Security Tools/Data Recovery

March 19th, 2010
By Noynim IT Solutions in Security
Comments (0)

Photorec

PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its ‘Photo Recovery’ name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your media’s filesystem has been severely damaged or re-formatted.

PhotoRec is free, this open source multi-platform application is distributed under GNU Public License. PhotoRec is a companion program to TestDisk, an app for recovering lost partitions on a wide variety of filesystems and making non-bootable disks bootable again.

http://www.cgsecurity.org/wiki/PhotoRec

Partedmagic

Parted Magic is a Linux LiveCD/USB/PXE with its elemental purpose being to partition hard drives and is not designed to be a “Rescue CD” nor is it based on another Distribution.

Optimized at approximately 45MB, the Parted Magic OS employs core programs of GParted and Parted to handle partitioning tasks with ease, while featuring other useful programs (e.g. Partition Image, TestDisk, fdisk, sfdisk, dd, ddrescue, etc.) and an excellent set of documentation to benefit the user. An extensive collection of fileystem tools are also included, as Parted Magic supports the following: ext2, ext3, ext4, fat16, fat32, hfs, hfs+, jfs, linux-swap, ntfs, reiserfs, reiser4, and xfs.

The latest version is updated with: Linux 2.6.24.3, Parted 1.8.8, ntfsprogs-2.0.0, ntfs-3g-1.2506, and GParted-0.3.7.

Parted Magic uses Busybox for basic Unix commands and networking, the Dropbear SSH server and client, and Firefox to surf the web.

The current Xserver is xorg-server-1.4.0.90 with the following drivers: apm, ark, ati, chips, cirrus, cyrix, glint, i128, i740, i810, mga, neomagic, nv, r128, riva128, radeon, rendition, s3, s3virge, savage, siliconmotion, sis, tdfx, tga, trident, tseng, vesa, vmware, and voodoo.

The mini Xserver, Xvesa, is also available.

TestDisk

TestDisk is a powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery using TestDisk is really easy.

Foremost

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Scalpel

Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery. Scalpel resulted from a complete rewrite of foremost 0.69, a popular open source file carver, to enhance performance and decrease memory usage.

The Sleuth Kit

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

The volume system (media management) tools allow you to examine the layout of disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

When performing a complete analysis of a system, we all know that command line tools can become tedious. The Autopsy Forensic Browser is a graphical interface to the tools in The Sleuth Kit, which allows you to more easily conduct an investigation. Autopsy provides case management, image integrity, keyword searching, and other automated operations.

PartitionSupport.com

Provides a host of functions for recovering data from damaged file systems of all kinds http://www.partitionsupport.com/utilities.htm

Comment on Security Tools/Data Recovery

Leave a Reply

Nicholas Pool

14:38 27 Dec 18

Outstanding corporate IT services company. NOYNIM has a well experienced crew and an extremely responsive process in place to help their customers. Most of my company's help desk tickets are responded to within 30 minutes of request, and troubleshooting usually takes less than 15 minutes. I would recommend NOYNIM as a provider to anyone.

David Smith

18:28 28 Aug 18

Excellent IT services provider company in Denver.

Chad Lieberman

18:45 02 Aug 17

NOYNIM is a fantastic and client-focused IT company. Daniel and his team find creative and cost-effective solutions to a variety of IT issues. They are responsive, professional and efficient. I highly recommend NOYNIM.

Rita Lawrence

15:00 17 Oct 17

This company is fast, super responsive, and very professional!

Robert B. Wareham

16:51 30 Aug 17

Update: August 30, 2017 If I could give these guys more than 5 stars I would. They did a complete Windows Server upgrade this year and it went flawlessly. No one in the firm even knew it was going on. We now have the latest version of Windows Server and everything is working great. Dan and his crew are responsive and prompt. They are knowledgeable and competent. I look forward to years more of our partnership. Prior Review- 2015 After being promised the moon by so many IT companies I was skeptical when Daniel Noy told me that he could assure me a stable and secure IT environment. We were on the verge of a Windows Server SBS upgrade. Our prior IT company had set us up with a virtual server environment that never did work. Without billing me for hours of unproductive and expensive "planning and assessment" meetings Daniel and his team quickly determined our needs and implemented the server migration flawlessly. That was three or four years ago. Since that time Daniel and his staff have proved to be capable and responsive. The SBS server had some upgrade bugs that took hours, if not days, to troubleshoot with Microsoft's top level support people finally confirming it was a software bug. Daniel never gave up on the problem and pushed Microsoft on our behalf. As a trial lawyer I appreciate the need to advocate on behalf of a client. Daniel really went to bat for us. I don't toss endorsements around lightly as I live by my reputation of credibility and integrity. Daniel Noy shares those values. I know he has personally spent many late nights with his staff working to resolve issues as they arose. Noynim is responsive and capable. I don't worry about our network anymore. I give Daniel and Noynim my unqualified endorsement. Robert B. Wareham CEO and Attorney at Law The Law Center P.C. Highlands Ranch, Colorado