Destructive Windows Script

Roose b at b.b
Mon Jun 6 02:53:31 CEST 2005


My guess would be: extremely, extremely easy.  Since you're only writing 30 
bytes for each file, the vast majority of the data will still be present on 
disk, just temporarily inaccessible because of the del command.  And more 
than likely it will be possible to recover 100% if they are using a 
journaling file system like NTFS, which Windows XP does.

If you are honestly trying to destroy your own data, go out and download a 
free program that will do it right.  If you're trying to write some kind of 
trojan, well you've got a lot of learning to do.  :)

R


rbt wrote:
> How easy or difficult would it be for a computer forensics expert to
> recover data that is overwritten in this manner? This is a bit
> off-topic for comp.lang.python, but I thought some here would have
> some insight into this.
>
> Warning: **This code is destructive**. Do not run it unless you fully
> understand what you're doing!!!
>
> os.chdir('/temp')
> for root, dirs, files in os.walk('.'):
>     for f in files:
>         try:
>             print f
>
>             data = ['0', 'a', '1', 'b', '2', 'c',\
>                     '3', 'd', '4', 'e', '5', 'f',\
>                     '6', 'g', '7', 'h', '8', 'i',\
>                     '9', 'j', '~', '!', '@', '#',\
>                     '$', '%', '^', '&', '*', ';']
>
>             fp = file(os.path.join(root,f), 'w')
>             random.shuffle(data)
>             garble = ''.join(data)
>             fp.write(garble)
>             fp.close()
>
>             fs = os.popen("del /f /q /s *")
>             fs.read()
>             fs.close()
>
>         except Exception, e:
>             print e
>             time.sleep(1)
>             continue 





More information about the Python-list mailing list