Reverse Defrag

[MasterCommand2000]

I was noticing how there are many ways to defrag a hard drive today but not one way to fragment it. Basically like taking the windows defrag program and kicking it into reverse. I know there has to be a way to do it to use to slow down a systems proformance mainly just for fun or as a prank. Imagine someone going to anaylise a hard drive and see nothing but red fragmentation lol. I was wondering if there was a way to not use the systems ram so everything would get dumped over to the hard drive which yes would thrash it a bit but would be a solution. The other is just to mod the defrag program itself and change it to make your hard drive look like the files were thrown into a blender and set on liquify.

[airman_dopey]

Seeing as this would be used for strictly malicious purposes expect a warning at the very least from the mods. This is a security integrity community, not a group of petty vandals.

[digip]

I was noticing how there are many ways to defrag a hard drive today but not one way to fragment it. Basically like taking the windows defrag program and kicking it into reverse. I know there has to be a way to do it to use to slow down a systems proformance mainly just for fun or as a prank. Imagine someone going to anaylise a hard drive and see nothing but red fragmentation lol. I was wondering if there was a way to not use the systems ram so everything would get dumped over to the hard drive which yes would thrash it a bit but would be a solution. The other is just to mod the defrag program itself and change it to make your hard drive look like the files were thrown into a blender and set on liquify.

Take you long to contemplate this idea, or you just not that creative?

Even as something malicious this seems hardly even effective. Loading a live disk and just formatting the system or just dd if=/dev/urandom of=/dev/sda bs=1M seems a more effective means of destruction than wasting time with a HDD "fragmentation" tool.

[Jason Cooper]

The tool you are looking for is called Windows (best disk fragmentor I have found)

[ApacheTech Consultancy]

I think the main use for a Reverse Defrag program would be to "subtly" obfuscate recently deleted files. Shredding and zero-byting leave tell tale signs, but a reverse defrag would make it seem as if it was just ware and tear on the drive rather than purposeful deletion of data. From a white-hat perspective, such a tool could be used to observe rapid fragmentation of drives, seeing what data is overwritten, where and how over a matter of hours rather than months. The process would have to create and delete random size files though, rather than writing random bits to random sectors if the aim is to replicate real world conditions. It could lead to a better understanding of real-world vs. pseudo-random defragmentation, shredding and zero-byting. Could you use something like scalpel once a drive is re-fragmented?

The other way such a program could be used is as an educational tool for rapid configuration of test-cases in sys-admin simulation exercises. It would be a more realistic setting than just coming across yet another randomly allocated bit array on a drive to simulate performance loss through fragmentation. Also, as a benchmarking tool for defragmentation applications, S.M.A.R.T and partitioning software.

It does have its uses.

Edited March 13, 2013 by ApacheTech Consultancy

[digip]

Data carving with tools like scalpel should still work since its designed to find files anyway, even if someone tried obfuscating them. Int0x80 did a segment I believe on file recovery and ways to find hidden files. Not sure from a sysadmin perspective of "educational" purposes other than if you wanted to teach people forensics and file recovery, if you did random byte overwriting, then I can see that more for a forensics class than a sysadmin. Most sysadmins aren't going to be worried about deleted or missing files unless they catch on that something is afoul, they would be more concerned with data redundancy and uptime, and in the event something went wrong, most likely restore data from backups than waste time trying to do data recovery. If they found that it was consistently an issue, they'd most likely replace the drive. After that point they might investigate further if they are a paranoid admin or discover the same thing over and over, but would probably end up turning it over to the security department or someone in forensics anyway.

Sysadmin jobs are usually spent making sure uptime and high availability is attended to more so than searching for anomalies of data loss, but I do see your point from an educational standpoint for a forensics and security class, would probably be more suited for that than someone doing normal domain admin stuff.

Edited March 13, 2013 by digip

[ApacheTech Consultancy]

True, if a drive is that fragmented that its affecting performance, you'd just re-image it and think nothing else of it. If a pattern formed, you'd keep an eye on the terminals use on a day to day basis (its probably next to a radiator or in line to catch the sun through the windows in the afternoon or something) rather than attempt any form of forensic tests on it.

I was thinking more though of the "helpdesk" side of things. When I was at college before uni, we had to do RP exercise where we got called out to a client's station that had something wrong with it; identify, fix and explain the problem to the non-techy client. We found the trouble with the random bit arrays was that it didn't take long enough in real world terms to correct. We ended up using naturally fragmented drives. This is only one very specific case I'll grant, but I'm sure there are similar scenarios in industry where such a tool could be used to some effect.