On Thu, Aug 02, 2007 at 07:01:57AM +0000, Steven wrote: > Also, if I `dd if=/dev/hda of=test bs=512 count=16384 && strings -a test > | less` I see several explicit module paths, a reference to an old kernel > which isn't on the system anymore (that I know of), and what looks like > an irc proxy. >
[snip related to iceweasel] I don't know. Perhaps you should get the iceweasel source and search for the strings of interest and see why they're there. > The relevant output from dd /dev/hda: > [snip] What is the question re /dev/hda? 'deleting' a file on a filesystem simply removes the file name out of a directory listing and marks the inodes as free. The data is still left on the drive untill written over. Actually, even after being written over its still possible to retrieve it forensically. What you are showing is a prime example of why its a good idea to have an encrypted swap and /tmp on tmpfs so that nothing from memory or /tmp can end up on the drive enclare. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
