Save that Data Computer File and Drive Protection

  • Slides: 25
Download presentation
Save that Data Computer File and Drive Protection and Recovery Resources

Save that Data Computer File and Drive Protection and Recovery Resources

Terence Sullivan, Shiloh/Chrisman Schools “Save That Data. ” Everyone has had that experience of

Terence Sullivan, Shiloh/Chrisman Schools “Save That Data. ” Everyone has had that experience of losing critical documents. Almost always the data is recoverable for no cost. A simple USB memory stick can carry all the free tools needed for recovery of a single deleted file to a completely trashed hard drive. A tool-kit with how-to instructions will be available. (Appropriate for all grade levels. ) [email protected] net

Nice Tool - Bonus • Internet Explorer History Viewer – “IEVH” – http: //www.

Nice Tool - Bonus • Internet Explorer History Viewer – “IEVH” – http: //www. nirsoft. net/utils/iehv. html – Will display Internet History in a complete and organized format for every user on a computer • Session Philosophy – using all free software or utilities included with OS

Backup and Archive • Best defense is a good offense – Recycle Bin –

Backup and Archive • Best defense is a good offense – Recycle Bin – ONLY local drives – CD/DVD burners – Onetouch Backup – external drive – Ntbackup (Windows) – Syncback – Cobian Backup

Windows Archiving Tools • • System Restore – ONLY system files Volume Shadow Copy

Windows Archiving Tools • • System Restore – ONLY system files Volume Shadow Copy (VSC) NTBackup Windows Resource Kit Tools – Robocopy

How Drives Work • Files are stored magnetically or optically on the drive. •

How Drives Work • Files are stored magnetically or optically on the drive. • Drive is organized in logical parts – Sectors, Tracks, Cylinders, Partitions • File is “written” onto the drive and the LOCATION(s) is recorded in the file tables • These apply to – Hard Drive, Floppy Drive, CDV, Flash Memory, SD Cards, even digital tape drives

How Drives Work • Examples – Hard Drive – Floppy Drive – CD Rom

How Drives Work • Examples – Hard Drive – Floppy Drive – CD Rom

Signs that your drive is damaged or failing • • • Strange noises or

Signs that your drive is damaged or failing • • • Strange noises or grinding sound SLOW to open/save a file or boot Unresponsiveness Freezes and locks up. Blue screen of death • TIP – check the event logs!

What happens when a file is “lost” • Erased – Really just delete the

What happens when a file is “lost” • Erased – Really just delete the file table so the reference to what and WHERE is lost • Overwritten – Remagnetize the same parts of the drive or redo the reflective ink on the CD/DVD • Drive Partition is Lost – Boot record is corrupted and the beginning/ending points for the logical drive are lost • Physical Damage – Head crash, disk scratched, drive motor issues, drive controller issues

Recover from Minor Drive Damage • CD-DVD – Clean the drive with water and

Recover from Minor Drive Damage • CD-DVD – Clean the drive with water and lint free cloth – Scratches with polisher or toothpaste (fine abrasive) – Crack – run it in a SLOW drive (older drive) • Disk Drive minor corruption – Included OS Tools • Chkdsk (Win), FSCK (Linux), Disk Utility Mac • SFC (system file checker) in Windows

Windows Tools • If system boots it may be possible to run and fix

Windows Tools • If system boots it may be possible to run and fix from inside Windows – System Restore to revert and recover system files if it is corruption damage and not hard drive failure – CHKDSK gui or command line • Chkdsk /R – SFC command line • Scf /scannow • Reference Site - http: //ss 64. com/

Simple (? ) Undelete • **Convar – PC Inspector 4 – http: //www. pcinspector.

Simple (? ) Undelete • **Convar – PC Inspector 4 – http: //www. pcinspector. de/Sites/file_recovery/downloa d. htm? language=1 • Softperfect File Recovery - fast scanner – http: //www. softperfect. com/products/filerecovery/ (NTFS-FAT, HD, Flash, SD) • Undelete Plus – http: //www. undelete-plus. com/ (NTFS-FAT, HD, Flash, SD, …) • Hiren’s Boot Disk run inside Windows

Portable Apps • Stand Alone programs which do NOT require installation to run. –

Portable Apps • Stand Alone programs which do NOT require installation to run. – Small footprint and clean up after themselves • Can carry and run from Flash drive (or other media) • Search for Portable App Project or Portable Freeware – http: //portableapps. com/ – http: //www. portablefreeware. com/

Live CD Tools • Bart’s PE –Win. XP http: //www. nu 2. nu/pebuilder/ •

Live CD Tools • Bart’s PE –Win. XP http: //www. nu 2. nu/pebuilder/ • Dell Linux with Open Management Server tools (OMSA) – http: //linux. dell. com/files/openmanage-contributions/omsa-51 -live • Knoppix - http: //www. knoppix. org/ – Disk First Aide with Knoppix • http: //www. shockfamily. net/cedric/knoppix/ • Helix – custom Knoppix - forensics and recovery – http: //www. e-fense. com/helix/ • • • Ultimate Boot CD - http: //www. ultimatebootcd. com/ System. Rescue. CD - http: //www. sysresccd. org/ Hiran’s Boot CD Ubuntu (Live CD – use aptget) - http: //www. ubuntu. com/ Ubuntu Rescue Remix - http: //ubuntu-rescue-remix. org/

Tricks of the Trade • Floppy Drive – try in another machine or best

Tricks of the Trade • Floppy Drive – try in another machine or best option is to try in a MAC or mounting in a *nix machine • Hard Drive – try the “freezer” trick • SD or flash card readers for direct USB connection • USB to ATA/SATA drive universal adapter – Allows connecting basically any computer or laptop hard drive to a computer via the USB port • Preferred Recovery Approach is to IMAGE the drive with some type of BIT Copier and then work on the image not the original

Corrupted Files • Microsoft Word – File – Open and choose • “Recover Text

Corrupted Files • Microsoft Word – File – Open and choose • “Recover Text from any File”

 • in this case, I would try Testdisk or Parted to restore your

• in this case, I would try Testdisk or Parted to restore your partition table. I hope her note wasn't longer than 512 characters. • Source - http: //xkcd. com/340/

Serious Corruption • TEST Disk – recover partitions in most OS & File Systems

Serious Corruption • TEST Disk – recover partitions in most OS & File Systems (free) – http: //www. cgsecurity. org/wiki/Test. Disk_Down load – Found on many Live CDs – Often Bundled with Photo. Rec • Restoration (free) – http: //www. snapfiles. com/get/restoration. html

Sluth Kit • For those so inclinded • Forensic Tool – the Sluth Kit

Sluth Kit • For those so inclinded • Forensic Tool – the Sluth Kit and Autopsy graphical interface – http: //www. sleuthkit. org/index. php. S

Commercial • Gibson Research (Steve Gibson) • SPINRITE – http: //www. grc. com/spinrite. htm

Commercial • Gibson Research (Steve Gibson) • SPINRITE – http: //www. grc. com/spinrite. htm • Recovery Services

Dead Disk Readers • Hard Drives, CD, DVD, Floppy, Flash • http: //www. s

Dead Disk Readers • Hard Drives, CD, DVD, Floppy, Flash • http: //www. s 2 services. com/diskreaderfreeware. htm – Tools for all OS systems

dd variants • Linux, Debian, OSX – Linux/Unix history – File or Drive/Partition recovery

dd variants • Linux, Debian, OSX – Linux/Unix history – File or Drive/Partition recovery tool • dd – command line • ddresue – easier user interface • gddrescue – gnu project ddrescue

Ubuntu Example • In terminal – Install gddrescue $ sudo apt-get install gddrescue –

Ubuntu Example • In terminal – Install gddrescue $ sudo apt-get install gddrescue – Run this command BE PATIENT $ sudo ddrescue –v /dev/hdc cdr-backup 2. iso /ddrescue. log Or $ sudo ddrescue –v /dev/hdd 1 /dev/hdc 1 /ddrescue. log $ sudo fsck -C /dev/hdc 1

dcfldd • Linux Tool – dcfldd best on DEBIAN! – http: //dcfldd. sourceforge. net/#download

dcfldd • Linux Tool – dcfldd best on DEBIAN! – http: //dcfldd. sourceforge. net/#download

Terence Sullivan, Shiloh/Chrisman Schools Questions ? • Presentation –www. il-edtech. org –www. shiloh. k

Terence Sullivan, Shiloh/Chrisman Schools Questions ? • Presentation –www. il-edtech. org –www. shiloh. k 12. il. us/presentations [email protected] net