IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> can a hacker undelete files?
entropysoda
post Dec 12 2006, 04:31 AM
Post #1


Target
*

Group: Members
Posts: 19
Joined: 26-January 06
Member No.: 8,200



so...if i find deleted files on some system, can my hacker try to undelete them, or recover the residue of deleted files (as you can in real life...you know even "emptying the recycle bin" doesn't really get rid of the info!)

Just wondering if the storage technology changes things so files are really really gone when deleted, or not?
Go to the top of the page
 
+Quote Post
Cold-Dragon
post Dec 12 2006, 04:39 AM
Post #2


Moving Target
**

Group: Members
Posts: 753
Joined: 31-October 03
Member No.: 5,780



I don't think there's anything in the books to go against the idea, but being a different style system compared to real world stuff, it's not unreasonable to wonder if deleting also wipes the 'area' too, to prevent deleted viruses from somehow respawning...

I'd have to say GM call, and probably make it a high threshold, something you can 'not quite make it' with so you can get file fragments if it's allowed.
Go to the top of the page
 
+Quote Post
Charon
post Dec 12 2006, 04:52 AM
Post #3


Running Target
***

Group: Members
Posts: 1,011
Joined: 15-February 05
From: Montréal, QC, Canada
Member No.: 7,087



Well, I'm pretty sure that if a hacker delete a file using the SR4 rules as part of a run, the idea is that the file is finished and that the corp won't make the actions of the PC moot by being able to use hotshot programmer to recover the files.

On the other hand, if the corp deleted some of their data, I guess they are as torough as the plot need them to be.

I'd like to think that when Ares system administrator delete their sensitive files they do as good a job as any PC and it's not just so a hacker can swoop in and recover the data. But I guess if it's essential for the story you can use that plot device.
Go to the top of the page
 
+Quote Post
Jaid
post Dec 12 2006, 04:54 AM
Post #4


Great Dragon
*********

Group: Members
Posts: 7,082
Joined: 4-October 05
Member No.: 7,813



i would allow it, provided you had appropriate hardware and whatnot

[edit] (to clarify: it wouldn't be terribly clear, most likely a poor copy, but it would be possible. presumably, any really sensitive stuff would be deleted, and then the storage device would be destroyed. which gives a good reason for those optical chips to still be kicking around as cheap storage, doesn't it?)

This post has been edited by Jaid: Dec 12 2006, 04:56 AM
Go to the top of the page
 
+Quote Post
Kesslan
post Dec 12 2006, 05:34 AM
Post #5


Moving Target
**

Group: Members
Posts: 732
Joined: 1-December 06
Member No.: 10,116



Yeah it's really a hard call in some ways. I mean IRL you should see how far the military goes to make sure it's old hard drives no longer have any information left on them. I once was friends with a guy who used to handle some of that stuff. Was abit of an involved process I'll tell you.

First they deleted everything off the hard drive. Then they tossed them all into a nice big EM magnet. Then they drilled several holes right through the drives. The drives were then dunked into a strong acid bath for 24hrs. THEN they were melted down to slag. And the slag promptly returend to the military so they could comb through the remains and insure there was nothing useable left. However this all applies to magnetic storage.

In 2060's-2070's it's all optical storage. Which is a whole other beast. I'm not quite sure how resiliant these forms of storage are to destruction IRL to be honest. All I know is that it's gotten to the point IRL where 'data crystals' very much exist. One system basically uses a cube of some material or other, and writes multi layered holograms into it as the method of storing data. It's just not terribly efficent atm, and it's also horribly expensive still. But it is functional.

On a hard drive at least, if you delete a file you can still recover it simply because all that's really happened is that the data table has been told 'Sector/clusters X can now be written over'. The data isnt actually deleted at all untill that section of the drive has been overwritten with new data. The moment that happens though, the old data is gone and cannot be recovered. Thats why the recycling bin doesnt -really- remove every last trace of the file. It's simply because untill that actual spot on the drive is used by somethign else, the data is still there, the HD table has simply been told that that space on the drive is now usable by something else.
Go to the top of the page
 
+Quote Post
ixombie
post Dec 12 2006, 06:00 AM
Post #6


Moving Target
**

Group: Members
Posts: 271
Joined: 18-April 06
Member No.: 8,481



This kind of thing is 100% GM discretion, since it all depends on whether the person who deleted the file did a complete erase or just emptied the recycle bin.

I think in SR4, many OS's, especially those used by corps, would automatically do a secure delete. Less secure systems it would only happen if the person was being extra careful.

Of course, we have no idea how data is stored in SR4, whether optical memory leaves recoverable data when you erase it...

But it all comes down to whether the GM wants you to have the data, or maybe part of the data if you could only recover some, or if the game would be more interesting if you can't get it that easily.
Go to the top of the page
 
+Quote Post
Kesslan
post Dec 12 2006, 06:18 AM
Post #7


Moving Target
**

Group: Members
Posts: 732
Joined: 1-December 06
Member No.: 10,116



Even if for some reason one were to allow it to be possible. It should NEVER be easy. IRL it's possible, I mean if your HD gets physically damanged you can generally recover at least -some- data from it. But it's not only horribly expensive, but alot of specialty equipment is often required. And it's -not- easy to do.

Generally though, simply due to the very high level of matrix based crime by 2070 I would assume something as simple as a 'secure delete' would be a basic common function.
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Dec 12 2006, 08:33 AM
Post #8


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,792
Joined: 3-January 04
Member No.: 5,951



As long as 'deleted' means not 'overwritten' - yes, he can, using the Medic utility.
As long as there are backups/copys out there, he can, too... well, not directly. ;)
Go to the top of the page
 
+Quote Post
hobgoblin
post Dec 12 2006, 10:43 AM
Post #9


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



the reason why you can recover today are twofold.

first of, magnetic media can hold a "echo" of the magnetic "signal" that makes up a file. this is what companys like ibas base their recovery prosess on.

secondly, most file systems only delete the reference to a file when you tell it to delete it. its similar to removing the card that says where a book is stored in a library but not removing the book itself.

only when a new file is written is said area used. and even then the echo part still holds (supposedly one can recover data even after 7 overwrites or there about).

for rewriteable CDs and DVDs its a different story. there the physical material changes shape after each write, so recovering from that may well be harder. data on a damaged cds and dvds however can be recovered as the file system used on them have built in redundant data. basically it stores the same data on multiple locations, and use math to check the validity of it to. so there it becomes a question of accidental vs deliberate deletion.

same with flash memory as its based on similar principles iirc. thats why you can wear out a usb stick if you insist on writing to the same bit each and every time.
Go to the top of the page
 
+Quote Post
TheOneRonin
post Dec 12 2006, 03:31 PM
Post #10


Running Target
***

Group: Members
Posts: 1,109
Joined: 16-October 03
From: Raleigh, NC
Member No.: 5,729



As Robert van Dainig put it, any 2-bit company worth their nuyen will have backups...and probably offsite storage as well. The #1 most important job of a network admin is data integrity. Deleting a file from a host should never end up as more than a minor inconvenience for a corp.

IT Sec Officer: "Sir, someone hacked our New Orleans host last night and deleted all files pertaining to the Project Restoration proposal! What do we do?"

IT Admin: "See if you can recover the tree from Shadowcopy. If not have the Vienna and Sydney offices pull the data from their replication hosts. If that ends up taking too long, run downtown to the Offisite Data Storage complex and recover the chips from last night's backup."



And that's how my company of 200 employees does it. I seriously doubt that data deletion would be any more of an inconvience in 2070.

Data alteration on the other hand....
Go to the top of the page
 
+Quote Post
Lovesmasher
post Dec 12 2006, 03:58 PM
Post #11


Moving Target
**

Group: Members
Posts: 147
Joined: 4-December 06
From: Chicago, IL
Member No.: 10,193



QUOTE (TheOneRonin)
As Robert van Dainig put it, any 2-bit company worth their nuyen will have backups...and probably offsite storage as well. The #1 most important job of a network admin is data integrity. Deleting a file from a host should never end up as more than a minor inconvenience for a corp.

IT Sec Officer: "Sir, someone hacked our New Orleans host last night and deleted all files pertaining to the Project Restoration proposal! What do we do?"

IT Admin: "See if you can recover the tree from Shadowcopy. If not have the Vienna and Sydney offices pull the data from their replication hosts. If that ends up taking too long, run downtown to the Offisite Data Storage complex and recover the chips from last night's backup."



And that's how my company of 200 employees does it. I seriously doubt that data deletion would be any more of an inconvience in 2070.

Data alteration on the other hand....

Also, for every admin or corp-hacker on a system, you've probably got 5 middle managment and 10 lower level functionaries who are constantly messing stuff up, just like today.

Ares Corp Hacker: "Ares IT. Explain quickly."
Mr. Johnson: "I broke my cupholder."
Ares Corp Hacker: "Security, this is Hacker 445, I need a 'clean up' on employee number J88342 immediately please."
Security Agent: "Hacker 445, I thought we asked you to stop issuing orders to kill employees."
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Dec 12 2006, 03:59 PM
Post #12


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,792
Joined: 3-January 04
Member No.: 5,951



QUOTE (hobgoblin)
the reason why you can recover today are twofold.

first of, magnetic media can hold a "echo" of the magnetic "signal" that makes up a file. this is what companys like ibas base their recovery prosess on.

Peter Gutmann's theory is based on the idea that the area magnetic information is written to is not the whole storage area reserved for - and thus, this tolerance would allow you to see previous writes under a REM.

Even though this may be true for select bits in laboratoy conditions, it becomes useless on the large scale:
The average hard-drive a) has had enough write cycles to make that residue data essentially random and b) this tolerance is decreasing every day, especially with perpendicular recording.
Go to the top of the page
 
+Quote Post
Draug
post Dec 12 2006, 04:16 PM
Post #13


Moving Target
**

Group: Members
Posts: 223
Joined: 6-December 06
Member No.: 10,259



Anyone here played Half-Life 2? Valve had their source code stolen, and they had to start all over, didn't they? It's sort of in line with this stuff anyway...
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Dec 12 2006, 04:29 PM
Post #14


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,792
Joined: 3-January 04
Member No.: 5,951



QUOTE (Jarl)
Anyone here played Half-Life 2? Valve had their source code stolen, and they had to start all over, didn't they? It's sort of in line with this stuff anyway...

..and the dog ate their homework, too.
Go to the top of the page
 
+Quote Post
James McMurray
post Dec 12 2006, 04:35 PM
Post #15


Great Dragon
*********

Group: Members
Posts: 5,430
Joined: 10-January 05
From: Fort Worth, Texas
Member No.: 6,957



I would base it on the system and user rights. Joe Schmoe's commlink or desktop is going to be "helpful" for him and not permanently delete files. That way when he screws up and deletes the million nuyen proposal It can still retrieve. However, anyone with power user rights or higher would have the ability to purposefully permadelete things, as well as the ability to set it up so that permanent is the default.
Go to the top of the page
 
+Quote Post
hobgoblin
post Dec 12 2006, 04:43 PM
Post #16


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



QUOTE (Lovesmasher @ Dec 12 2006, 04:58 PM)
QUOTE (TheOneRonin @ Dec 12 2006, 09:31 AM)
As Robert van Dainig put it, any 2-bit company worth their nuyen will have backups...and probably offsite storage as well.  The #1 most important job of a  network admin is data integrity.  Deleting a file from a host should never end up as more than a minor inconvenience for a corp.

IT Sec Officer: "Sir, someone hacked our New Orleans host last night and deleted all files pertaining to the Project Restoration proposal!  What do we do?"

IT Admin: "See if you can recover the tree from Shadowcopy.  If not have the Vienna and Sydney offices pull the data from their replication hosts.  If that ends up taking too long, run downtown to the Offisite Data Storage complex and recover the chips from last night's backup."



And that's how my company of 200 employees does it.  I seriously doubt that data deletion would be any more of an inconvience in 2070.

Data alteration on the other hand....

Also, for every admin or corp-hacker on a system, you've probably got 5 middle managment and 10 lower level functionaries who are constantly messing stuff up, just like today.

Ares Corp Hacker: "Ares IT. Explain quickly."
Mr. Johnson: "I broke my cupholder."
Ares Corp Hacker: "Security, this is Hacker 445, I need a 'clean up' on employee number J88342 immediately please."
Security Agent: "Hacker 445, I thought we asked you to stop issuing orders to kill employees."

ah, thats pure BOFH material :rotfl:
Go to the top of the page
 
+Quote Post
Serbitar
post Dec 13 2006, 01:39 AM
Post #17


Running Target
***

Group: Members
Posts: 1,498
Joined: 4-August 05
From: ADL
Member No.: 7,534



easy solution:

- deleting something by just erasing the file entry is threshold 1
- deleting something by overwriting it several times is threshold 2-3

So you have both and the option to have a "somebody forgot to overwrite it" in your story line.
Go to the top of the page
 
+Quote Post
Draug
post Dec 13 2006, 02:09 AM
Post #18


Moving Target
**

Group: Members
Posts: 223
Joined: 6-December 06
Member No.: 10,259



Me likes it. Nice, easy fix.
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Dec 13 2006, 04:52 AM
Post #19


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,792
Joined: 3-January 04
Member No.: 5,951



QUOTE (Serbitar)
- deleting something by overwriting it several times is threshold 2-3

Sr4 uses solid state storage... so 'overwritten' means 'gone for good'.
Go to the top of the page
 
+Quote Post
Digital Heroin
post Dec 13 2006, 04:56 AM
Post #20


Neophyte Runner
*****

Group: Members
Posts: 2,458
Joined: 22-March 03
From: I am a figment of my own imagination.
Member No.: 4,302



QUOTE (Rotbart van Dainig)
QUOTE (Serbitar @ Dec 13 2006, 03:39 AM)
- deleting something by overwriting it several times is threshold 2-3

Sr4 uses solid state storage... so 'overwritten' means 'gone for good'.

Care to cite a source for that?
Go to the top of the page
 
+Quote Post
kzt
post Dec 13 2006, 05:12 AM
Post #21


Great Dragon
*********

Group: Members
Posts: 5,537
Joined: 27-August 06
From: Albuquerque NM
Member No.: 9,234



QUOTE (Rotbart van Dainig)
Sr4 uses solid state storage... so 'overwritten' means 'gone for good'.

And solid state means unrecoverable because of exactly what?

"FlashBack™ data recovery can recover files from all types of flash media that have been lost due to system or battery failure, format or deletion and corruption caused by hardware or software malfunction. FlashBack™ data recovery services can take any digital film card, CompactFlash, SmartMedia, Memorystick, Multimedia Card (MMC), SecureDigital card (SD), IBM Microdrive, ATA PC card, Linear Flash card, Minidisks, Mavica CDs, Kodak Picture disk, Kodak CD; from any manufacturer, and using sophisticated software and hardware tachniques, recover lost images, documents or other important data stored on a removable flash device."
Go to the top of the page
 
+Quote Post
ShadowDragon8685
post Dec 13 2006, 05:20 AM
Post #22


Horror
*********

Group: Members
Posts: 5,322
Joined: 15-June 05
From: BumFuck, New Jersey
Member No.: 7,445



QUOTE
Ares Corp Hacker: "Ares IT. Explain quickly."
Mr. Johnson: "I broke my cupholder."
Ares Corp Hacker: "Security, this is Hacker 445, I need a 'clean up' on employee number J88342 immediately please."
Security Agent: "Hacker 445, I thought we asked you to stop issuing orders to kill employees."


Completely OT, but this opens the door to the "IT guys and the morons they have to deal with" comedy, 2070 style.
Go to the top of the page
 
+Quote Post
hyzmarca
post Dec 13 2006, 05:30 AM
Post #23


Midnight Toker
**********

Group: Members
Posts: 7,686
Joined: 4-July 04
From: Zombie Drop Bear Santa's Workshop
Member No.: 6,456



I have this nice little portable shredder program that I carry around on a memory stick for when I have to use public computers. 25 overwrites later and the data is gone. It is far more useful than deleting from the recyce bin, especially since permission to empty the recycle bin can be denied in some cases and using a portable program is far more convenient than hacking an admin account (although this is trivial on an XP machine due to the fact that the passwords are not encrypted).
Go to the top of the page
 
+Quote Post
Lovesmasher
post Dec 13 2006, 07:02 AM
Post #24


Moving Target
**

Group: Members
Posts: 147
Joined: 4-December 06
From: Chicago, IL
Member No.: 10,193



QUOTE (ShadowDragon8685)
QUOTE
Ares Corp Hacker: "Ares IT. Explain quickly."
Mr. Johnson: "I broke my cupholder."
Ares Corp Hacker: "Security, this is Hacker 445, I need a 'clean up' on employee number J88342 immediately please."
Security Agent: "Hacker 445, I thought we asked you to stop issuing orders to kill employees."


Completely OT, but this opens the door to the "IT guys and the morons they have to deal with" comedy, 2070 style.

I'm considering playing my next hacker as Nick Burns: Your Company's Computer Guy.

http://www.youtube.com/watch?v=R7RuolTf9ho
Go to the top of the page
 
+Quote Post
Kesslan
post Dec 13 2006, 07:26 AM
Post #25


Moving Target
**

Group: Members
Posts: 732
Joined: 1-December 06
Member No.: 10,116



QUOTE (Lovesmasher)
QUOTE (ShadowDragon8685 @ Dec 12 2006, 11:20 PM)
QUOTE
Ares Corp Hacker: "Ares IT. Explain quickly."
Mr. Johnson: "I broke my cupholder."
Ares Corp Hacker: "Security, this is Hacker 445, I need a 'clean up' on employee number J88342 immediately please."
Security Agent: "Hacker 445, I thought we asked you to stop issuing orders to kill employees."


Completely OT, but this opens the door to the "IT guys and the morons they have to deal with" comedy, 2070 style.

I'm considering playing my next hacker as Nick Burns: Your Company's Computer Guy.

http://www.youtube.com/watch?v=R7RuolTf9ho

Nah I prefer the hacker trying to get the corp J wacked.

THough back OT though..
Thats the one thing I allways found 'off' about the average job where you go in, wipe the data. Cause you'd have to trace the remote backups, and all the hard copy backups. I actually do that sort of thing IRL. Monitor the network, handle the hard copy backups, and just in this one building we wind up with a minimum of two sets just in this one building.

We also do backups of no less than something like 10 other sites, and they do their own backups ontop of that. So if you wanted to destroy all the data backups you'd litterally have to hit something like 5 buildings spread across all of north america.

Arguably it could still be done if you went right to the source -before- it got backed up, but anything of great value is backup in stages anyway, so then the next best bet is making subtle alterations to the files.

In the end that really means that unless it's a very small company you couldnt very easily 'destroy' research like that. THough the flipside is you could hire 5 groups of runners, and have each of them hit the sites around the same time, still making it possible. But then there's five times as many things to go wrong.
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 24th November 2020 - 09:57 AM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.