Unlinked files

A colleague and I have been discussing forensics on Linux recently which has led to me exploring the contents of my /proc directory. Wow what a wealth of information there is in there. He just shot me a link to a post about unlinked files, something I'd heard of (and experienced) before, but had never looked into with any kind of depth. Very interesting stuff. I have a lot to learn about /proc

http://sansforensics.wordpress.com/2009/01/27/recovering-open-but-unlinked-file-data/