|
cleaning tracks
Gents,
From time to time mediocre users like me, want to brush up on cleaning up your tracks on a filesystem. 1.) if you rm a file, I am pretty sure it just deletes the inode, am I correct? how would one do some deaper cleaining of the drive? How would one restore any files that were wrongfully rmed. 2.) Bash history. I am only aware of .bash_history file, which collects your last commands, which can be cleared via "history -c" command. Now, which other files collect the same information? THANKS! |
Unless your system administrator has specifically set up other logs, or you execute commands that use elevated privilege levels, the .bash_history file is the only place the bash shell will log your commands.
RMing a file only removes the pointer to the block(s) that contained the file. Overwriting the block would be necessary to ensure it is harder to recover the deleted file. |
Just to add to what Matir said incase you want to recover files tha you rm -rf'd I guess you'll need a data recovery tool. There's a really cool tool called testdisk which recovered files from an entire NTFS partition for me once.Installers available for Linux as well...thats where I ran it from .. obviously ;)
Cheers Arvind |
| All times are GMT -5. The time now is 01:41 AM. |