Truncating an output file and overwriting its previous content
Hi.
I'm reading a book about Linux command line and came across the following section on dd utility: Quote:
Regards. |
Quote:
When an inode is deleted, there is a "deleted" flag set to indicate the file has been deleted, the data blocks ARE deallocated, but the inode will at a minimum retain a few pointers until it is reused. This does allow some "undelete" utilities to work, but reuse of the data pointers will leave the file corrupted... and the larger the time between deletion and "undeletion" the more likely the data will be corrupted. Large files are more subject to corruption as they have more metadata (multiple blocks of pointers to data) that can be reused - and prevent data blocks from being found, even if they haven't been reused yet. There is also the issue of flash that might be used. In this case, you never really know because the device does write leveling to spread out the use of the storage. This "leveling" always writes to a unallocated block, even in the case of overwriting (it copies the block being written into memory, then does update, followed by a write to a new block). |
All times are GMT -5. The time now is 02:28 AM. |