Not really a vista problem (had the same in xp)



I´m wondering what the "technical" difference is between
delete or moving/copying a big file, since I experience
huge performance times?

If I delete a dvd file (either a imagefile or a folder with vob files)
on lets say 4.3 gb of size.....deleting takes merely few seconds,
but if I need to move/copy it to another harddisk or folder, it takes
alot longer time (several minutes).....
but isn´t deleting just a sort of "moving" a file??? why is there so much
difference in the types of operations with the files??

Best regards

Mike

/amarok/ said:
> Not really a vista problem (had the same in xp)
>
> I´m wondering what the "technical" difference is between
> delete or moving/copying a big file, since I experience
> huge performance times?
>
> If I delete a dvd file (either a image file or a folder with vob files)
> on lets say 4.3 gb of size.....deleting takes merely few seconds,
> but if I need to move/copy it to another harddisk or folder, it takes
> a lot longer time (several minutes).....
> but isn´t deleting just a sort of "moving" a file??? why is there so much
> difference in the types of operations with the files??

As I size it up...
Deleting leaves the file/s, but allows overwriting of the space that
they occupy.
Moving migrates the bits to a different space.

In message %23l9FcirdHHA.208@TK2MSFTNGP05.phx.gbl,
amarok <platinum@mail.dk> Proclaimed from the tallest tower:

> Not really a vista problem (had the same in xp)
>
> I´m wondering what the "technical" difference is between
> delete or moving/copying a big file, since I experience
> huge performance times?
>
> If I delete a dvd file (either a imagefile or a folder with vob files)
> on lets say 4.3 gb of size.....deleting takes merely few seconds,
> but if I need to move/copy it to another harddisk or folder, it takes
> alot longer time (several minutes).....
> but isn´t deleting just a sort of "moving" a file??? why is there so
> much difference in the types of operations with the files??
>
> Best regards
>
> Mike

Deleting a file simply removes that files references so that the space is no
longer allocated to that file and can be reused. As all that is beng changed
is a few bytes representing the physical position of the file on the disc,
this should be fairly quick.

Copying a file creates a new version of that file, so has to physically copy
the whole file to a new(additional) location on the disc. As the whole file
is being copied, this can take some time.

Moving a file to a new location ON THE SAME LOGICAL DISK is usually simply a
case of changing the references to the file so locate it in a new logical
position in the directory structure. This does not normally require the file
to be physically moved just changing the references to it, so should be
quite quick.

Moving a file to a different logical or physical disk or a different
partition requires the file to be physically relocated. In fact it is
basically a copy followed by a delete of the old file. Once again, since the
file is being physically moved, it can be quite time consuming for a very
large file.

--
Regards,
Chris.
(Remove Elvis's shoes to email me)

in addition to what chrisM correctly stated I have to add that
this is the reason why some "undelete" programs exist.

Because the files are not really totally erased, only marked as space
that can be used again. If another file does not get written upon that
space,
you can recover that deleted file!

That's why there are some programs that make sure all the empty spaces
of the drives get written by zeros, so you are sure no deleted files can be
recovered if you want to give your computer to someone else for example.



"ChrisM" <chris_mayersblue@suedeyahoo.com> wrote in message
news:u6COLvrdHHA.1240@TK2MSFTNGP04.phx.gbl...
> In message %23l9FcirdHHA.208@TK2MSFTNGP05.phx.gbl,
> amarok <platinum@mail.dk> Proclaimed from the tallest tower:
>
>> Not really a vista problem (had the same in xp)
>>
>> I´m wondering what the "technical" difference is between
>> delete or moving/copying a big file, since I experience
>> huge performance times?
>>
>> If I delete a dvd file (either a imagefile or a folder with vob files)
>> on lets say 4.3 gb of size.....deleting takes merely few seconds,
>> but if I need to move/copy it to another harddisk or folder, it takes
>> alot longer time (several minutes).....
>> but isn´t deleting just a sort of "moving" a file??? why is there so
>> much difference in the types of operations with the files??
>>
>> Best regards
>>
>> Mike
>
> Deleting a file simply removes that files references so that the space is
> no longer allocated to that file and can be reused. As all that is beng
> changed is a few bytes representing the physical position of the file on
> the disc, this should be fairly quick.
>
> Copying a file creates a new version of that file, so has to physically
> copy the whole file to a new(additional) location on the disc. As the
> whole file is being copied, this can take some time.
>
> Moving a file to a new location ON THE SAME LOGICAL DISK is usually simply
> a case of changing the references to the file so locate it in a new
> logical position in the directory structure. This does not normally
> require the file to be physically moved just changing the references to
> it, so should be quite quick.
>
> Moving a file to a different logical or physical disk or a different
> partition requires the file to be physically relocated. In fact it is
> basically a copy followed by a delete of the old file. Once again, since
> the file is being physically moved, it can be quite time consuming for a
> very large file.
>
> --
> Regards,
> Chris.
> (Remove Elvis's shoes to email me)
>

okay thanks guys :-)

I guess I´m enlightened every time I´m this forum :-)))))

best regards

mike



"kirk jim" <11@11.11> skrev i meddelelsen
news:ujTYV5rdHHA.284@TK2MSFTNGP05.phx.gbl...
> in addition to what chrisM correctly stated I have to add that
> this is the reason why some "undelete" programs exist.
>
> Because the files are not really totally erased, only marked as space
> that can be used again. If another file does not get written upon that
> space,
> you can recover that deleted file!
>
> That's why there are some programs that make sure all the empty spaces
> of the drives get written by zeros, so you are sure no deleted files can
> be recovered if you want to give your computer to someone else for
> example.
>
>
>
> "ChrisM" <chris_mayersblue@suedeyahoo.com> wrote in message
> news:u6COLvrdHHA.1240@TK2MSFTNGP04.phx.gbl...
>> In message %23l9FcirdHHA.208@TK2MSFTNGP05.phx.gbl,
>> amarok <platinum@mail.dk> Proclaimed from the tallest tower:
>>
>>> Not really a vista problem (had the same in xp)
>>>
>>> I´m wondering what the "technical" difference is between
>>> delete or moving/copying a big file, since I experience
>>> huge performance times?
>>>
>>> If I delete a dvd file (either a imagefile or a folder with vob files)
>>> on lets say 4.3 gb of size.....deleting takes merely few seconds,
>>> but if I need to move/copy it to another harddisk or folder, it takes
>>> alot longer time (several minutes).....
>>> but isn´t deleting just a sort of "moving" a file??? why is there so
>>> much difference in the types of operations with the files??
>>>
>>> Best regards
>>>
>>> Mike
>>
>> Deleting a file simply removes that files references so that the space is
>> no longer allocated to that file and can be reused. As all that is beng
>> changed is a few bytes representing the physical position of the file on
>> the disc, this should be fairly quick.
>>
>> Copying a file creates a new version of that file, so has to physically
>> copy the whole file to a new(additional) location on the disc. As the
>> whole file is being copied, this can take some time.
>>
>> Moving a file to a new location ON THE SAME LOGICAL DISK is usually
>> simply a case of changing the references to the file so locate it in a
>> new logical position in the directory structure. This does not normally
>> require the file to be physically moved just changing the references to
>> it, so should be quite quick.
>>
>> Moving a file to a different logical or physical disk or a different
>> partition requires the file to be physically relocated. In fact it is
>> basically a copy followed by a delete of the old file. Once again, since
>> the file is being physically moved, it can be quite time consuming for a
>> very large file.
>>
>> --
>> Regards,
>> Chris.
>> (Remove Elvis's shoes to email me)
>>
>
>

In fact, even if the data has been overwritten with zeroes, I believe that
using some advanced data recovery techniques, it is still sometimes possible
to retrieve the original data.
The erase programs used by some high security applications (military, MI6,
top secret commercial data etc) actually overwrite the data many times so
that the original information is totally obliterated...

:-)

ChrisM

In message ujTYV5rdHHA.284@TK2MSFTNGP05.phx.gbl,
kirk jim <11@11.11> Proclaimed from the tallest tower:

> in addition to what chrisM correctly stated I have to add that
> this is the reason why some "undelete" programs exist.
>
> Because the files are not really totally erased, only marked as space
> that can be used again. If another file does not get written upon that
> space,
> you can recover that deleted file!
>
> That's why there are some programs that make sure all the empty spaces
> of the drives get written by zeros, so you are sure no deleted files
> can be recovered if you want to give your computer to someone else
> for example.
>
>
> "ChrisM" <chris_mayersblue@suedeyahoo.com> wrote in message
> news:u6COLvrdHHA.1240@TK2MSFTNGP04.phx.gbl...
>> In message %23l9FcirdHHA.208@TK2MSFTNGP05.phx.gbl,
>> amarok <platinum@mail.dk> Proclaimed from the tallest tower:
>>
>>> Not really a vista problem (had the same in xp)
>>>
>>> I´m wondering what the "technical" difference is between
>>> delete or moving/copying a big file, since I experience
>>> huge performance times?
>>>
>>> If I delete a dvd file (either a imagefile or a folder with vob
>>> files) on lets say 4.3 gb of size.....deleting takes merely few
>>> seconds, but if I need to move/copy it to another harddisk or folder, it
>>> takes alot longer time (several minutes).....
>>> but isn´t deleting just a sort of "moving" a file??? why is there
>>> so much difference in the types of operations with the files??
>>>
>>> Best regards
>>>
>>> Mike
>>
>> Deleting a file simply removes that files references so that the
>> space is no longer allocated to that file and can be reused. As all
>> that is beng changed is a few bytes representing the physical
>> position of the file on the disc, this should be fairly quick.
>>
>> Copying a file creates a new version of that file, so has to
>> physically copy the whole file to a new(additional) location on the
>> disc. As the whole file is being copied, this can take some time.
>>
>> Moving a file to a new location ON THE SAME LOGICAL DISK is usually
>> simply a case of changing the references to the file so locate it in
>> a new logical position in the directory structure. This does not
>> normally require the file to be physically moved just changing the
>> references to it, so should be quite quick.
>>
>> Moving a file to a different logical or physical disk or a different
>> partition requires the file to be physically relocated. In fact it is
>> basically a copy followed by a delete of the old file. Once again,
>> since the file is being physically moved, it can be quite time
>> consuming for a very large file.
>>
>> --
>> Regards,
>> Chris.
>> (Remove Elvis's shoes to email me)



--
Regards,
Chris.
(Remove Elvis's shoes to email me)

ChrisM wrote:
> In fact, even if the data has been overwritten with zeroes, I believe that
> using some advanced data recovery techniques, it is still sometimes possible
> to retrieve the original data.
> The erase programs used by some high security applications (military, MI6,
> top secret commercial data etc) actually overwrite the data many times so
> that the original information is totally obliterated...

Modern hard drives and techniques mean that such programs are obsolete.
The only way to be sure of destroying the data is to destroy the drive.

Alun Harford

On Wed, 4 Apr 2007 15:53:43 +0100, "ChrisM"
<chris_mayersblue@suedeyahoo.com> wrote:

>In fact, even if the data has been overwritten with zeroes, I believe that
>using some advanced data recovery techniques, it is still sometimes possible
>to retrieve the original data.
>The erase programs used by some high security applications (military, MI6,
>top secret commercial data etc) actually overwrite the data many times so
>that the original information is totally obliterated...

Again, that depends. That too can be BS. The king of forensic
software, a nifty application called ENCASE (for evidence case) can
recover nearly anything... no matter what you do, short of taking a
really powerful magnet to your hard drive or bashing it into a pieces
with a sledge hammer. Years back, before 9/11 anybody could buy a copy
of ENCASE, not anymore, now it is only sold (legally) to law
enforcement agencies.

In message 97i7135neev0um99eljtosdcq04ktl60pb@4ax.com,
Adam Albright <AA@ABC.net> Proclaimed from the tallest tower:

> On Wed, 4 Apr 2007 15:53:43 +0100, "ChrisM"
> <chris_mayersblue@suedeyahoo.com> wrote:
>
>> In fact, even if the data has been overwritten with zeroes, I
>> believe that using some advanced data recovery techniques, it is
>> still sometimes possible to retrieve the original data.
>> The erase programs used by some high security applications
>> (military, MI6, top secret commercial data etc) actually overwrite
>> the data many times so that the original information is totally
>> obliterated...
>
> Again, that depends. That too can be BS. The king of forensic
> software, a nifty application called ENCASE (for evidence case) can
> recover nearly anything... no matter what you do, short of taking a
> really powerful magnet to your hard drive or bashing it into a pieces
> with a sledge hammer. Years back, before 9/11 anybody could buy a copy
> of ENCASE, not anymore, now it is only sold (legally) to law
> enforcement agencies.

Does this ENCASE work on the HDD as is, or do you have to take things to
bits to do this sort of data recovery?
Surely the drive firmware(? or whatever it's called) will simply return that
most recent bit values written to the disk??
How do you get it to look at what 'used' to be there?? I've never really
understood the practicalities of data recovery at this level, only that it
could, somehow, be done...
--
Regards,
Chris.
(Remove Elvis's shoes to email me)

On Wed, 4 Apr 2007 17:29:40 +0100, "ChrisM"
<chris_mayersblue@suedeyahoo.com> wrote:

>In message 97i7135neev0um99eljtosdcq04ktl60pb@4ax.com,
>Adam Albright <AA@ABC.net> Proclaimed from the tallest tower:
>
>> On Wed, 4 Apr 2007 15:53:43 +0100, "ChrisM"
>> <chris_mayersblue@suedeyahoo.com> wrote:
>>
>>> In fact, even if the data has been overwritten with zeroes, I
>>> believe that using some advanced data recovery techniques, it is
>>> still sometimes possible to retrieve the original data.
>>> The erase programs used by some high security applications
>>> (military, MI6, top secret commercial data etc) actually overwrite
>>> the data many times so that the original information is totally
>>> obliterated...
>>
>> Again, that depends. That too can be BS. The king of forensic
>> software, a nifty application called ENCASE (for evidence case) can
>> recover nearly anything... no matter what you do, short of taking a
>> really powerful magnet to your hard drive or bashing it into a pieces
>> with a sledge hammer. Years back, before 9/11 anybody could buy a copy
>> of ENCASE, not anymore, now it is only sold (legally) to law
>> enforcement agencies.
>
>Does this ENCASE work on the HDD as is, or do you have to take things to
>bits to do this sort of data recovery?
>Surely the drive firmware(? or whatever it's called) will simply return that
>most recent bit values written to the disk??
>How do you get it to look at what 'used' to be there?? I've never really
>understood the practicalities of data recovery at this level, only that it
>could, somehow, be done...

I haven't seen the latest versions since I'm not in law enforcement.
The older versions of ENCASE would totally bypass the OS and just read
any drive sector by sector. Since the main purpose of ENCASE is to
build a air tight case against criminals, it reads a hard drive sector
by sector, bit by bit which gets copied to the trained investigator's
linked computer so they can prove they didn't tamper with the actual
contents and "plant" evidence. The build-in viewers that are a main
part of ENCASE are impressive in what they can dig up and transform
back into human readable form.

The first time I saw all it could dig out I was rather impressed. Even
written over files with so-called wipe utilites, ENCASE still often
found enough of the file and put it back together so you knew what it
was. Probably even better now since 9/11, an amazingly clever bit of
software, if the government don't abuse it. I think it costs about
$1495 now.

Do a Google on 'file slack' and security to learn more on how some of
what ENCASE does works.

In short, file slack is a fruitful and interesting environment to
snoop in. Defined, this is the total number of bytes written to a hard
drive's sectors between the actual end of "real" file data and the
virtual end the cluster used. For example when you write a 600 byte
file, all versions of Windows need to fill out the cluster, who's
common sizes are 512, 1024, 2048 bytes respectively.

File slack can be literally made up on anything, scraps of your files,
something that was in a memory page, just garbage, anything. Worse,
since Windows is a natural blabber mouth it journalizes just about
everything you do and remembers. Applications like ENCASE know where
to look.

Hint: Just because you "delete" a file, even overwrite it, doesn't
meant that was the only time either all or part of that deleted or
overwritten file was ever in a memory buffer in it's prestine pre wipe
form and may have, and often will be used as file slack. If any bit of
any file remains on a hard drive if the hard drive can be read sector
by sector, even if you reformat, delete a partition, wipe files,
whatever you think you do as security measure some applications can
bring back the dead, often very easily. ;-)