[ale] Drive recovery

Mark Wright mpwright at speedfactory.net
Wed Jun 8 15:58:41 EDT 2005


Thats very interesting Mike.  You may inspire me to take another  
whack at it.  I mounted the disk via firewire on my Powerbook but I  
could connect it to a SUSE 9.2 box and poke at it there.


Mark


On Jun 8, 2005, at 12:02 PM, Michael B. Trausch wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Mark Wright wrote:
>
>>
>> I have seen advertisments that claim to recover any drive but the
>> cost is incredible.  Maybe the data security issue is a bit in the
>> paranoid camp.  It is better to err on the side of caution but does
>> this "king have no clothes"?
>>
>>
>
> Any one of us can recover data, assuming that we have the time to sit
> and work on it.
>
> Let's take, for example, an FAT16 formatted drive.  I say FAT16  
> because
> that's the easiest to figure out.  Let's assume you screw up and  
> replace
> it's boot sector with something else... rendering the filesystem
> useless.  But you don't know that's all that you've done.  You'd start
> looking at the system, and you'd probably want to use a program if you
> could find one, or write a small one yourself, to look at the disk and
> make a guess.
>
> FAT16 is layed out such that you have the Boot Sector, which is 512
> bytes.  FAT relies on data to be present in the boot sector for it  
> to be
> able to be read by an operating system or FAT driver, rather.
>
> So the FATs (usually 2) and then the root directory and then the  
> data area.
>
> There are different parts of them that you can "scan" for and  
> attempt to
> find the filesystem.  If you can find the file-system, then you can  
> find
> data.  And if you can find subdirectories in the root directory,  
> you can
> find more file tables and information that will get you to a file.
>
> Can *I* do all of this?  Not without a *very* large hunk of dedicated
> time.  And only with FAT perhaps.  Sometimes it really isn't that  
> "easy"
> for someone to recover data, unless they've built the tools to do it.
>
> Then you also have a new tool that Linux provides in the kernel:
> Something called "IDE Taskfile" access, which supposedly goes  
> beyond the
> driver and reads the raw disk structure.
>
> Point being that it can be done... perhaps not by everyone, but  
> it's not
> that "hard," really.  All of the specifications to develop tool  
> programs
> to run with are out there, and with the UNIX "treat everything as a
> file" philosophy, it's very easy to write programs in higher-level
> languages that can work with the filesystem if you have root access  
> to a
> box, because you can just read the filesystem from the hard disk node.
>
>     Later,
>     Mike
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCpxatPXInbkqM7nwRA2RtAJwNl6x4nGeMyxkDqYovjRQAAL/DEQCfTRzm
> AASw2+X8LhhNP8pVSZ/qIOk=
> =tmTf
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list