LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-28-2012, 10:33 AM   #1
Karimo
Member
 
Registered: Aug 2007
Location: Valencia
Distribution: slackware64-current
Posts: 63

Rep: Reputation: 15
Recovering deleted file from a LUKS encrypted partition knowing its passhprase


Hi everybody,
I've a security issue that is really keeping me concerned about.
I have a LUKS formatted partition with an ext3 fs within.
I'm wondering if it's possible to recover/view the content of deleted files after activating the LUKS partition (ie. knowing the passphrase to activate a KeySlot).
Although the partition is physically encrypted, the system can actually treat the resulting mapped partition as a normal block device, hence "viewing" the unencrypted free data blocks of the ext3fs. Is this right or just paranoia?
So, as the title says: there is some way to recover deleted files knowing the passphrase of a LUKS encrypted partition, assuming that both LUKS partition and ext3 are consistent?
Thanks to you all,
Regards,

Karimo
 
Old 05-28-2012, 04:43 PM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,607

Rep: Reputation: 673Reputation: 673Reputation: 673Reputation: 673Reputation: 673Reputation: 673
The procedure would be exactly the same, and with the same liklihood of success, as recovering that file from an ext3 file system on an unencrypted partition.
 
Old 05-28-2012, 04:48 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,679
Blog Entries: 54

Rep: Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955
Quote:
Originally Posted by Karimo View Post
there is some way to recover deleted files knowing the passphrase of a LUKS encrypted partition, assuming that both LUKS partition and ext3 are consistent?
dd / dcfldd / dd_recue / ddrescue / linen / ftkimager the unencrypted block device to a file and then run Photorec, foremost, scalpel, TSK, pyFLAG, FTK, Encase or whatever tool you prefer to test it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
changing a LUKS encrypted partition's key Cultist Slackware 1 03-20-2012 01:13 PM
Problem with Encrypted Partition using LUKS on Debian michalng Debian 1 03-18-2011 04:04 PM
Tricky Problem with corrupted LUKS-encrypted partition IceDragon Linux - Software 9 07-03-2010 07:43 PM
Recover encrypted LUKS partition itinlopez Linux - General 3 11-30-2008 03:20 AM
mount luks encrypted partition with kdm mattydee Slackware 2 01-28-2008 01:32 AM


All times are GMT -5. The time now is 02:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration