Embed Size (px)
DESCRIPTION
Save that Data. Computer File and Drive Protection and Recovery Resources. Terence Sullivan, Shiloh/Chrisman Schools. - PowerPoint PPT Presentation
Citation preview
Save that Data
Computer File and Drive
Protection and Recovery Resources
Terence Sullivan, Shiloh/Chrisman Schools
“Save That Data.” Everyone has had that experience of losing critical documents.
Almost always the data is recoverable for no cost. A simple USB memory stick can carry all the free tools needed for recovery of a single deleted file to a completely trashed
hard drive. A tool-kit with how-to instructions will be available. (Appropriate for all grade
levels.)
Nice Tool - Bonus
• Internet Explorer History Viewer – “IEVH”– http://www.nirsoft.net/utils/iehv.html
– Will display Internet History in a complete and organized format for every user on a computer
• Session Philosophy – using all free software or utilities included with OS
Backup and Archive
• Best defense is a good offense– Recycle Bin – ONLY local drives– CD/DVD burners– Onetouch Backup – external drive– Ntbackup (Windows)– Syncback– Cobian Backup
Windows Archiving Tools
• System Restore – ONLY system files
• Volume Shadow Copy (VSC)
• NTBackup
• Windows Resource Kit Tools– Robocopy
How Drives Work• Files are stored magnetically or optically on
the drive.
• Drive is organized in logical parts– Sectors, Tracks, Cylinders, Partitions
• File is “written” onto the drive and the LOCATION(s) is recorded in the file tables
• These apply to– Hard Drive, Floppy Drive, CD, CDV, Flash
Memory, SD Cards, even digital tape drives
How Drives Work
• Examples– Hard Drive– Floppy Drive– CD Rom
Signs that your drive is damaged or failing
• Strange noises or grinding sound
• SLOW to open/save a file or boot
• Unresponsiveness
• Freezes and locks up.
• Blue screen of death
• TIP – check the event logs!
What happens when a file is “lost”• Erased
– Really just delete the file table so the reference to what and WHERE is lost
• Overwritten– Remagnetize the same parts of the drive or redo the
reflective ink on the CD/DVD
• Drive Partition is Lost– Boot record is corrupted and the beginning/ending
points for the logical drive are lost
• Physical Damage– Head crash, disk scratched, drive motor issues, drive
controller issues
Recover from Minor Drive Damage
• CD-DVD– Clean the drive with water and lint free cloth– Scratches with polisher or toothpaste (fine
abrasive)– Crack – run it in a SLOW drive (older drive)
• Disk Drive minor corruption– Included OS Tools
• Chkdsk (Win), FSCK (Linux), Disk Utility Mac • SFC (system file checker) in Windows
Windows Tools
• If system boots it may be possible to run and fix from inside Windows– System Restore to revert and recover system
files if it is corruption damage and not hard drive failure
– CHKDSK gui or command line• Chkdsk /R
– SFC command line• Scf /scannow
• Reference Site - http://ss64.com/
Simple (?) Undelete
• **Convar – PC Inspector 4– http://www.pcinspector.de/Sites/file_recovery/downloa
d.htm?language=1
• Softperfect File Recovery - fast scanner– http://www.softperfect.com/products/filerecovery/
(NTFS-FAT, HD, FD, Flash, SD)
• Undelete Plus– http://www.undelete-plus.com/ (NTFS-FAT, HD, FD,
Flash, SD,…)
• Hiren’s Boot Disk run inside Windows
Portable Apps
• Stand Alone programs which do NOT require installation to run.– Small footprint and clean up after themselves
• Can carry and run from Flash drive (or other media)
• Search for Portable App Project or Portable Freeware– http://portableapps.com/– http://www.portablefreeware.com/
Live CD Tools• Bart’s PE –WinXP http://www.nu2.nu/pebuilder/• Dell Linux with Open Management Server tools (OMSA)
– http://linux.dell.com/files/openmanage-contributions/omsa-51-live
• Knoppix - http://www.knoppix.org/ – Disk First Aide with Knoppix
• http://www.shockfamily.net/cedric/knoppix/
• Helix – custom Knoppix - for forensics and recovery– http://www.e-fense.com/helix/
• Ultimate Boot CD - http://www.ultimatebootcd.com/ • SystemRescueCD - http://www.sysresccd.org/• Hiran’s Boot CD• Ubuntu (Live CD – use aptget) - http://www.ubuntu.com/ • Ubuntu Rescue Remix - http://ubuntu-rescue-remix.org/
Tricks of the Trade• Floppy Drive – try in another machine or best
option is to try in a MAC or mounting in a *nix machine
• Hard Drive – try the “freezer” trick• SD or flash card readers for direct USB
connection• USB to ATA/SATA drive universal adapter
– Allows connecting basically any computer or laptop hard drive to a computer via the USB port
• Preferred Recovery Approach is to IMAGE the drive with some type of BIT Copier and then work on the image not the original
Corrupted Files
• Microsoft Word – File – Open and choose
• “Recover Text from any File”
• in this case, I would try Testdisk or Parted to restore your partition table. I hope her note wasn't longer than 512 characters.
• Source - http://xkcd.com/340/
Serious Corruption
• TEST Disk – recover partitions in most OS & File Systems (free)– http://www.cgsecurity.org/wiki/TestDisk_Down
load– Found on many Live CDs– Often Bundled with PhotoRec
• Restoration (free)– http://www.snapfiles.com/get/restoration.html
Sluth Kit
• For those so inclinded
• Forensic Tool– the Sluth Kit and Autopsy graphical interface– http://www.sleuthkit.org/index.phpS
Commercial
• Gibson Research (Steve Gibson)
• SPINRITE– http://www.grc.com/spinrite.htm
• Recovery Services
Dead Disk Readers
• Hard Drives, CD, DVD, Floppy, Flash• http://www.s2services.com/diskreaderfreeware.htm
– Tools for all OS systems
dd variants
• Linux, Debian, OSX– Linux/Unix history– File or Drive/Partition recovery tool
• dd – command line
• ddresue – easier user interface
• gddrescue – gnu project ddrescue
Ubuntu Example
• In terminal– Install gddrescue
$ sudo apt-get install gddrescue– Run this command and BE PATIENT
$ sudo ddrescue –v /dev/hdc cdr-backup2.iso /ddrescue.log
Or
$ sudo ddrescue –v /dev/hdd1 /dev/hdc1 /ddrescue.log
$ sudo fsck -C /dev/hdc1
dcfldd
• Linux Tool– dcfldd best on DEBIAN!– http://dcfldd.sourceforge.net/#download
Terence Sullivan, Shiloh/Chrisman Schools
Questions ?
•Presentation–www.il-edtech.org–www.shiloh.k12.il.us/presentations
