Does this type of drive utility exist?

[Hg]

A little off topic as this is a sw ques rather than hw, does a program exist
to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
rerunning the program make the drive appear normal again?

 

[Rod Speed]

Hg wrote

A little off topic as this is a sw ques rather than hw,
does a program exist to make a drive appear empty
as if it has been fdisk'ed/wiped? And then by rerunning
the program make the drive appear normal again?

Dont recall seeing one.

And why would you want to do that anyway ?

It wouldnt be that hard to check if its still got data on it.

 

[Yousuf Khan]

A little off topic as this is a sw ques rather than hw, does a program exist
to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
rerunning the program make the drive appear normal again?

You must be thinking of a disk encryption utility. It does considerably
more than just making the drive "appear" wiped, it actually encrypts the
data. If you put the disk into a machine without the same software, it
will appear to be an unformatted drive. If you don't have the same
password, even if you have the software, then it will appear to be an
unformatted drive.

One example of such a program is:

http://www.truecrypt.org/

But I've not used it myself. Others may provide other examples.

Yousuf Khan

 

[Rod Speed]

Yousuf Khan wrote

Hg wrote

You must be thinking of a disk encryption utility. It does
considerably more than just making the drive "appear" wiped,

In fact it doesnt appear to be wiped at all, it appears to be partially filled.

it actually encrypts the data. If you put the disk into a machine
without the same software, it will appear to be an unformatted drive.
If you don't have the same password, even if you have the software,
then it will appear to be an unformatted drive.

One example of such a program is:

But I've not used it myself. Others may provide other examples.

XP and Vista and Win7 will do encryption themselves.

 

[Man-wai Chang to The Door (28800bps)]

A little off topic as this is a sw ques rather than hw, does a program exist

to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
rerunning the program make the drive appear normal again?

Ask Pentagon.

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.31.6
^ ^ 12:48:01 up 12 days 1:53 2 users load average: 0.00 0.03 0.00
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[David Brown]

A little off topic as this is a sw ques rather than hw, does a program exist
to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
rerunning the program make the drive appear normal again?

fdisk would do that fine. Just make sure you re-enter the old partition
setup correctly when you want to restore your partitions.

You could also use dd to save, then wipe the partition table, and to
restore it later. You are doing the same thing as with fdisk, but it
would be easier to script.

 

[Joep]

Important: When replying to this mail, please include previous
correspondence!

fdisk would do that fine. Just make sure you re-enter the old partition
setup correctly when you want to restore your partitions.

which fdisk? Not the MS fdisk.

 

[David Brown]

Important: When replying to this mail, please include previous
correspondence!



which fdisk? Not the MS fdisk.

Even MS fdisk should be capable of deleting existing partitions (thus
hiding them, as required by the OP) and then later recreating them
without affecting the data if you give it the same partition setup?
It's been a long time since I've used MS tools for disk partitioning, so
I can't say for sure. Anyway, you'd want to do such manipulation from a
boot CD or USB drive, so a live Linux distro is the obvious choice. Of
course, I'm assuming the OP is happy with tools like that - if he needs
a point-and-click zero-thought interface, then he'll have to look elsewhere.

 

[Arno]

A little off topic as this is a sw ques rather than hw, does a
program exist to make a drive appear empty as if it has been
fdisk'ed/wiped? And then by rerunning the program make the drive
appear normal again?

Not against any halfway competent person, no. It is a rather
fundamental limit that you cannot hide information. You can
encrypt in a way that the encryption is indistinguishable
from an overwrite with cryptographically strong
pseudo-randomness but that is the best you can do.

If it is just on the surface layer against a non-expert,
things can be done.

Arno

 

[Hg]

If it is just on the surface layer against a non-expert, things can be
done.

Arno

Exactly my requirement. Encryption not required either.

Some nice the suggestions from folks here, though I'm not sure about messing
with fdisk after all these years of not using it.

 

[Rod Speed]

David Brown wrote

Hg wrote

fdisk would do that fine.

Nope, MS's fdisk doesnt make it look wiped and allow it to be restored.

Just make sure you re-enter the old partition setup correctly when you want to restore your partitions.

There are plenty of partition table savers/restorers.

You could also use dd to save, then wipe the partition table, and to
restore it later. You are doing the same thing as with fdisk, but it
would be easier to script.

But it still doesnt look wiped, just the partition table is wiped.

 

[Rod Speed]

David Brown wrote

Joep wrote

Even MS fdisk should be capable of deleting existing partitions (thus hiding them, as required by the OP)

He also says he wants it to look like its been wiped. MS
fdisk can wipe the drive but it cant be restored after that.

and then later recreating them without affecting the data if you give it the same partition setup?

Nope, the data isnt visible. Essentially because the MS fdisk
also ****s over the FAT etc as well as the partition table.

It's been a long time since I've used MS tools for disk partitioning,
so I can't say for sure. Anyway, you'd want to do such manipulation
from a boot CD or USB drive, so a live Linux distro is the obvious choice.

Still doesnt make the drive look WIPED and allow that to be reversed.

 

[David Brown]

David Brown wrote


He also says he wants it to look like its been wiped. MS fdisk can
wipe the drive but it cant be restored after that.


Nope, the data isnt visible. Essentially because the MS fdisk also
****s over the FAT etc as well as the partition table.

OK, then MS fdisk won't work. I've never used MS fdisk for anything out
of the ordinary, so it's not something I've tried. I /do/ know that
Linux partitioning software do not mess with the data in the partitions
themselves, and guessed that MS fdisk was similar.

Still doesnt make the drive look WIPED and allow that to be reversed.

If you use cfdisk (a Linux partitioner) to remove all the partitions
from the partition table, then the drive will look like a completely
clean, unpartitioned and unformated drive. If you run cfdisk again and
enter the correct values to re-create the old partitions, then they
should be accessible again.

Of course, it depends somewhat on what the OP means by appearing empty.
A drive with no partitions would look suspicious to other people. A
better idea might be to put two partitions on the drive - one that you
format and don't use (or use only for "innocent" data), and one where
you keep all your secret stuff. Use cfdisk to hide or restore the
secret one as needed, and let the evil MPAA inspectors (or whoever) see
only the innocent partition.

 

[David Brown]

Exactly my requirement. Encryption not required either.

Some nice the suggestions from folks here, though I'm not sure about messing
with fdisk after all these years of not using it.

Go for it - what have you got to lose? But try it on a spare disk...

 

[Jerry Peters]

OK, then MS fdisk won't work. I've never used MS fdisk for anything out
of the ordinary, so it's not something I've tried. I /do/ know that
Linux partitioning software do not mess with the data in the partitions
themselves, and guessed that MS fdisk was similar.


If you use cfdisk (a Linux partitioner) to remove all the partitions
from the partition table, then the drive will look like a completely
clean, unpartitioned and unformated drive. If you run cfdisk again and
enter the correct values to re-create the old partitions, then they
should be accessible again.

For this use sfdisk would probably be better, see the -O & -I options.

Jerry

 

[Rod Speed]

David Brown wrote

Rod Speed wrote

OK, then MS fdisk won't work. I've never used MS fdisk for anything
out of the ordinary, so it's not something I've tried. I /do/ know
that Linux partitioning software do not mess with the data in the
partitions themselves, and guessed that MS fdisk was similar.

If you use cfdisk (a Linux partitioner) to remove all the partitions from the partition table, then the drive will
look like a completely clean, unpartitioned and unformated drive.

But it wont look WIPED.

If you run cfdisk again and enter the correct values to re-create the old partitions, then they should be accessible
again.

Of course, it depends somewhat on what the OP means by appearing empty.

He used the word WIPED explicitly.

A drive with no partitions would look suspicious to other people. A better idea might be to put two partitions on the
drive -
one that you format and don't use (or use only for "innocent" data),
and one where you keep all your secret stuff. Use cfdisk to hide or
restore the secret one as needed, and let the evil MPAA inspectors
(or whoever) see only the innocent partition.

Makes a lot more sense to robustly encrypt it instead.

 

[David Brown]

David Brown wrote


But it wont look WIPED.



He used the word WIPED explicitly.

He said "appear empty as if it has been fdisk'ed/wiped". He later said
he was happy with superficial hiding from non-experts. If that means
some sort of specific exact method of "wiping" the disk, such as filling
the data areas with zeros or (apparently) random data, then messing
about with partition setup will not be sufficient. But /I/ certainly
don't interpret the OP's request in that way.

Makes a lot more sense to robustly encrypt it instead.

It might well be easier to use encryption, depending on the OP's
familiarity with these sorts of tools (his later posts says he is
reluctant to try fdisk), and how he wants to use the hiding.

 

[tanstafl]

A little off topic as this is a sw ques rather than hw, does a program exist
to make a drive appear empty as if it has been fdisk'ed/wiped? And then by
rerunning the program make the drive appear normal again?

Sounds like you might want to use HPA (Host Protected Area) to contain
your data. HPA is what Dell, IBM, HP etc use to hide the system
restore image for recovery when they're too cheap to give you a real
OS cd :-( You would take a clean HDD, create a partition and load
your data. Then use a utility to encompass that partition within the
HPA defined area; poof - it's no longer visible after a reboot. You
can now format, wipe or write any patterns you want - it'll look like
it's wiped because indeed it is. Remove the HPA setting and your data
is back.

NOTE: This won't elude even a cursory forensics look at the disk. The
reported disk size will be the real size minus the HPA defined area,
not very stealthy if that's what you're seeking.

There are utilities out in googleland, but first read through the info
at http://en.wikipedia.org/wiki/Host_protected_area and other
referenced links. 'Rule 1' definitely applies.