Stuart McLachlan
stuart at lexacorp.com.pg
Thu Jul 31 17:43:58 CDT 2003
On 31 Jul 2003 at 15:35, Drew Wutka wrote: > The first is the actual physical > data, which is stored in the major portion of the drive, the second is the > 'header' or table of contents, where the information about the file is > stored. This header stores all sorts of information. Information you may > use would be the file size, the name, the path it's in, the various > properties such as read only, archive, etc. However, the header also > stores the 'sectors' where the file is stored on the disk. > You are talking about two different things here as your "header". The File allocation Table which stores the "clusters" where the file is stored on disk is the "Header". The various directory entries stores the other info including the address of the first cluster used. These are stored all over the disk in FAT32. In FAT16 , the root directory is stored straight after the File Allocation Table all other directory entry will be scattered over the disk. (The fixed size and location of the Root directory entry is the cause of the limit in the number of files that can be stored in the root directory of a Fat16 disk) Note it's not "sectors", it's clusters. A sector is the drives smallest storage unit. The number of sectors on a disk is the factor of th physical structure of the disk and is independent of the way the disk is formatted It is the smallest unit that can be read/written to. A sector is always 512Bytes in size A cluster is a group of sectors which the OS treats as a single unit. That is the smallest unit that the OS will use for storage. (Low level disk read/write programs and recovery utilities can work with individual sectors) > those 'segments' are semi large. Fat16 is 8k,Fat32 is 4KB Fat16 is 512B - 64KB depending on disk size Fat32 is 512B - 16KB dpending on disk size 257MB - 8GB are 4KB, 8 - 16MB is 8KB 16 - 32MB is 16KB >not sure what NTFS is, but I think it's 4k also. It's user defineable (up to 64KB) , but the defaults are: Up to 512MB- 512B 513-1024MB - 1KB 1025-2046MB - 2KB 2GB - 2TB - 4KB > > Next, when you delete a file, from your computer, it doesn't physically > write over the data. It simply flags the TOC entry as being deleted. In > FAT systems, it just removes the first character in the file name (making it > null), which prevents the file from showing up. No it doesn't make it a NULL (actually, the term Null is meaningless when you talk about bytes), it makes it &HE5 . It also changes the entry in the File Allocation Table for the first cluster used by the file and makes it a 0 to show that the cluster is available to be written to. > There are several utilities > out there that can 'undelete' a FAT file, by putting the character back into > place. This of course is dependant upon the individual segments that the > file used. They all need to have been left alone, or you risk retrieving a > corrupted file, if some of the segments have been 'reused'. > > In NTFS systems, there are also recover utilities. I personally have one > called Restore 2000 Pro. Great utility. It doesn't do the 'first > character' thing, it just shows you want used to be on the drive(full names > intact). If it can recover it, it does. > That's because NTFS doesn't change the first character when it flags a file as deleted, it uses a flag in the file header information .... snip.... > > Now, if you are just trying to prevent the average techie from retrieving > the data (special hardware aside), then I would recommend the fill the drive > with junk method. Formatting only removes the TOC of the disk. It does not > write over every segment. Writing over every segment is called a low level > format, and unless you know EXACTLY what you are doing with that process, I > recommend you stay away from it....because the wrong settings can cause the > drive to be unusable. > No writing over every sector has nothing to do with a "low level format" A low level format actually creates the tracks and sectors on the disk. There are a number of utilities which will overwrite every sector (multiple times if you wish) and do a VERY good job of making the data unrecoverable. Take a look at http://www.thefreecountry.com/security/securedelete.shtml -- Lexacorp Ltd http://www.lexacorp.com.pg Information Technology Consultancy, Software Development,System Support.