Simple Informations

In the previous post we discussed why deleted files are recoverable from a drive? So lets look at how we can actually remove the file contents from the hard disk which may be needed if you have got confidential data. In any of the present filesystems, the OS doesn’t actually wipe the data contained in a file when it is deleted. But rather the metadata of the file is deleted. In order for a file to be unrecoverable it should be overwritten with some random data. To save processing and other system resources, the OS will simply delete it from corresponding indexes.

Peter Gutmann of Auckland University presented a paper that explained recovering data that has been overwritten by other data on a Magnetic storage media. Theoretically this could mean anybody can recover data aging back to any time from a drive, but practically this is very hard (forget about the any date part). Even recovering data with just a single pass overwrite is difficult.

The number of passes used during an overwrite of a file to render it unrecoverable doesn’t need to be given much importance for normal uses. A 4 pass would be sufficient if you have the time. If your disk fills up easily you may need to use just a single pass and save time.Here a pass means writing the file using pseudo random data in order to render it unusable.

If you have anything confidential on your harddisk, consider deleting it using a file shredder like Window Washer, sdelete, or using a degausser.

All websites on internet has an IP address besides the site name. How does our browser know which IP a site belongs to? The computer will look in a directory called a DNS (Domain Name System) server which has got all the IPs or check the local DNS cache (just like internet history) to find the IP address from a name. But before checking with a DNS server the IP is first checked with you local Host Files.

The cross checking with host file occurs even if you are not connected to the Net. But if you are connected to internet the address is first checked with Host File and then with a DNS server. When you are connected to internet your default setting will let your ISP select the DNS server for you. So the OS goes to the DNS server with a request to resolve the address and return the IP. And when the DNS server returns the IP you are taken to that computer (server).

How can a DNS server protect you from a phishing site? : When you send a request to resolve a Phishers address and the DNS knows it is a phisher, then DNS can prevent you from getting Phished. Thats exactly what the New Open DNS service claims to do. For this you must set your DNS server to be OPEN DNS servers. How to set your DNS to Open DNS servers and Increase browsing speed?

If you have accidentally deleted some files don’t panic follow these steps.
1. Do not read, write or access that Drive.
2. Free File recovery software Use this to recover your file.

How can a permanently deleted file be recovered form any memory device. This is one thing all might be eager to know. The reason is simple. Every file system has got a MFT which has got the location of the files directories etc. Most of the time it includes the starting address, range of address etc and in rare cases MFT can actually hold the data of the file.

Master File Table is an upgraded version of a file allocation table (FAT). Instead of simply being a simple list of file addresses on a hard disc, the MFT contains the attributes of the file or directory itself. This information will include items such as name and address but also security details or permissions. If the file being tagged is small, the file data can actually be stored in the MFT entry, making the access of such data very fast.

So when we permanently delete the file, usually the data of file is not deleted but only the MFT entry is deleted. The space used by the file will be overwritten only when a new file is created or during de-fragmentation, formatting etc. A file recovery software will search for file headers and recover the lost files. If any part of the memory where the deleted file was stored had been over written by another file, you will get a partial recovery.

This overwriting can some times lead to fun. When I once recovered an MPG file the some part of the memory was already used by Windows to write some mp3 files. So when I played the file after recovery I was hearing music from several different songs instead of the Video.

Why does an Operating System not delete the contents of a file from the memory device? The answer is simple - to save time and resources. Normally if each byte of a file is written to an arbitrary value so that the file is unrecoverable the deleting process would take many minutes for a normal video. So to save time the OS will simply delete the entry from the tables and act as if the file never existed.