partitions, putting everything into a dedicated folder (Figure 42)

Figure 43: test images for recovery
Each file has been renamed according to the action we performed:
-
     
deleted but not empty.jpeg : an image that was deleted without removing
the temp files or emptying the bin
-
     
deleted.jpeg  :  an  image  that  was  deleted,  removing  the  temp  file  and
emptying the bin
-
normal.jpeg : an image we didn’t performed any action to
-
normal.jpeg.gpg : an encrypted image
-
     
secure-shred-1.jpeg : an image that was deleted using file shredding with
DoD Short type, 1-step algorithm
-
     
secure-shred-7.jpeg : an image that was deleted using file shredding with
PRNG Stream type, 7-step algorithm
-
     
shred-1.jpeg : an image that was deleted using file shredding with Quick
Erase type, 1-step algorithm
-
     
shred-7.jpeg  :  an  image  that  was  deleted  using  file  shredding  with  DoD
type, 7-step algorithm
Let’s see the behavior of Photorec (Figure 44).

Figure 44: recovery results with Photorec
In our case, we recovered over 3GBs of files (Figure 45)! But how?!
Figura 45: Folder that contains recovered files
At the beginning of this example, we mentioned that our drive was formatted
in FAT through a simple format command. Before the formatting, it contained a
Windows installer and, earlier, it worked as a normal USB drive, used to move
files from a Mac Operating System to a Windows one. In one of the recovered
dirs,  we  can  find  some  .apple  files,  proving  that  the  previously  used  operating
system was OSX indeed. Many opened .txt files proved that the drive could have
contained Windows files, also suggesting that can have been used as a Windows
10 installer (as mentioned above). And what about files?

Figure 46: details of the Photorec recovered files
We can still see some (Figure 46):
-
f0033380.jpg : is the deleted.jpg file
-
f0033381.jpg : is the deleted-but-not-empty.jpg file
-
f0033508.jpg : is the normal.jpg file
-
f0033509.jpg : is the shred-1.jpg file
-
t0034436.jpg : is the preview of the secure-shred-1.jpg file
-
t0034500.jpg : is the preview of the shred-7.jpg file
We  can  deduce  that  only  the  normal  deletions  and  the  Quick  Erase  were
ineffective, while the DoD and PNRG techniques have been successful and that,
after  a  partitioning  operation,  some  files  have  been  probably  recovered  (in  this
case,  the  Windows  installer),  together  with  some  previous  programs  (and  this
would  explain  the  amount  of  recovered  data).  However,  we  must  consider  that
the  Operating  System  used  to  create  the  driver  was  MacOS,  which  took  the
liberty to create some previews to our images during the data verification, thus
exposing their content to the public access, although in low resolution.

9. Vulnerability
Despite  all  the  countermeasures  you  may  adopt  to  stay  anonymous,
unfortunately in the IT world there’s always a chance to become a victim. It is
known  that  the  U.S.  Government  is  the  biggest  buyer  of  not-yet-disclosed
vulnerabilities  (the  so-called  0days),  weak  points  that  are  constantly  used  to
perform  secret  pentests.  The  following  is  a  quotation  from  John  McAfee,  the
famous anti virus CEO, who said:
There isn’t too much security anymore, especially in the online world. Give
me  some  simple  information  about  you,  and  I  promise  I’ll  be  able  to  activate
your webcam ad see everything you do in three days.
I want to add something that happened to me a couple of years ago:
I  remember  a  dental  technician  –  someone  not  involved  with  IT  Security  –
who  used  to  cover  his  webcam  with  a  small  piece  of  dark  duct  tape.  I  said  to
myself:  “this  guy  is  paranoid!”.  A  couple  of  days  later,  an  article  reported  an
exploit  which  had  been  used  for  months  or  even  years  to  spy  the  users  of  that

Download 2,32 Mb.

Do'stlaringiz bilan baham: