Date: Thu, 14 Feb 2002 21:34:17 +0100 (CET) From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de> To: Erik Trulsson <ertr1013@student.uu.se>, Lord Raiden <raiden23@netzero.net> Cc: freebsd-questions@freebsd.org Subject: Re: undeleting files Message-ID: <20020214203417.19669.qmail@web13301.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
> > Ok, I know that it's supposed to be impossible to undelete files in > > unix or freebsd, but my question is how this is possible? How does > > unix/freebsd delete files in such a way that they are unrecoverable? Just > > my curious side getting the better of me again. > > > > It is not impossible in general, merely difficult. > > There are basically two problems with undeleting files: > The first is that the space that was used by a deleted file is quite > likely to reused when some new file is created thereby making it impossible > to recover the old file. > The second problem is that there are not really any good tools for > undeleting files, meaning that you have to use a disk editor to change > the filesystem by hand. Not recommended for the faint of heart. > > To make it totally impossible to recover old files the system would > have to zero-fill the blocks on the disk that was used by a file when > the file is removed from the system. This is currently not done, > presumably for performance reasons. > > (That still would not make it quite impossible to recover old data. > It is possible to recover data from a disk even if it has been > overwritten several times. Doing so is difficult and requires > special, expensive equipment but it can be done.) > Hi, please take a look at http://www.porcupine.org/forensics/column.html Wietse Venema and Dan Farmer worked out how you can undelete files under *NIX. The two documents about this topic you can found under: http://www.ddj.com/articles/2000/0012/0012h/0012h.htm http://www.ddj.com/articles/2001/0101/0101h/0101h.htm They developed a tool called "lazarus" - but I don't know if it can be used with FreeBSD as production tool (I took the last look at it 4 years ago when I still used SuSe Linux). Hope that helps Marc __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Ihre E-Mail noch individueller? - http://domains.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214203417.19669.qmail>