Recovering deleted wallet/files from HDD - page 2.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: fillippone on November 07, 2021, 06:02:19 AM

Quote from: ABCbits on November 07, 2021, 05:52:18 AM

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).

Then you're either forced to,
1. Learn removing HDD from your laptop and buy necessary tool (e.g. screwdriver for screw type used on your laptop).
2. Perform secure disk wipe using bootable OS on flash drive.
3. Fully trust the technician.

Quote from: fillippone on November 07, 2021, 06:02:19 AM

Basically, when to give your laptop to an external technician, you are trusting him not to rip you off.

True, but it's less likely they will do something obvious (e.g. charging very high "repair" cost) rather than cloning HDD which hardly could be detected.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fillippone on November 07, 2021, 06:02:19 AM

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).

Suggestion: add it to your opsec-checklist to only buy laptops that allows to easily take out the drive.

fillippone

legendary

Activity: 2114

Merit: 15144

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: ABCbits on November 07, 2021, 05:52:18 AM

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).
Also,even if I haven’t any wallet in it, just having access to my email a malicious user could do extremely dangerous actions.
Basically, when to give your laptop to an external technician, you are trusting him not to rip you off.
Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: fillippone on November 06, 2021, 07:37:07 AM

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

If you didn't take any preventive action (e.g. full drive encryption or forcing password after boot), there's nothing much you could do. Your option basically only,
1. Change your account's password (for account logged in on your device) on different device.
2. Move your coin (if you have wallet there) to newly generated wallet.
3. Bring the phone to someone you could trust.

Quote from: jerry0 on November 06, 2021, 05:57:02 PM

So how do you guys handle when there is an issue and you need to bring it your laptop to a repair shop or return it to the company? Assuming you can just check your hard drive which is to see what is the problem, isn't this already a big issue? Like imagine it just shows ledger live or electrum as an icon on you computer when they turn it on.

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

cabron

hero member

Activity: 2800

Merit: 595

https://www.betcoin.ag

Giving the laptop with its drive will likely give that computer guy access to old passwords saved on browsers.

I would probably just follow what LoyceV suggested that you take out the HD and then sell it to that computer guy, that's the best and easiest way to do it unless you want the risky option. There could be more files you have there in the hard drive which you can slave later on another computer and scan it all like pictures, txt files, and downloaded files.

Lotus

jr. member

Activity: 107

Merit: 7

If you ever send it to "anybody" then assume it's been compromised. As to how to handle it, the answer is still the same. Use a hardware wallet. That way, even if all its content is stolen and you get it back with keyloggers and trojans, they still can't access your assets.
At the very least, transfer everything off the machine before sending it off and don't use it for local wallets again until you wipe it off.

jerry0

full member

Activity: 1736

Merit: 186

So how do you guys handle when there is an issue and you need to bring it your laptop to a repair shop or return it to the company? Assuming you can just check your hard drive which is to see what is the problem, isn't this already a big issue? Like imagine it just shows ledger live or electrum as an icon on you computer when they turn it on.

I mean wouldn't they most likely inspect it?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fillippone on November 06, 2021, 07:37:07 AM

what if something break on your laptop where you have critical informations?

I was serious when I wrote this:

Quote from: LoyceV on November 05, 2021, 05:10:49 AM

Or use a screwdriver, as that's all it takes to take out the drive.

Quote from: fillippone on November 06, 2021, 07:37:07 AM

What if your power supply breaks on your laptop?

I'd probably fix it myself

Quote

Can you trust your repair shop will not duplicate your hdd?

You can assume this, but you can only be sure if you don't let your HDD out of sight.

Quote

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

Phones are much worse: you can't just take out the disk to send it in for repairs. But phones are also much more likely to get stolen, so I'd say don't store more data on it than you're willing to lose.

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: fillippone on November 06, 2021, 07:37:07 AM

Quote from: DaveF on November 05, 2021, 07:48:23 AM

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

Interesting question then is: what if something break on your laptop where you have critical informations? What if your power supply breaks on your laptop? Can you trust your repair shop will not duplicate your hdd?

Any ways of mitigating this? Even if the wallet.dats are encrypted, I bet there will still be loads of passwords saved while browsing, that can do a lot of damage.

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

I used to have a desktop computer but the motherboard died on me and never bothered to repair it. Supposing you have a desktop PC, it's not that hard to mount a HDD and recover your data. If I had one myself, I wouldn't have bothered taking it to a technician, since the laptop itself is pretty cheap.

fillippone

legendary

Activity: 2114

Merit: 15144

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: DaveF on November 05, 2021, 07:48:23 AM

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

Interesting question then is: what if something break on your laptop where you have critical informations? What if your power supply breaks on your laptop? Can you trust your repair shop will not duplicate your hdd?

Any ways of mitigating this? Even if the wallet.dats are encrypted, I bet there will still be loads of passwords saved while browsing, that can do a lot of damage.

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: larry_vw_1955 on November 04, 2021, 11:44:17 PM

Quote from: DaveF on November 04, 2021, 05:20:32 PM

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
-Dave

those little sata 2 port "docking stations" are not so good as what you might think. if there's one constant about them it is people complaining how it f***ed up their hard drives and made them "raw". doesn't matter the brand.

Looking at my work notes we have done over 170 Spinning drives to SSD since Jan 1 2020 for a client who was extending the life of some older machines so either you and the people you are talking to are using cheap cloners or we have some amazing luck.

I don't know how the $80 generic ones work, but the 'real' ones are just running an embedded linux controller and dd 'ing (more or less) the entire drive.
The source is only ever mounted in read only so having it come back as 'raw' is just about impossible.

This: https://www.amazon.com/SATA-Hard-Drive-Duplicator-Eraser/dp/B00G6TG5YE
is not the same as this: https://www.mediaduplicationsystems.com/fx2125-sata-sas-usb3.0-hard-drive-duplicator

If you walk into a shop or your tech is using something like the StarTech one. Run away as fast as you can.

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

fillippone

legendary

Activity: 2114

Merit: 15144

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: LoyceV on November 05, 2021, 05:10:49 AM

Quote from: fillippone on November 04, 2021, 08:17:27 PM

Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Or use a screwdriver, as that's all it takes to take out the drive.
Or use full disk encryption.
Or an industrial shredder. I prefer a more subtle approach to my hardware.
Seriously though: there's no point to destroy any hardware that doesn't hold data.

Apparently your AI is not sophisticated enough to detect the rhetorical construction known as “Metonym”.
Or actually your AI is so advanced that pretends to misunderstand something in order to appear more human.

Or it’s just me, who think a joke is fun, while it is not.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fillippone on November 04, 2021, 08:17:27 PM

Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Or use a screwdriver, as that's all it takes to take out the drive.
Or use full disk encryption.
Or an industrial shredder. I prefer a more subtle approach to my hardware.
Seriously though: there's no point to destroy any hardware that doesn't hold data.

Lotus

jr. member

Activity: 107

Merit: 7

Quote from: fillippone on November 04, 2021, 08:17:27 PM

Dang.
Now you scared me.
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Exactly. Anything glitches, you nuke the entire thing out. Would be bad though if you later discover it was just an OS bug a day later...

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: DaveF on November 04, 2021, 05:20:32 PM

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
-Dave

those little sata 2 port "docking stations" are not so good as what you might think. if there's one constant about them it is people complaining how it f***ed up their hard drives and made them "raw". doesn't matter the brand.

fillippone

legendary

Activity: 2114

Merit: 15144

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: DaveF on November 04, 2021, 05:20:32 PM

Quote from: LoyceV on October 30, 2021, 03:03:12 AM

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
PCs / phones / tablets. We live our life on them now, and even the paranoid people can't remember everything that they may have accidentally stored on one.

-Dave

Dang.
Now you scared me.
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: LoyceV on October 30, 2021, 03:03:12 AM

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
PCs / phones / tablets. We live our life on them now, and even the paranoid people can't remember everything that they may have accidentally stored on one.

-Dave

danuker

newbie

Activity: 18

Merit: 1

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

I see that he hasn't snooped into Chrome at least

It would be trivial to mount a drive without touching the files on it (such as Chrome history). Any Linux live USB offers read-only mount support.

Quote from: Ultegra134 on October 28, 2021, 03:46:11 PM

Yeah, I'll move everything to new wallets just in case, you can never be safe enough. On top of that, if we suppose that he has snooped through my files, he could potentially try to compromise the wallets at a much later date. That way, no accusation can actually be directed to him.

Absolutely. If I were you, I would definitely pay the transaction fee to move the coins to a new wallet.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Ultegra134 on November 03, 2021, 04:17:21 PM

On the other hand, do you know any kind of similar software that is safe to use?

There are open source version of such software, but i wouldn't recommend it unless you bother audit/test it properly. Besides there's saying "Prevention is better than cure". If you haven't done any action, you could start from enabling 2FA on your online account and using stronger password.

Quote from: QuickAccount on November 03, 2021, 05:24:50 PM

or encrypt your computer files when you leave for a long period of time.

It's not practical if you also want to secure your cryptocurrency wallet or browser data, where the file could be scattered on different folder. You could use full disk encryption (such as BitLocker for Windows and LUKS for Linux), but usually you need to enter password/PIN every time you turn on your laptop and recovery process is harder (if the disk is corrupted).

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: Ultegra134 on November 03, 2021, 04:17:21 PM

Quote from: QuickAccount on November 03, 2021, 04:09:32 PM

Quote from: Ultegra134 on November 03, 2021, 03:25:22 PM

Quote from: QuickAccount on November 03, 2021, 02:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.

Interesting, I remember looking it up to find anything suspicious but couldn't, anyway, good detective work. It logs any kind of text input, it often saved my posts here. Anyway, I've now uninstalled it, since I do not need it anymore and due to the suspicion of it being a security hazard.

On the other hand, do you know any kind of similar software that is safe to use?

I couldn't really recommend any monitoring software for your own machine, but I think you'll be safe enough by pressing WIN + L when you get up to lock your screen, or encrypt your computer files when you leave for a long period of time.

Topic: Recovering deleted wallet/files from HDD - page 2. (Read 693 times)