The technology behind the products -
Let us check it out w.r.t the FAT32 file system. The FAT file system is so called because of a 'File Allocation Table', 2 copies of which are stored on the HDD immediately after the MBR and the Boot Record. Theoritically speaking, files are stored as clusters on a HDD (where a cluster is, a group of sectors). The different clusters of a file need not neccessarily be contiguous. The FAT table contains 32 bit entries, each entry corresponding to a cluster on the HDD. NOTE - Of the 32 bits in a FAT32 table entry, only 28 are used at present. This entry size of 28 also acts as a limiter for the maximum no. of clusters possible on a HDD (which will be 2 to the power 28). When a command to read a file is given, the OS locates its first cluster from the file's directory entry. It then checks the FAT table entry corresponding to that cluster. That entry carries the number of the next cluster of the file...so on and so forth. Some entries in the FAT table, might carry special code to indicate that -
(1) The cluster is free.
(2) The cluster contains one or more sectors which are bad and hence, the cluster should not be used.
(3) The cluster is the final cluster of the file.
So, what actually happens when you 'delete' a file?
The entries in the FAT table are replaced with special blank entries to indicate that the particular cluster is free for use. The actual clusters which contained the file data would still be there, until they get over-written by the clusters of another file.
What happens when you 'format' a drive?
The FAT table is written afresh on the HDD. NOTE - Once again, formatting a drive does NOT over-write the actual clusters that carried the file data.
This is the idea exploited by the file recovery programs. If they can locate the actual clusters of a file BEFORE they get over-written by another file's data... the old file can be recovered. This can be done in several ways, for example, by restoring the FAT table from its backup copy. NOTE - You will remarkably increase ur chances of recovering a deleted file, if u refrain from any disk activity after the file was mistakenly deleted (like disk defragmentation, new file creation, moving files around). In fact, most of the file recovery programs, work from CDs / floppy disks so as to prevent the possibility of their setup files over-writing the files that u deleted from the hard drive.
The PERMANENTLY erasing programs, on the contrary, work by over-writing the concerned file's clusters with a random sequence of 0s and 1s to permanetly erase the prev. file's clusters. They might also carry out several passes of this process to ensure that the files are indeed deleted permanently.
The FAT table is known as 'Master File Table' (MFT) in case of NTFS file system.
A freeware to PERMANENTLY erase data -
Sure Delete - http://www.pcworld.com/downloads/file_description/0,fid,22393,00.asp
A freeware to recover deleted data -
PC Inspector File Recovery -
http://www.pcinspector.de/download.asp?language=1#file_recovery
Restoration - http://www.geocities.jp/br_kato/
Reference URLs -
http://aumha.org/a/recover.php
http://en.wikipedia.org/wiki/File_Allocation_Table
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment