From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qQ8MszbIFnT9 for <dm-crypt@saout.de>;
 Wed, 15 Jan 2014 20:36:57 +0100 (CET)
Received: from mail-ea0-x230.google.com (mail-ea0-x230.google.com
 [IPv6:2a00:1450:4013:c01::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 15 Jan 2014 20:36:57 +0100 (CET)
Received: by mail-ea0-f176.google.com with SMTP id h14so695528eaj.7
 for <dm-crypt@saout.de>; Wed, 15 Jan 2014 11:36:56 -0800 (PST)
Message-ID: <52D6E355.7080008@gmail.com>
Date: Wed, 15 Jan 2014 20:36:53 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <ED2C3830-3668-4225-B84A-AAAA0F0873F6@offensive-security.com>
 <CAFnMBaQHCp+EnstW6t7OgwdWzXEx9rtY04nzyh8tVmyD31yc1g@mail.gmail.com>
 <638F1A81-8F17-4E18-8993-7F848EA84F08@offensive-security.com>
 <CAFnMBaSzv+W39qkvc5RRJpd+h1AHYL6Sr2MtNpw4yw63potd9w@mail.gmail.com>
 <20140114043601.GB15870@tansi.org>
 <CAFnMBaTL0By2Z8QUJRG1Qhv6SgukqSsOsVyFqO3Sqqwf2BLe6g@mail.gmail.com>
 <20140114071159.GD18564@tansi.org>
 <CAFnMBaTnugEuOSt9Fwi-SZCye2g4Pa5_5=dt9WkuWcV7=4w9yw@mail.gmail.com>
 <20140114143403.GA22711@tansi.org>
 <CAFnMBaSDQZbBaYuO9q0cXROoDjNXgjdEwnB-DhpMujUB1=ys5A@mail.gmail.com>
In-Reply-To: <CAFnMBaSDQZbBaYuO9q0cXROoDjNXgjdEwnB-DhpMujUB1=ys5A@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] nuke password to delete luks header
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: ".. ink .." <mhogomchungu@gmail.com>, "dm-crypt@saout.de" <dm-crypt@saout.de>

On 01/14/2014 08:22 PM, .. ink .. wrote:
>  
> 
>     While I have not looked at it for some time, the last time I looked,
>     FAT did a create-at-end Strategy. This way the data "wanders" over
>     the partition towrds the end. ext2/3/4 will create files all over
>     the disk in the first place.
> 
> 
> My own tests have shown that with fat fs,files are not added randomly
> all over the disk and are added sequentially.Meaning,if the volume is
> used normally without exceeding a certain amount of disk space,the
> rest of the disk will remain untouched.

The whole hidden disk idea in TrueCrypt is based on this assumption,
and it works.

>From "Filesystem Forensic Analysis" by Brian Carrier
(ISBN 978-0-321-26817-4), page 224, FAT allocation algorithms:

"The OS gets to choose which allocation algorithm it uses when it allocates
the clusters. I tested Windows98 and XP, and it appeared that a next available
algorithm was being used in both. The next available algorithm searches for
the first available cluster starting from the previously allocated cluster."

I think this will be very similar for other FAT implementations.

Milan