- TestDisk
http://www.cgsecurity.org/wiki/TestDisk
- ddrescue is frequently recommended for hard drive cloning, as it is a powerful, free data recovery utility and included by default in many Linux distributions
it is an effective option for restoring low-priority data from a failing hard disk.
ddrescue should not be used on hard drives that make excessive sounds or that show any other signs of permanent damage
Before starting this process, you will need a copy of ddrescue (preferably on a CD or DVD), a fully functional hard drive, and the damaged drive.
To image from disk to disk:
root# ddrescue -f -n /dev/[baddrive] /dev/[gooddrive] /root/recovery.log
To image from disk to image file:
root# ddrescue -f -n /dev/[baddrive] /root/[imagefilename].img /root/recovery.log
https://datarecovery.com/rd/how-to-clone-hard-disks-with-ddrescue/
- a system rescue disk for Linux that can be used as a bootable USB stick or CD.
- Data recovery techniques are used to recover information that has been deleted or compromised
When data is removed from a system it is either deleted or overwritten.
Just because a file is deleted that does not mean the data is gone.
The Operating System simply removes the pointer from the file, but the data is still there
Data is recorded onto magnetic media by using ones and zeroes.
When the data is overwritten, the disk will only detect the new data leaving only remnants of the old data
The time to read the remnants would be very time consuming and all the old data would not be read correctly.
This would cause a very problematic and impossible puzzle to solve
Techniques
Perform a forensic analysis of the computer
Search for one file or a single file type
Attack encryption methods
Restore disk using an existing image
Examine data in RAM
Examine disk at the cluster or sector level
Analyze data using hex editor
Create hash of entire disk,Export for use in another tool
Types of Damage
Physical Damage
Logical Damage
Logical damage is primarily caused by power outages that does not allow the file to be completely written to the storage device.
Some Results are:
File is left in an inconsistent state
DATA totally lost
Cause the system to crash
Strange behavior
Partial storage
Methods exist than can make data recovery very difficult or impossible.
These methods should be used to secure financial information, medical records, or classified data
Techniques to Prevent Recovery
Write over deleted space with random data
1s and 0s
Make space appear random
Use a unique or uncommon algorithm
Some recovery tools can reverse the algorithm and recover the data
Use a tool to “wipe” data securely
Automates process of covering up deleted data
Tools are available to End User
Sometimes included with security software suites
Data Recovery Techniques
Florida State University
CIS 4360 – Computer Security
Fall 2006
https://www.google.com.tr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwiar9OagYnXAhWjQZoKHeGKBmUQFggnMAA&url=http%3A%2F%2Fwww.cs.fsu.edu%2F~burmeste%2FCIS4360%2FFall2006%2FprojectPresentations%2FDataRecoveryTeq.ppt&usg=AOvVaw1TEZ2Rd2b52q0IQmvzgNxN
No comments:
Post a Comment