PC Tips and Tricks to make your life easier

Hide And Seek – Hard Disk Data Recovery Tools

May 24, 2010 By: lilybird Category: Data Recovery/Security

Slack space allows a nearly omnipresent and easily abused area for concealing data. There are many types of slack space and slack space is affected by file system specifics. As such, slack space is easily used in the FAT, NTFS, and Ext2 file systems. Additionally, many results of a slack space experiments performed on both the NTFS and Ext3 file systems clearly show that there ant numerous ways to conceal data. Some data concealing techniques are specific to a particular file system, such as Alternate Data Streams (a capability that some system administrators, especially those who carry the responsibility of keeping their computers protected against intruders, may reasonably label a nuisance). The origin of this functionality is closely related to file system development and instances of covering data and executing programs from within an Alternate Data Stream are known from the first file systems. Other tricks concerning data concealment are known as well. For example, disguising files, making use of hidden attributes, and using deletion to hide data. The importance of these techniques are always considered from the forensics examiner’s point of view.

It is likely that most paranoid computer users have at least heard rumors regarding the disposition of their erased data. Nevertheless, it is just as unlikely that the majority of computer users (including professionals) understand the real, true story that takes place behind the scenes of a delete button click. By itself, that makes data deletion an fascinating subject and one that requires an explanation as to what has caused the persistence of this tough area of computing. Once again, differences can be found between the FAT, NTFS, and Ext2fs file systems concerning their deletion mechanisms. The concept of disk wiping and deletion should be clearly understood before proceeding to platform specific tools for both the Windows and Linux operating systems. Relevance for the forensics examiner is, once again, essential and special attention shold be given to the topic of drive slack space.

Hard drive data recovery is usually feasible because of persistence of digital data. Complete data removal may very well be impossible without physically demolishing the disk platter(s) on which it was originally written. The question of true deletion along with the recoverability controversy, reasons why deletion is such a tough beast to tame, and low-level details concerning disk coding and channel information (useful in gaining a more complete understanding of the problem space) are then covered. The effectiveness of potential demolition methods (e.g. breaking a disk platter into pieces with a hammer and subjecting a hard drive to a degausser) should also be taken into account. Finally, legal requirements and government standards must be taken into account.

The forensics examiner’s ability to retrieve secret and erased data is very important. As a counterpoint to the methods used to conceal data, techniques that can be utilized to find and reclaim data should be learned by trial and error principle. The most popular data recovery software (by the number of references and recommendations) for both the Windows and Linux platforms can easily be found on the web. Potential users should compare functionalities, file systems support, and take into account other relevant, potential decision making, considerations. Where data recovery software is unable to recoved erased data, radical and/or exotic techniques can be employed. The use of such tools would most likely only be considered in cases of extreme importance, but they offer a glimpse into the reality that nearly everything you do on a computer is traceable.

For helpful advice about the topic of traffic to website – go through the webpage. The times have come when concise info is truly only one click of your mouse, use this possibility.

Leave a Reply