When impossible is not an answer

Posted on March 17, 2008 by 曹 tsao

Recovering deleted files in the ext3fs is a very hard task. It happens because the journal overwrites the block pointers in the inodes with zeroes.

Carlo Wood knew it, but he didn’t surrender when he deleted accidentally his home directory. He studied how ext3fs works, then he wrote a tool, ext3grep, that helped him to recover sucessfully all the lost data. I had no time to analyze and test it but it seems it performs a jorunal-based attack.

Via LWN.net

This entry was posted in Free Software, Sec, crypto, forensics and priv. Bookmark the permalink.

One Response to When impossible is not an answer

  1. peer says:
    March 19, 2008 at 11:50

    I’ve glance at the article, it seems so good explained. I’m not sure about how important can be a document to deserve such as time, but if you want to understand how ext3 works, read it!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>