[brlug-general] forensics question: retrieving deleted data
John Hebert
johnahebert at yahoo.com
Sun May 21 02:16:31 CDT 2006
Howdy,
I'd like to learn more about computer forensics. I've
read a little bit on it via Google, etc, but I'd like
to learn more.
I know from personal experience that the best way to
learn something (for me, at least. YMMV) is to create
a project with an achievable short-term goal. So, I'd
like to learn how to retrieve deleted data from a hard
drive that's had its partition table wiped.
Questions:
1) Does the Microsoft Windows 'format' command simply
wipe out the partition table? Or does it do more than
that? What exactly?
2) I believe that the Microsoft Windows 'delete'
command simply removes a file's listing in the FAT. Is
this correct? If not, what does happen?
3) How would one go about rebuilding a FAT32
partition? Are there open source apps that will do
that?
4) Is the FAT required in order to retrieve an entire
file? I think so, but I'm not sure.
Sorry if my questions don't make sense. Sleepy. :)
Thanks,
John
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the General
mailing list