[ale] (OT) data recovery - show and tell?

Greg Freemyer freemyer-ml at NorcrossGroup.com
Fri Apr 23 17:45:02 EDT 2004


On Fri, 2004-04-23 at 11:04, Preston Boyington wrote:
> where does one acquire training in data recovery.  i was looking for something more along the lines of a seminar or such.  i've been fortunate in doing small things (recovering from single drives/deleted files), but i've yet to try anything RAID related or jobs of really any scale.
> 
> basically backup and data recovery is something that has always interested me, and i would like to add another feature to my resume.
> 
> anyone offer training like this?  could someone recommend a good resource for related information?
> 
> thanks,
> preston
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

It is not a simple topic and I don't know of any comprehensive training.

My company does computer forensics (CF), and as a sideline we end up
having data recovery capabilities.

If we are trying to recover deleted files, or even file fragments, we
normally use FTK.  It is CF software and training is available.  (Maybe
even at Kennesaw, they have CF classes I think.)  Neither FTK nor the
company training are low-cost.  I don't know what Kennesaw charges, but
they host a national CF seminar in March.

FTK does not do well if the logical filesystem structure is corrupted,
but even then it can get back individual disk clusters based on keyword
searches.  I have used it to recover files from drives with a
significant number of badblocks.  [Often in those cases, you cannot just
use windows to copy of the files.]

There are some Linux based computer forensic tools you could look into. 
I think most of the good tools are on the Penguin-slueth CD.

http://www.linux-forensics.com/

So far we have only used that CD as a boot CD to make dd images of
suspect drives, but supposidely there are some good recovery tools on
there.

Raid system recovery can be much more difficult.

Greg
-- 
Greg Freemyer



More information about the Ale mailing list