[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed Jun 8 15:58:41 2005 -->
- <!--x-from-r13: zcjevtug ng fcrrqsnpgbel.arg ([nex Ievtug) -->
- <!--x-message-id: AA464517-AE2B-4E79-A454-[email protected] -->
- <!--x-reference: F9595D8E-3C29-43BF-88AC-[email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: 0F36D940-5B83-4F3E-977F-[email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Drive recovery -->
- <li><em>date</em>: Wed Jun 8 15:58:41 2005</li>
- <li><em>from</em>: mpwright at speedfactory.net (Mark Wright)</li>
- <li><em>in-reply-to</em>: <<a href="msg00354.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00341.html">[email protected]</a>> <<a href="msg00347.html">[email protected]</a>> <<a href="msg00349.html">[email protected]</a>> <<a href="msg00354.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Drive recovery</li>
Mark
On Jun 8, 2005, at 12:02 PM, Michael B. Trausch wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Mark Wright wrote:
>
>>
>> I have seen advertisments that claim to recover any drive but the
>> cost is incredible. Maybe the data security issue is a bit in the
>> paranoid camp. It is better to err on the side of caution but does
>> this "king have no clothes"?
>>
>>
>
> Any one of us can recover data, assuming that we have the time to sit
> and work on it.
>
> Let's take, for example, an FAT16 formatted drive. I say FAT16
> because
> that's the easiest to figure out. Let's assume you screw up and
> replace
> it's boot sector with something else... rendering the filesystem
> useless. But you don't know that's all that you've done. You'd start
> looking at the system, and you'd probably want to use a program if you
> could find one, or write a small one yourself, to look at the disk and
> make a guess.
>
> FAT16 is layed out such that you have the Boot Sector, which is 512
> bytes. FAT relies on data to be present in the boot sector for it
> to be
> able to be read by an operating system or FAT driver, rather.
>
> So the FATs (usually 2) and then the root directory and then the
> data area.
>
> There are different parts of them that you can "scan" for and
> attempt to
> find the filesystem. If you can find the file-system, then you can
> find
> data. And if you can find subdirectories in the root directory,
> you can
> find more file tables and information that will get you to a file.
>
> Can *I* do all of this? Not without a *very* large hunk of dedicated
> time. And only with FAT perhaps. Sometimes it really isn't that
> "easy"
> for someone to recover data, unless they've built the tools to do it.
>
> Then you also have a new tool that Linux provides in the kernel:
> Something called "IDE Taskfile" access, which supposedly goes
> beyond the
> driver and reads the raw disk structure.
>
> Point being that it can be done... perhaps not by everyone, but
> it's not
> that "hard," really. All of the specifications to develop tool
> programs
> to run with are out there, and with the UNIX "treat everything as a
> file" philosophy, it's very easy to write programs in higher-level
> languages that can work with the filesystem if you have root access
> to a
> box, because you can just read the filesystem from the hard disk node.
>
> Later,
> Mike
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - <a rel="nofollow" href="http://enigmail.mozdev.org";>http://enigmail.mozdev.org</a>
>
> iD8DBQFCpxatPXInbkqM7nwRA2RtAJwNl6x4nGeMyxkDqYovjRQAAL/DEQCfTRzm
> AASw2+X8LhhNP8pVSZ/qIOk=
> =tmTf
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00341" href="msg00341.html">[ale] Drive recovery</a></strong>
<ul><li><em>From:</em> mpwright at speedfactory.net (Mark Wright)</li></ul></li>
<li><strong><a name="00347" href="msg00347.html">[ale] Drive recovery</a></strong>
<ul><li><em>From:</em> ale1 at cybertechcafe.net (Nathan J. Underwood)</li></ul></li>
<li><strong><a name="00349" href="msg00349.html">[ale] Drive recovery</a></strong>
<ul><li><em>From:</em> mpwright at speedfactory.net (Mark Wright)</li></ul></li>
<li><strong><a name="00354" href="msg00354.html">[ale] Drive recovery</a></strong>
<ul><li><em>From:</em> fd0man at gmail.com (Michael B. Trausch)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00381.html">[ale] Re: erasing ext3 filesystems securely</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00383.html">[ale] Re: erasing ext3 filesystems securely</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00354.html">[ale] Drive recovery</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00388.html">[ale] Drive recovery</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00382"><strong>Date</strong></a></li>
<li><a href="threads.html#00382"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>