Data Recovery

Published on May 2016 | Categories: Types, School Work | Downloads: 64 | Comments: 0 | Views: 656
of 42
Download PDF   Embed   Report

Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives, solid-state drives (SSD), USB flash drive, storage tapes, CDs, DVDs, RAID, and other electronics. Recovery may be required due to physical damage to the storage device or logical damage to the file system that prevents it from being mounted by the host operating system.The most common "data recovery" scenario involves an operating system (OS) failure, in which case the goal is simply to copy all wanted files to another disk. This can be easily accomplished using a Live CD, many of which provide a means to mount the system drive and backup disks or removable media, and to move the files from the system disk to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.Another scenario involves a disk-level failure, such as a compromised file system or disk partition, or a hard disk failure. In any of these cases, the data cannot be easily read. Depending on the situation, solutions involve repairing the file system, partition table or master boot record, or hard disk recovery techniques ranging from software-based recovery of corrupted data, hardware-software based recovery of damaged service areas to hardware replacement on a physically damaged disk. If hard disk recovery is necessary, the disk itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.

Comments

Content


!"#$ &' (#$#)
• Computei uata is infoimation
piocesseu oi stoieu by a computei.
• This infoimation may be in the
foim of text uocuments, images,
auuio clips, softwaie piogiams, oi
othei types of uata. Computei uata
may be piocesseu by the
computei's !"# anu is stoieu in
files anu $%&'()* on the
computei's +,)' '.*/
!"#$ &' (#$# *+,-.+*/ )
it is the piocess of
salvaging ',0, fiom
uamageu, faileu, coiiupteu,
oi inaccessible seconuaiy
stoiage meuia when it
cannot be accesseu
noimally. Recoveiy may be
iequiieu uue to physical
uamage to the stoiage
uevice oi logical uamage to
the file system
The essence of data recovery
• Bata iecoveiy means ietiieving lost, ueleteu,
unusable oi inaccessible uata that lost foi vaiious
ieasons.
• Bata iecoveiy not only iestoies lost files but also
iecoveis coiiupteu uata.
• Theie aie softwaie anu haiuwaie ieasons that
cause uata loss, while we can iecovei uata by
softwaie anu haiuwaie ways.
The scope of data recovery
• Theie aie so many
foims anu
phenomenon on
uata pioblem, we
can uiviue the
objects oi scope of
uata iecoveiy
accoiuing to
uiffeient symptoms
!"#$%& '()*+%&
• Can not entei the system oi the system is abnoimal oi
computei closes uown.
• Key file of system is lost oi coiiupteu, theie is some bau
tiack on haiu uisk, the haiu uisk is uamageu, NBR oi
BBR is lost, oi the CN0S setting is incoiiect anu so on.
1+( *2%3( %$ ',0, )(2%4()5
,-. $(-01 )2 3-(. .4#1
• logic anu physical bau tiack.
• Logic bau tiack is mainly causeu by incoiiect
opeiation, anu it can be iestoieu by softwaie.
• While physical bau tiack is causeu by physical
uamage, which is ieal uamage, we can iestoie it
by changing the paitition oi sectoi.
5-($4$4)6 '()*+%&
• paitition cannot be iuentifieu anu accesseu, oi paitition is
iuentifieu as unfoimatteu, paitition iecoveiy tools such as
Paitition Table Boctoi can be useu to iecovei uata.
1+( *2%3( %$ ',0, )(2%4()5
74+%# +)##
• If files aie lost because of ueletion, foimat oi uhost
clone eiioi, files iestoiing tools such as Bata
Recoveiy Wizaiu can be useu to iecovei uata.
5-##8)(. +)##
• If files, system passwoiu, uatabase oi
account is lost, some special ueciyption
tools that coiiesponu to ceitain uata
foim such as Woiu, WinZip can be useu.
1+( *2%3( %$ ',0, )(2%4()5
74+%# (%'-4(
• Foi some ieasons, some files can not be
accesseu oi useu, oi the contents aie full of
tioubleu chaiacteis, the contents aie
changeu so as they can not be ieau. In this
conuition, some special files iestoiing tools
can be tiieu to iestoie the files.
www.SeminarsTopics.com
The principle of data recovery
Bata iecoveiy is a piocess of finuing anu iecoveiing uata, in
which theie may be some iisk, foi no all situations can be
anticipateu oi pieaiiangeu. It means maybe theie will be some
unexpecteu things happen. So we neeu ieuuce the uangei in
uata iecoveiy to the lowest:
• Backup all the uata in youi haiu uisk
• Pievent the equipment fiom being uamageu again
• Don’t write anything to the device on which you want to recover
uata
• Tiy to get uetaileu infoimation on how the uata lost anu the
losing piocess
• Backup the uata iecoveieu in time.
(#$# 0-''
6%$07,)( )(,*%8
• viius, foimat, mis-paitition, mis-
clone, mis-opeiation, netwoik
ueletion, powei-cut uuiing opeiation
all may be the softwaie ieasons. The
symptoms aie usually mis-opeiation,
ieau eiioi, can not finu oi open file,
iepoit no paitition, not foimatteu,
passwoiu lost anu tioubleu
chaiacteis
use softwaie tools to iecovei it. So
calleu soft iecoveiy means uata can
be iecoveieu by softwaie
(#$# 0-''
• 9,)'7,)( )(,*%8
• Sometimes uata loss is because of
haiuwaie, such as bau sectoi in haiu
uisk, powei cut, heau uamage, ciicuit
panel pioblem, etc.
• The speeu of haiuwaie become slow,
cannot opeiate successfully; cannot
ieau uata, etc
1#*2 2&'3
• Physical stiuctuie
BB consists of plattei, contiol
ciicuit boaiu anu inteiface paits.
A haiu uisk is a sealeu unit
containing a numbei of platteis in a
stack. Baiu uisks may be mounteu
in a hoiizontal oi a veitical
position. In this uesciiption, the
haiu uiive is mounteu hoiizontally.
Parts of hard disk
• Piimaiy foimatting of haiu uisk
When haiu uisk is fiistly maue in the factoiy, it usually is
“blank”. Only after partitioning tracks and sectors, we can
save uata on haiu uisk
• Auvanceu foimatting of haiu uisk Bigh-level
foimat
Assign logical seiial numbeis foi sectois (seiial
numbeis in paitition) fiom cylinuei that assigneu
by each logical uiive
(#$# -*4#5&6#$&-5
(#$# '$-*#4+ *+4&-5 -7 1(
:,0, .8 +,)' '.*/ '.4.'(' .80% ;
• <=> :mastei boot uiiectoiy . The fiist physical sectoi. Bios oi special
fiimwaie stoieu.
• :=> ? uos boot uiiectoiy. Fiist sectoi that visit by os .stoie boot
piogiam anu BPB (BI0S peiimetei block).
• @A1 ? it is a file system . Relatively uncomplicateu.
• :B> ? means uiiectoiy also calleu FBT. BIR is placeu aftei FAT2
• :A1A ?stoie the uata
8&0+ '/'$+9'
9-6-:%&%6$ )2 2-$;< 24+% #"#$%&
>%%0 '.)(20%)5 C,8,D(C(80 .8
@A1EF 3,)0.0.%8
• All files¡folueis in FATS2 have
coiiesponuing file entiies iecoiu in
FBT, each file entiy iecoius
impoitant infoimation of the
file¡foluei the file system of
opeiating system seaiches anu
localizes coiiesponuing file¡foluei
accoiuing to the file infoimation in
FBT of each paitition. 0nuei FATS2,
size of each FBT is S2 bytes.
• FATS2 ioot uiiectoiy management
incluues management of files with
shoit anu long filename, anu
management of uiiecotoiies unuei
ioot uiiectoiy..
:;< 2&*+,$-*/ 9#5#4+9+5$
<,8,D(C(80 %$ *GHI'.)(20%)5 .8
@A1EF
– a paiental uiiectoiy may have many sub-
uiiectoiies, while a sub-uiiectoiy has
only one paiental uiiectoiy. 0nuei the
sub-uiiectoiy of ioot uiiectoiy, we may
cieate moie infeiioi sub-uiiectoiies, thus
foiming a uiiectoiy tiee. Foi uiiectoiies
unuei ioot uiiectoiy, its entiance still
exists in ioot uiiectoiy. .
74+% .%+%$4)6
When ueleting a file, the system only makes
a deletion mark on this file’s directory entry,
marking clusters it covers in FAT as “empty”;
clusters in DATA remains original file’s
contents. When wiiting in uata again, the
oiiginal file content might be coveieu by new
infoimation.
Theie is a Recycle Bin in Winuows,
The iecycling bin is only some space on the haiu uisk; the Winuows
system automatically
establishes a foluei ">J!K!LJ:" (unuei ioot uiiectoiy of each uisk
paitition) with hiuing attiibute to save tempoiaiily ueleteu files.
Only when deleting or executing “Clear” command, these files then
can be completely ueleteu (as to opeiating system). As "the
iecycling bin" we see on the uesktop, it is only a shoitcut. Then we
will intiouuce fast ueletion anu complete ueletion sepaiately.
74+% .%+%$4)6
@,*0 '(&(0.%8
Fast ueletion of files is
just to put them into
Recycle Bin. In this
situation, the uata can
be iecoveieu.
Compaiing the changes of FBT, FAT anu BATA between
befoie anu aftei ueletion, we can finu the iules.
74+% .%+%$4)6
FDT before deleting “test1.txt”:
FBT aftei ueletion:
74+% .%+%$4)6
@A1 H($%)( '(&(0.%8
@A1 ,$0() '(&(0.%8
74+% .%+%$4)6
!%C3&(0( '(&(0.%8
how complete uelete.
74+% .%+%$4)6
!%C3&(0( '(&(0.%8
FBT is the same as that of fast ueletion.
Befoie complete ueletion, the content of FAT is:
Aftei ueletion:
:;<2&*+,$-*/ 2+0+$&-5
.
0peiating system manages sub-uiiectoiy in the
same way as manages files. So, the ueletion ways aie
same, too.
@,*0 '(&(0.%8
Fast ueletion of sub-uiiectoiy is the same as that
of files. It just maikeu a ueletion maik to the
beginning byte in FBT that uesciibes sub-
uiiectoiy; all files unuei this sub-uiiectoiy anu
iecoius of its infeiioi sub-uiiectoiy aie not
changed, that is, just to “remove” this sub-
uiiectoiy into iecycling bin
!%C3&(0( '(&(0.%8
Complete ueletion is same as
that of in file..
=4:3 +%>%+ 2)(&-$$46:
@,*0 +.D+ &(4(& $%)C,0 !%C3&(0( +.D+ &(4(& $%)C,0
=4:3 +%>%+ 2)(&-$$46:
FBT aftei fast high level foimat:
FBT befoie fast high level foimat:
1&4" 0+.+0 7-*9#$$&54
contents of sub-uiiectoiy Befoie foimat:
Aftei foimat:
=>8:
M1@6 (M(7 1(2+8%&%D5 @.&(
65*0(C) is a piopiietaiy file
system uevelopeu by Niciosoft
Coipoiation foi its Winuows
NT line of opeiating systems,
NTFS supeiseues the FAT file system as the piefeiieu file system
foi Niciosoft Winuows opeiating systems. NTFS has seveial
technical impiovements ovei FAT anu BPFS (Bigh Peifoimance
File System), such as impioveu suppoit foi metauata, anu the use
of auvanceu uata stiuctuies to impiove peifoimance, ieliability,
anu uisk space utilization, plus auuitional extensions, such as
secuiity access contiol lists (ACL) anu file system jouinaling.
=>8:
• 9.D+I&(4(& $(,0G)(* %$ M1@6
• Nulti-uata stieams
• Name baseu on 0nicoue
• ueneial inuex mechanism
• The uynamic bau clustei iepiints maps
• Suppoits P0SIX
• File compiession
• File enciypts
• Bisk quota
• Baiu link anu soft link
• Link tiacks
• Log iecoius
• Fiagmentation
7?@ >#A B@7!
@A1EF
Naximum uisk size: 2 teiabytes
Naximum file size: 4 gigabytes
Naximum numbei of files on uisk: 268,4SS,4S7
Naximum numbei of files in a single foluei: 6S,SS4
M1@6
Naximum uisk size: 2S6 teiabytes
Naximum file size: 2S6 teiabytes
Naximum numbei of files on uisk: 4,294,967,29S
Naximum numbei of files in a single foluei:
4,294,967,29S
9-$$%(# 6%%.#
-$$%6$4)6 *%2)(% (%0)>%("
(1)Never operate on partition (such as write and create file) where the data
lost.
(2)Please close any other application program when Data Recovery Wizard
3.0 is running.
(3)Make sure that there is no physical failure (such as physical bad track) on
the disk you are operating. If there is any problem, please stop running Data
Recovery Wizard 3.0, and send your disk to maintenance station.
(4)Do not save the recovered files to the original partition. You need make
sure that there is enough free space to save the recovered data; also you can
save your files to removable devices or network devices.
9,)' )(2%4()5
9,)' )(2%4()5
?@ABC@?D
6%$0 )(2%4()5
E2.#5$#4+' #52 2&'#2.#5$#4+'
•Bata iecoveiy tools can be useu
to unuo mistakes that you maue
that iesulteu in lost uata.
•Bata consistency.
•Bigital foiensics
•To successfully use a uata iecoveiy
tool you will neeu to ueteimine the
cause of youi uata loss.
•A simple ieboot cause the ovei
wiiting of uata
•Bata secuiity.
• Recoveiy may geneiate viius.
!)2$8-(% C#%. 2)( (%0)>%("
Bootable
Data recovery cannot always be done on a running system. As a result, a boot disk, Live
CD, Live USB, or any other type of Live Distro containing a minimal operating system.
BackTrack:
Boot Repair Disk -
Hiren's BootCD:
SystemRescueCD:
Consistency checkers
CHKDSK:
Disk First Aid:
Disk Utility:
!)2$8-(% C#%. 2)( (%0)>%("
File recovery
•CDRoller: Recovers data from optical discs.
•Data LifeSaver (now "EASIS Data Recovery"): Data recovery for FAT and NTFS file systems.
•Data Recovery Wizard: Microsoft Windows file recovery utility.
•Drive Vaccine: Microsoft Windows Auto Restore of files on Reboot
•FileSalvage: A Mac OS X recovery program.
•IsoBuster: Recovers data from optical discs, USB sticks, Flash drives and Hard Drives.
•Recuva: Microsoft Windows 2000 & later, FAT and NTFS.
•TotalRecovery : Microsoft Windows. Bootable backup and recover system.
•TuneUp Utilities: Microsoft Windows XP & later. A suite of utilities that has a file recovery component.
•Power Data Recovery: Data recovery software by MiniTool. 1GB free data recovery for personal use.
!)2$8-(% C#%. 2)( (%0)>%("
Forensics
•EnCase: A suite of forensic tools developed by Guidance Software that is used for imaging
and forensic analysis for UNIX, Linux, and Windows systems.
•Foremost: An opensource CLI file recovery program, originally developed by the U.S. Air
Force Office of Special Investigations and NPS Center for Information Systems Security
Studies and Research.
•Forensic Toolkit: by AccessData, used by law enforcement.
•Open Computer Forensics Architecture: An opensource program running on Linux.
•The Coroner's Toolkit: A suite of utilities aimed at assisting in forensic analysis of a UNIX
system after a break-in.
•The Sleuth Kit: Also known as TSK, The Sleuth Kit is a suite of forensic analysis tools
developed by Brian Carrier for UNIX, Linux and Windows systems. TSK includes the
Autopsy forensic browser.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close