| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57686 | 2005-05-09 21:49:00 | Lost Data | Bryan (147) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 353768 | 2005-05-09 21:49:00 | I beggered my hard drive by the ultimate sin of trying to connect it with power on, there was a flash and my hard drive could not be accessed. I used a program from the "Ultimate Boot CD" that told me my XP system was now reverted to FAT 12. I bit the bullet and formatted the hard drive as FAT 32 and have reloaded my system. Problem is, there were one or two files that were not (and should have been) backed up and I would like to try to now recover them. I know that the are companies that profese that they can recover data but does anyone know of some Forensic recovery program that I could use myself? I understand that there is something that will recover lost or written over Digital photos so would this work on a hard drive? Can anyone help please? Bryan. |
Bryan (147) | ||
| 353769 | 2005-05-09 21:55:00 | I dont think you'll get anything now, since you've reformatted the hard drive. You can usually recover data, if you dont format a hard drive. And, if you dont write over the data, you wanted to retrieve. |
Speedy Gonzales (78) | ||
| 353770 | 2005-05-09 23:09:00 | A format dosent write over everything on the disk it just sets it to empty.(simple explanation) You could try GetDataBack form Runtime (http://). |
Rob99 (151) | ||
| 353771 | 2005-05-10 00:56:00 | A format doesn't overwrite it but reinstalling does. You might be able to recovers something but certainly not everything. | pctek (84) | ||
| 353772 | 2005-05-10 01:10:00 | You'll need to get the drive to a forensic recovery specialist if you want to see any of that data. They can and will recover data that has been over written, how much of it will be useful will only be known once the job is done. Physical damage to the disc may preclude some or all data being retrieved. The task has been made a lot more difficult by accessing the disc let alone reformatting and reinstalling on it. If the disc surface had actually been damaged, the last thing I would want is to put my data on it and trust it to stay there without errors. If it is the logic board that was damaged, then chances are that all your data was left intact on the disc and it could have simply been plugged in to a compatible board and everything pulled off. |
Murray P (44) | ||
| 353773 | 2005-05-10 03:15:00 | How valuable are the files? If you would "just like to have them" forget a forensic company . What they do takes highly skilled people lots of hours on highly expensive equipment . They charge accordingly . However, since the disk appears to be working, you might be lucky . If the files are text, and you know some of the words they contain --- preferably "unusual words" -- there's something you can try which won't cost much, and has a reasonable chance of at least partial success . A Linux "live CD" will boot from a CD and run in RAM . (Knoppix, Morhix, Ubuntu . . . etc . . . distribute them . Disk Smith Electronics will sell you one reasonably cheaply, or you might have one already) . Start a terminal, and do man dd . dd is a very powerful and primitive programme . :cool: Just make sure you use "if=/dev/hda" and never "of=/dev/hda" . That way, you won't write to the HD . :groan: Try a few commands: dd if=/dev/hda bs=512 skip=1000 count=10 | strings -6 That will skip to the 1001th block, and read 10 blocks, piping them to another programme called "strings" which will show all "text" words 6 characters or longer in the blocks . If that doesn't find any, use the up-arrow key to get the command again and edit it (left-arrow, right-arrow, backspace, insert new characcters by typing, Enter when done) . Change the 6 to 4 or change the skip counter to look at a different area of the disk . When you are happy with how this works, try looking for some actual words . dd if=/dev/hda bs=512 skip=12000 count=1000 | strings -4 | "myword" -i grep You won't find "myword" so try a real word . ;) Wander through the disk like this, bumping the skipcount . When you find something hopeful-looking, you have a closer look by, for example: dd if=/dev/hda bs=512 skip=14100 count=10 This will show everything in the specified blocks . If it looks really good, dd if=/dev/hda bs=512 skip=14100 count=100 of=/mnt/floppy/file1 . txt ("of" is "output file") You can get only a bit over 1MB (2500 or so blocks) on a floppy, and you might not have a floppy drive . ;) You could use /mnt/removable for a USB flash disk, which will hold much more . Good luck . |
Graham L (2) | ||
| 1 | |||||