I don't recall specifically what version of *nix was being run on what hardware at that time, but I do remember talking about the fact that things (like virtual memory) were writing to the drives before we even pulled the plug on the machine.

And, at that point in time, introducing more uncertainty into the restoral process wasn't going to help. There was already too much uncertainty everywhere we were looking.

I'll post about that separately...

"Someone had ran RM * on their shared storage, deleting the file system."

Doesn't this command, like any other delete-command, require top privileges (admin/root) that are unavailable in normal situations?

Presumably the people working on the film had the ability to edit the assets, and thus could delete them.

I'm still under the impression that modifying and completely removing are different things, but perhaps it was a sloppy configuration or that they put too much trust in their employees.

Depends on the filesystem. Traditional unix permissions are simply r, w, x.

In traditional Unix you can delete a file if you have write access to the containing directory. The permission bits of the file don't matter.

On all (?) modern Unix variants, you can set the sticky bit on a directory to also require write access to the file.

If you lack write permission on the directory, you can't delete any files in it, but you can still modify them if you have write permission on the files themselves. It's an unusual configuration, but it's possible with standard Unix permissions.

I would assume this would be standard forensics. Might not be tools for their particular file format, but it would be possible to carve the data.

The metadata may be zeroed out, but I'm unaware of standard Unix file systems that will zero out the contents of the files.

Linux filesystems like ext(2|3|4) don't zero the contents of the data blocks, and you can use tools to recover the data.