Title: data recovery
Description: like in forensics
ih8censorship - December 10, 2004 01:35 AM (GMT)
ive been watching these shows called "forensic files" on the channel "court tv" , and i knoticed that in some criminal cases they use information that was deleted off of a suspects computer against them in court. so ive been kind of getting a little interested in the technical aspects of data recovery and i did some searching around and all i can find is programs that do it and people that do it (for money) but very very little information on accessing that type of data. about all i found was this site :
http://www.electronicevidenceretrieval.com...ta_recovery.htmanyone know anything about accessing that type of data?
TheHawgMaster - December 10, 2004 02:13 AM (GMT)
I suppose a complete dump of a raw hard drive read would do the job :)
Nintendofreak88 - December 10, 2004 03:54 AM (GMT)
Well, I don't know of any programs to recover data, but I know of one called File Shreader (Google it) that fills the file's place on the hard disk with 0's, so it's truely deleted. :P
C-Man - December 10, 2004 10:06 AM (GMT)
Well one way on a FAT file system or probably some others
when you delete the file only the name gets invalidated (way FAT does it
it places a 0xE0 i think as first char of a file name ) and the space is reclamed
and if it wasn't cleanly formated (0'ing all the contents as it takes alot of time )
not quick formated ( as that only overwrites the allocation table sand teh boot sector )
or something is written on top the files don't get actualy deleted
by direct disk access you could find and recover sutch files
Tough i heard miths that it's possible to recover files even if it was overwriten
and formated several times ( don't know how :mellow: ) and only real
way to get rid of data is destroy the harddrive completely (burn it ,
destroy the disks and sutch)
heck i even seen pro's recover data from shreaded flopies :D
MonkeyMan - December 10, 2004 06:45 PM (GMT)
I'v heard of this. Being able to get the data from where it used to be. Thats pritty cool actually, and scary at the same time. Good thing right now I don't got anything to hide...like I said... for now. :lol:
ih8censorship - December 11, 2004 12:29 AM (GMT)
well how would one go about something like a complete hard drive dump programaticaly? or writing those values directly onto the hard drive? i guess i just have no clue about data access like that......
TheHawgMaster - December 11, 2004 09:01 AM (GMT)
I think it's refered to as a raw harddrive read under windows as I said above. I don't think it's so hard to do...
C-Man - December 11, 2004 11:08 AM (GMT)
You can only do raw HD IO under WinNT and with restrictions as windows
*protects* it from boot sector viruses
but you could easily do raw disk io under DOS with no problem at all ;)
just need to make a custom boot disk and do some DOS magic :P
If your interested about it we could discus it in more detail on #c++
When DOS near ! have no fear ! C-Man is here ! (wow that was lame :lol: )
fragspaz - December 17, 2004 04:22 AM (GMT)
would that include my internet history :( :unsure:
C-Man - December 17, 2004 11:32 AM (GMT)
if noone overwriten it then yes ;p
