LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-28-2012, 09:33 AM   #1
Karimo
Member
 
Registered: Aug 2007
Location: Valencia
Distribution: slackware64-current
Posts: 63

Rep: Reputation: 15
Recovering deleted file from a LUKS encrypted partition knowing its passhprase


Hi everybody,
I've a security issue that is really keeping me concerned about.
I have a LUKS formatted partition with an ext3 fs within.
I'm wondering if it's possible to recover/view the content of deleted files after activating the LUKS partition (ie. knowing the passphrase to activate a KeySlot).
Although the partition is physically encrypted, the system can actually treat the resulting mapped partition as a normal block device, hence "viewing" the unencrypted free data blocks of the ext3fs. Is this right or just paranoia?
So, as the title says: there is some way to recover deleted files knowing the passphrase of a LUKS encrypted partition, assuming that both LUKS partition and ext3 are consistent?
Thanks to you all,
Regards,

Karimo
 
Old 05-28-2012, 03:43 PM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,337

Rep: Reputation: 573Reputation: 573Reputation: 573Reputation: 573Reputation: 573Reputation: 573
The procedure would be exactly the same, and with the same liklihood of success, as recovering that file from an ext3 file system on an unencrypted partition.
 
Old 05-28-2012, 03:48 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Quote:
Originally Posted by Karimo View Post
there is some way to recover deleted files knowing the passphrase of a LUKS encrypted partition, assuming that both LUKS partition and ext3 are consistent?
dd / dcfldd / dd_recue / ddrescue / linen / ftkimager the unencrypted block device to a file and then run Photorec, foremost, scalpel, TSK, pyFLAG, FTK, Encase or whatever tool you prefer to test it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
changing a LUKS encrypted partition's key Cultist Slackware 1 03-20-2012 12:13 PM
Problem with Encrypted Partition using LUKS on Debian michalng Debian 1 03-18-2011 03:04 PM
Tricky Problem with corrupted LUKS-encrypted partition IceDragon Linux - Software 9 07-03-2010 06:43 PM
Recover encrypted LUKS partition itinlopez Linux - General 3 11-30-2008 02:20 AM
mount luks encrypted partition with kdm mattydee Slackware 2 01-28-2008 12:32 AM


All times are GMT -5. The time now is 04:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration