On Sat, Nov 1, 2008 at 6:59 AM, Roscoe <eocsor@xxxxxxxxx> wrote: > On Sat, Nov 1, 2008 at 5:00 AM, Arno Wagner <arno@xxxxxxxxxxx> wrote: >> If I remember correctly, there is no backup of the LUKS header. >> I think there are tools you can sue to make one yourself. >> >> As to data recovery for overweritten miodern HDDs, nobody >> admits to be able to do it. >> > > Not to mention LUKS implements anti forensic measures too! I don't think LUKS' anti-forensics is doing anything specific here. AFAIK it works by (a) making it hard to recover the old password when you change a password and (b) ensuring that protection is not defeated by the disk firmware under certain conditions. Overwriting with a brand new install does not (I'm pretty sure) achieve the same level of protection -- the new LUKS does not know there's an old one underneath -- so in theory the kind of stuff that Peter Gutmann talks about can be used to recover the previous contents of those sectors. In practice it's a little iffy, definitely expensive, and probably not worth it for the kind of data loss he is talking about. The real problem here is Ubuntu, not recognising that an existing LUKS partition exists and blithely overwriting it. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
