Spelunking the places where files are not
jfoust at threedee.com
Sat Mar 6 19:55:31 CST 2021
At 07:20 PM 3/6/2021, Chuck Guzis via cctalk wrote:
>The data forensics folks are at least 20 years ahead of you, John!
>They're interested in *everything* on disk, active or not.
Yes, I've looked at some of the high-end tools and once wondered about
a career in data forensics. I've had a few consulting clients push
me in this direction, asking the question "what exactly was this
employee really doing?" short of a criminal investigation.
For purposes of this thread, of course, I was thinking about all
the old file systems. I imagine the expensive packages don't handle,
say, UCSD Pascal or RT-11 or Amiga disk file systems, right?
But I bet they handle FAT and NTFS and Mac and Unix/Linux.
One feature from the big-boy software that would be nice to
carry down to the old stuff would be lists of known OS files
so they could be subtracted from disks (thereby leaving the
>More than 30 years ago, I posted a utility for MSDOS floppies called
And I guess I hadn't thought of that case where the file system
named the number of bytes in the file and that the unused ends
of blocks could also contain stuff, too. Is there a name for those bytes?
> It was very revealing what could be found on manufacturers'
>To be fair, I also wrote a companion utility to clean the stuff
>out called PRUNE.
And Microsoft is still handing out a zeroing tool, useful in several
situations including thinning virtualized drives.
More information about the cctech