[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Fri Apr 23 17:45:02 2004 -->
- <!--x-from-r13: serrzlre-zy ng @bepebffUebhc.pbz (Uert Terrzlre) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: A88B2F7C91000D41A5C09550ABF5C39B0443C2@poly_propylene.corp.polyengineering.com --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] (OT) data recovery - show and tell? -->
- <li><em>date</em>: Fri Apr 23 17:45:02 2004</li>
- <li><em>from</em>: freemyer-ml at NorcrossGroup.com (Greg Freemyer)</li>
- <li><em>in-reply-to</em>: <A88B2F7C91000D41A5C09550ABF5C39B0443C2@poly_propylene.corp.polyengineering.com></li>
- <li><em>references</em>: <A88B2F7C91000D41A5C09550ABF5C39B0443C2@poly_propylene.corp.polyengineering.com></li>
- <li><em>subject</em>: [ale] (OT) data recovery - show and tell?</li>
It is not a simple topic and I don't know of any comprehensive training.
My company does computer forensics (CF), and as a sideline we end up
having data recovery capabilities.
If we are trying to recover deleted files, or even file fragments, we
normally use FTK. It is CF software and training is available. (Maybe
even at Kennesaw, they have CF classes I think.) Neither FTK nor the
company training are low-cost. I don't know what Kennesaw charges, but
they host a national CF seminar in March.
FTK does not do well if the logical filesystem structure is corrupted,
but even then it can get back individual disk clusters based on keyword
searches. I have used it to recover files from drives with a
significant number of badblocks. [Often in those cases, you cannot just
use windows to copy of the files.]
There are some Linux based computer forensic tools you could look into.
I think most of the good tools are on the Penguin-slueth CD.
<a rel="nofollow" href="http://www.linux-forensics.com/";>http://www.linux-forensics.com/</a>
So far we have only used that CD as a boot CD to make dd images of
suspect drives, but supposidely there are some good recovery tools on
there.
Raid system recovery can be much more difficult.
Greg
--
Greg Freemyer
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="01146" href="msg01146.html">[ale] (OT) data recovery - show and tell?</a></strong>
<ul><li><em>From:</em> mhirsch at nubridges.com (Michael D. Hirsch)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="01004" href="msg01004.html">[ale] (OT) data recovery - show and tell?</a></strong>
<ul><li><em>From:</em> PBoyington at polyengineering.com (Preston Boyington)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg01037.html">[ale] diagnosis</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg01039.html">[ale] Mirrors</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg01006.html">[ale] (OT) data recovery - show and tell?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg01146.html">[ale] (OT) data recovery - show and tell?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#01038"><strong>Date</strong></a></li>
<li><a href="threads.html#01038"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>