existing partitions (thus hiding them, as required by the OP)
He also says he wants it to look like its been wiped. MS
fdisk can wipe the drive but it cant be restored after that.
> and then later recreating them without affecting the data if you give it the same partition setup?
Nope, the data isnt visible. Essentially because the MS fdisk
also fucks over the FAT etc as well as the partition table.
> It's been a long time since I've used MS tools for disk partitioning,
> so I can't say for sure. Anyway, you'd want to do such manipulation
> from a boot CD or USB drive, so a live Linux distro is the obvious choice.
Still doesnt make the drive look WIPED and allow that to be reversed.
David Brown
> David Brown wrote
>> Joep wrote
>>> David Brown <da...@westcontrol.removethisbit.com> wrote
>>>> Hg wrote
>
>>>>> A little off topic as this is a sw ques rather than hw, does
>>>>> a program exist to make a drive appear empty as if it has
>>>>> been fdisk'ed/wiped? And then by rerunning the program make
>>>>> the drive appear normal again?
>>>> fdisk would do that fine. Just make sure you re-enter the old
>>>> partition setup correctly when you want to restore your
>>>> partitions.
>
>>> which fdisk? Not the MS fdisk.
>
>> Even MS fdisk should be capable of deleting existing partitions
>> (thus hiding them, as required by the OP)
>
> He also says he wants it to look like its been wiped. MS fdisk can
> wipe the drive but it cant be restored after that.
>
>> and then later recreating them without affecting the data if you
>> give it the same partition setup?
>
> Nope, the data isnt visible. Essentially because the MS fdisk also
> fucks over the FAT etc as well as the partition table.
>
OK, then MS fdisk won't work. I've never used MS fdisk for anything out
of the ordinary, so it's not something I've tried. I /do/ know that
Linux partitioning software do not mess with the data in the partitions
themselves, and guessed that MS fdisk was similar.
>> It's been a long time since I've used MS tools for disk
>> partitioning, so I can't say for sure. Anyway, you'd want to do
>> such manipulation from a boot CD or USB drive, so a live Linux
>> distro is the obvious choice.
>
> Still doesnt make the drive look WIPED and allow that to be reversed.
>
If you use cfdisk (a Linux partitioner) to remove all the partitions
from the partition table, then the drive will look like a completely
clean, unpartitioned and unformated drive. If you run cfdisk again and
enter the correct values to re-create the old partitions, then they
should be accessible again.
Of course, it depends somewhat on what the OP means by appearing empty.
A drive with no partitions would look suspicious to other people. A
better idea might be to put two partitions on the drive - one that you
format and don't use (or use only for "innocent" data), and one where
you keep all your secret stuff. Use cfdisk to hide or restore the
secret one as needed, and let the evil MPAA inspectors (or whoever) see
only the innocent partition.
David Brown
Go for it - what have you got to lose? But try it on a spare disk...
Jerry Peters
For this use sfdisk would probably be better, see the -O & -I options.
Jerry
Rod Speed
But it wont look WIPED.
> If you run cfdisk again and enter the correct values to re-create the old partitions, then they should be accessible
> again.
> Of course, it depends somewhat on what the OP means by appearing empty.
He used the word WIPED explicitly.
> A drive with no partitions would look suspicious to other people. A better idea might be to put two partitions on the
> drive -
> one that you format and don't use (or use only for "innocent" data),
> and one where you keep all your secret stuff. Use cfdisk to hide or
> restore the secret one as needed, and let the evil MPAA inspectors
> (or whoever) see only the innocent partition.
Makes a lot more sense to robustly encrypt it instead.
David Brown
> David Brown wrote
>> Rod Speed wrote
>>> David Brown wrote
>
>> partitions from the partition table, then the drive will look like
>> a completely clean, unpartitioned and unformated drive.
>
> But it wont look WIPED.
>
>> If you run cfdisk again and enter the correct values to re-create
>> the old partitions, then they should be accessible again.
>
>> Of course, it depends somewhat on what the OP means by appearing
>> empty.
>
> He used the word WIPED explicitly.
>
He said "appear empty as if it has been fdisk'ed/wiped". He later said
he was happy with superficial hiding from non-experts. If that means
some sort of specific exact method of "wiping" the disk, such as filling
the data areas with zeros or (apparently) random data, then messing
about with partition setup will not be sufficient. But /I/ certainly
don't interpret the OP's request in that way.
>> A drive with no partitions would look suspicious to other people.
>> A better idea might be to put two partitions on the drive - one
>> that you format and don't use (or use only for "innocent" data),
>> and one where you keep all your secret stuff. Use cfdisk to hide
>> or restore the secret one as needed, and let the evil MPAA
>> inspectors (or whoever) see only the innocent partition.
>
> Makes a lot more sense to robustly encrypt it instead.
>
It might well be easier to use encryption, depending on the OP's
familiarity with these sorts of tools (his later posts says he is
reluctant to try fdisk), and how he wants to use the hiding.
tanstafl
Sounds like you might want to use HPA (Host Protected Area) to contain
your data. HPA is what Dell, IBM, HP etc use to hide the system
restore image for recovery when they're too cheap to give you a real
OS cd :-( You would take a clean HDD, create a partition and load
your data. Then use a utility to encompass that partition within the
HPA defined area; poof - it's no longer visible after a reboot. You
can now format, wipe or write any patterns you want - it'll look like
it's wiped because indeed it is. Remove the HPA setting and your data
is back.
NOTE: This won't elude even a cursory forensics look at the disk. The
reported disk size will be the real size minus the HPA defined area,
not very stealthy if that's what you're seeking.
There are utilities out in googleland, but first read through the info
at http://en.wikipedia.org/wiki/Host_protected_area and other
referenced links. 'Rule 1' definitely applies.
----
Pete Gebel pfgebel(deletethis)@crisperiodcom
Have the best day possible - all things considered