Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(LA Times)   Dude, when it's gone it's never ever truly gone   (latimes.com ) divider line
    More: Obvious, Snapchat, recovery, file names, image file, forensics, target markets  
•       •       •

6269 clicks; posted to Geek » on 11 May 2013 at 8:20 PM (3 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



29 Comments   (+0 »)
View Voting Results: Smartest and Funniest

Archived thread
 
ZAZ [TotalFark]
2013-05-11 07:42:11 PM  
Once it has located the image files, Decipher Forensics then edits the file name in order to restores the images.

Operating systems should offer two variants of the delete function: hide and wipe. Hide means you're done with the file and the OS can have the pathname and disk space back. Wipe means clear the underlying bits.

Like once upon a time if you wanted to be sure your data was on stable storage you could call fsync() and the process would block until the disk driver said "it's all there on the platter." (That was always tricky to implement right with caches and networks, and may or may not work on modern computers.) I wrote software that had to be unusually careful of glitches (medical device), but 99% of the time you don't need to worry about that. Snapchat, because its purpose in life is making things go away, is the 1% program that needs to make sure.
 
2013-05-11 08:23:41 PM  
ZAZ, it doesn't even look like it's deleting them. It's merely renaming them. Because of course if the pics have a different file name then it's gone right. Right?
 
ZAZ [TotalFark]
2013-05-11 08:29:35 PM  
Do the needful

I think the program is calling the right function to delete a file. Delete is implemented internally by writing a zero over the first character of the directory entry (or something like that).
 
2013-05-11 08:30:15 PM  
Just creating a screen capture seems like the simpler solution....
 
2013-05-11 08:30:39 PM  
everything can be retrieved.
everything. It's just a matter of time and money.
 
2013-05-11 08:33:55 PM  

Do the needful: ZAZ, it doesn't even look like it's deleting them. It's merely renaming them. Because of course if the pics have a different file name then it's gone right. Right?


Well, Android file managers do hide filenames with extensions that they don't recognise -- there's a reason this took so long to spot (I suspect you'd need to root and ssh in to get the complete list, I don't know if just mounting the device as a normal USB filesystem would work).

overkl0ked: Just creating a screen capture seems like the simpler solution....


Whole point of that program is to make that difficult -- the image disappears after the time limit or if you take your finger off the screen.  Reaching the buttons for a screen capture that way requires contortions on most phones.
 
2013-05-11 08:35:21 PM  
uncrop.
 
2013-05-11 08:43:40 PM  

ZAZ: Do the needful

I think the program is calling the right function to delete a file. Delete is implemented internally by writing a zero over the first character of the directory entry (or something like that).


So these guys are just using the adb tool in the android sdk I am guessing? Then you are right, this app should be wiping the files.

caira: Do the needful: ZAZ, it doesn't even look like it's deleting them. It's merely renaming them. Because of course if the pics have a different file name then it's gone right. Right?

Well, Android file managers do hide filenames with extensions that they don't recognise -- there's a reason this took so long to spot (I suspect you'd need to root and ssh in to get the complete list, I don't know if just mounting the device as a normal USB filesystem would work).


Gotcha. I know on my android phone, you can't just mount it as a USB filesystem anymore. Like I mentioned above you have to use the sdk and the adb tool to get to the filesystem. I have the android sdk so it wasn't that complicated, but most people don't have the android sdk without a reason. I have an app, but it doesn't read or write files so I never even bothered to look into that.
 
2013-05-11 08:44:17 PM  
I did a factory wipe on my cellphones only to find that photos and other files were still in folders, so I can't imagine that a Snapchat file would ever be permanently gone.
 
2013-05-11 08:51:31 PM  
Usually I complain about articles (usually NYT) that have lengthy lead-ins that explain shiat I already I know, but wtf is snapchat, writer?
 
2013-05-11 08:55:33 PM  

cretinbob: everything can be retrieved.
everything. It's just a matter of time and money.


Rebuttal: take a hard drive. Grind it to dust with an angle grinder. Mix that into thermite, then ignite the thermite.

Retrieve that.
 
2013-05-11 09:05:49 PM  

moothemagiccow: Usually I complain about articles (usually NYT) that have lengthy lead-ins that explain shiat I already I know, but wtf is snapchat, writer?


It's an app that supposedly allows you to send files to another phone running the app, and the file "disappears forever" after a preset time limit (10 seconds, I believe). It's been popular with kids who want to send photos to each other without their parents finding them later. Turns out the files can be recovered after all, but not by the typical user.
 
2013-05-11 09:07:27 PM  

LazarusLong42: cretinbob: everything can be retrieved.
everything. It's just a matter of time and money.

Rebuttal: take a hard drive. Grind it to dust with an angle grinder. Mix that into thermite, then ignite the thermite.

Retrieve that.


It will blend.
 
2013-05-11 09:09:04 PM  
> Once it has located the image files, Decipher Forensics then edits the file name in order to restores the images.
www.polyvore.com

This phone doesn'ts deletes my photos. I really hates it."
 
2013-05-11 09:44:16 PM  
What a recovered snapchat photo might get you

thumbs.newschoolers.com
 
2013-05-11 09:46:00 PM  

LazarusLong42: cretinbob: everything can be retrieved.
everything. It's just a matter of time and money.

Rebuttal: take a hard drive. Grind it to dust with an angle grinder. Mix that into thermite, then ignite the thermite.

Retrieve that.


4.bp.blogspot.com
 
2013-05-11 09:55:16 PM  
Do the needful: ZAZ, it doesn't even look like it's deleting them. It's merely renaming them. Because of course if the pics have a different file name then it's gone right. Right?

I think this is a case of the article writer not understanding computing.

When files are "deleted", they're just marked as available space and, it's been a while since I've dealt with FAT filesystems, but IIRC, they overwrite part of the filenames as part of that process.

Which is why a lot of undelete software has to ask what you want the restored files to be named (because the original filename is either partially or fully whacked).

In essence "rename" the file by putting a new entry in the FAT for it pointing to the existing data. OR, copy the data to a new location using a new filename.

// OTOH, if the reporter is correct, that they're just renaming files, then the person who wrote the app in the first place is a dunce.
 
2013-05-11 10:21:48 PM  

LazarusLong42: cretinbob: everything can be retrieved.
everything. It's just a matter of time and money.

Rebuttal: take a hard drive. Grind it to dust with an angle grinder. Mix that into thermite, then ignite the thermite.

Retrieve that.


Unless you then throw it into a black hole it is technically retrievable
 
2013-05-11 10:53:18 PM  
"specialized forensics software" pfft. I bet you could run a deep scan with Recuva and retrieve it all.
 
2013-05-11 11:01:08 PM  
said it can do this by using specialized forensics software to go into the folders used by the Snapchat app.

Hahaha. Hah. Oh man, I'd love to see this amazing software. It can open folders? Maybe copy AND paste?
 

Arthen:
Unless you then throw it into a black hole it is technically retrievable

Hawking radiation, yo.
It'd be have to be some pretty damn good porn go backwards and restore from that, though.
 
2013-05-11 11:13:24 PM  
I know a lot of 14 year old girls who are going to be embarrassed pretty soon!

/what?
 
2013-05-11 11:23:49 PM  

lordargent: Do the needful: ZAZ, it doesn't even look like it's deleting them. It's merely renaming them. Because of course if the pics have a different file name then it's gone right. Right?

I think this is a case of the article writer not understanding computing.

When files are "deleted", they're just marked as available space and, it's been a while since I've dealt with FAT filesystems, but IIRC, they overwrite part of the filenames as part of that process.

Which is why a lot of undelete software has to ask what you want the restored files to be named (because the original filename is either partially or fully whacked).

In essence "rename" the file by putting a new entry in the FAT for it pointing to the existing data. OR, copy the data to a new location using a new filename.

// OTOH, if the reporter is correct, that they're just renaming files, then the person who wrote the app in the first place is a dunce.


I understand how filesystems work. Had to go back and reread the article a few times. FTA:

 Richard Hickman, a digital forensics examiner with Decipher Forensics, said that within the folders created by the Snapchat app on users' devices, there is one location where all viewed and unviewed images are kept. From the research he has done, those images remain after they are viewed, and as such they can be restored.

Couple that with:
The company, which specializes in retrieving data that has been deleted, said it can do this by using specialized forensics software to go into the folders used by the Snapchat app. Once it has located the image files, Decipher Forensics then edits the file name in order to restores the images.

And I think I misunderstood at first. We are all talking about the same process. They are basically undeleting the files, which as ZAZ covers should have been a wipe. Don't worry kids your weiner pics will magically disappear.
 
2013-05-11 11:32:19 PM  
I guess it's too much to ask for DOD-standard 7-pass secure wiping functionality?
 
2013-05-12 12:12:51 AM  

germ78: I guess it's too much to ask for DOD-standard 7-pass secure wiping functionality?


yes.  yes it is.

/move along citizen.. nothing for YOU to see here
 
2013-05-12 01:06:58 AM  
just mov file.file /dev/null, no?
 
2013-05-12 04:09:48 AM  
Every couple months the media has a story about how deleting files doesn't really get rid of them, and yet people are surprised every time.
 
2013-05-12 02:52:11 PM  

germ78: I guess it's too much to ask for DOD-standard 7-pass secure wiping functionality?


If you're not using a Mac, then yes.
 
2013-05-12 06:40:50 PM  
'After you open a Snapchat image, it disappears'

I stopped reading there; because it's a lie.  The rest of the article is going to be lies too.

You can't put the genie back in the lamp.  If you send me a picture and I am able to view it - there is nothing you can do to control it.  Nothing.  Whatever Snapchat is, it can't work - at least not on any of our current gen operating systems.  Sorry.
 
2013-05-13 05:11:43 AM  

Fark_Guy_Rob: 'After you open a Snapchat image, it disappears'

I stopped reading there; because it's a lie.  The rest of the article is going to be lies too.

You can't put the genie back in the lamp.  If you send me a picture and I am able to view it - there is nothing you can do to control it.  Nothing.  Whatever Snapchat is, it can't work - at least not on any of our current gen operating systems.  Sorry.


I do believe that is the entire point of the article.
 
Displayed 29 of 29 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report