Recovering data from a corrupted or virus attacked device | extrovert.dev -->
search

Recovering data from a corrupted or virus attacked device

Recovering data from a corrupted or virus attacked device
Tuesday, January 7, 2020

We trust our storage devices. But what if it went down ?? Then we start worrying about that data. This also happened to me previously. But at last, I could retrieve the data from my Pendrive. Let's see how we can do that. For this, I will be using PhotoRec a tool by Cgsecurity which is packaged with a powerful data recovery tool called TestDisk. I personally loved using TestDisk while dealing with partitions. Cgsecurity says that you can use TestDisk for
  • Fix partition table, recover deleted partition
  • Recover FAT32 boot sector from its backup
  • Rebuild FAT12/FAT16/FAT32 boot sector
  • Fix FAT tables
  • Rebuild NTFS boot sector
  • Recover NTFS boot sector from its backup
  • Fix MFT using MFT mirror
  • Locate ext2/ext3/ext4 Backup SuperBlock
  • Undelete files from FAT, exFAT, NTFS, and ext2 filesystem
  • Copy files from deleted FAT, exFAT, NTFS and ext2/ext3/ext4 partitions.
I am using Kali Linux for this. I think it comes preinstalled with kali if not install it using apt.
sudo apt-get install testdisk
Now we would recover the data from our memory device using Photorec.
Open Photorec
sudo photorec
Recovering data from a corrupted or virus attacked device

 Now select /dev/sdb for me VendorCo is the device that I would like to recover.

Now click on FileOpt to select the files. Opting the files helps us to recover the data using formats.  For example, if we would like to recover only video files we would use mp4/3gp etc... Here it displays the list of recoverable files you can select the file formats in the menu using spacebar press b to save changes.
Then the previous menu appears.
Now click on search to search for the recoverable files
Now we need to select an external(not in a memory device) location for saving recovered files

Recovering data from a corrupted or virus attacked device

Now press c to save the recovering directory I am using Pictures here

Recovering data from a corrupted or virus attacked device

We have done the recovery✌!

How it has happened??
 
     Most operating systems store the data in a continuous way to minimize data fragmentation. when a file is deleted only the meta-information is removed. Names and the data are still present without its location address this is the reason recovery tools don't recover by folder names it just recovers the files. The data exists until some or all of it is overwritten.

0 Response to Recovering data from a corrupted or virus attacked device

Comments are personally moderated by our team. Promotions are not encouraged.

Post a Comment
Subscribe to: Post Comments (Atom)