On Tue, Feb 15, 2011 at 4:34 AM, Grigore Dolghin <[email protected]> wrote:
> Sometimes it is. PACK copies the non-deleted records in a new file, then > delete the original file and renames the new one. So technically it's a file > deletion operation, which can be recovered from disk using specialized > tools, such as the ones produced by http://www.ontrackdatarecovery.com/. The local LUG had a great presentation a few years ago by a white hat who was involved in forensics and had entered one of the white hat competitions. They were given a 50 Mb "chunk" in a file, a portion of hard disk image, and used tools to analyze the bit patterns and string together the erased files and partial files that were once there. They had a lot of success. http://blog.tedroche.com/2007/03/19/centralug-notes-from-andy-bairs-digital-forensic-file-carving-presentation/ or http://blog.tedroche.com/?p=2698 Recently, I did something similar with a Linux application designed to aid in recovering photos from a memory card that's become corrupt. I used it on an old hard disk drive pulled from a machine I was trashing. The recovery program works on most devices and file systems and was successful at retrieving a number of files. I now take advantage of encrypted home partitions, to avoid unintentional disclosure of client or personal data. While not perfect, it ups the ante a little bit and eliminates the simplest "scan and recover" techniques. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
