I have already mentioned two excellent open source data recovery utilities, TestDisk and PhotoRec, in an older post. Today I came across some others; some lists of other tools actually. I didn’t have the time to try any of them, but here is some info and some useful links to get started with.
Most of these tools try to recover the lost data with a process called data carving. This is a method of retrieving pre-defined types of files, based on distinctive characteristics and internal content structures, regardless of the filesystem or the operating system that was used when the data was written. The magic numbers or “magic bytes” or any other distinctive information contained in the header, main body or footer of a file is used in order to determine its type and to recover it in its entirety, if possible. This method is widely used in forensic analysis, but is also perfectly suitable when the recovery of specific filetypes is required, for example after a filesystem corruption. For a decent description of the technique, please read this PhotoRec challenge page.
Some raw utility listings can be found here and here.
Below are some of the editor’s (that’s me) picks. Be advised, I have not tested any of these utilities. Some Digital Forensics Tool Testing Images can be used in order to test data recovery software and compare their level of effectiveness.
All of these programs can operate on images generated with utilities like dd or directly on the hard disk partition.
- Foremost – This is a very popular file carver. The headers and footers of files to be recovered can be defined in a configuration file.
- Scalpel – This program has derived from Foremost 0.69 and, as it is stated in their home page, it is less resource hungry than Foremost; therefore, it can used in very low-end machines.
- Magic Rescue – This program uses the “magic bytes” in the file contents in order to recognize file types. The program uses its default “recipes” in order to recover files, but the user can define custom recipes.
- The Sleuth Kit and the Autopsy Forensic Browser are a set of command line tools and a graphical interface respectively, which can be used to investigate a hard disk. Actually, this is not for everyday data recovery, but rather applies to forensic analysis or to any other serious examination of the partition itself or of the linear representation of the file activity, etc.
The recommended operating system for most of the above utilities is Linux, but some of them can run under Windows too. By checking the above lists of software, you will be surprised by the number of open-source software that is available for data recovery or partition analysis.
More Data Recovery Tools by George Notaras is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright © 2006 - Some Rights Reserved