LinuxQuestions.org - Recovering deleted file from a LUKS encrypted partition knowing its passhprase

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Recovering deleted file from a LUKS encrypted partition knowing its passhprase (https://www.linuxquestions.org/questions/linux-security-4/recovering-deleted-file-from-a-luks-encrypted-partition-knowing-its-passhprase-947223/)

Recovering deleted file from a LUKS encrypted partition knowing its passhprase

Hi everybody,
I've a security issue that is really keeping me concerned about.
I have a LUKS formatted partition with an ext3 fs within.
I'm wondering if it's possible to recover/view the content of deleted files after activating the LUKS partition (ie. knowing the passphrase to activate a KeySlot).
Although the partition is physically encrypted, the system can actually treat the resulting mapped partition as a normal block device, hence "viewing" the unencrypted free data blocks of the ext3fs. Is this right or just paranoia?
So, as the title says: there is some way to recover deleted files knowing the passphrase of a LUKS encrypted partition, assuming that both LUKS partition and ext3 are consistent?
Thanks to you all,
Regards,

Karimo

The procedure would be exactly the same, and with the same liklihood of success, as recovering that file from an ext3 file system on an unencrypted partition.

Quote:

Originally Posted by Karimo (Post 4689440)

there is some way to recover deleted files knowing the passphrase of a LUKS encrypted partition, assuming that both LUKS partition and ext3 are consistent?

dd / dcfldd / dd_recue / ddrescue / linen / ftkimager the unencrypted block device to a file and then run Photorec, foremost, scalpel, TSK, pyFLAG, FTK, Encase or whatever tool you prefer to test it.