Undelete Attack

See also: Security | Attack | Cryptography/Attacks | File Wipe | Data recovery

A type of attack that locates and restores files that have been deleted but not yet overwritten. This is commonly used against computers that are suspected of having illegal materials but can be used as a form of espionage. The same technology is used as a convinience for processes such as simple as recovering accidentally deleted files such as with Norton Utilities.

Sometimes, files can be retrieved in the laboratory using computer forensics even after they have been deleted and overwritten.

Windows and pre-OS X Macintosh users must remember that, when they empty the Recycle Bin / Trash Can, the files are still present until overwritten by new information as the hard drive fills up. UNIX systems are much less vulnerable to this type of attack because of the way they handle deleted files.

Defeating the Undelete Attack

  • File Wipe – akin to a document-shredder, overwriting swap file space or the entirety of a hard-drive’s free space
  • Encrypted Volumes – only useful once “unmounted,” or disconnected, from
  • Good physical security to prevent access

TakeDown.NET -> “Undelete-Attack