Data Recovery techniques

Data Recovery techniques
Written by Nilima PaulJanuary 12, 2022
22 min read
Nilima Paul

Technology Security Analyst

We will know in this article, what's Data Recovery techniques.

Introduction to Data Recovery Techniques

Information Recovery Techniques are a fundamental piece of Digital Forensics. It's fundamental for Ethical programmers and infiltration analyzers, and typical individuals in our everyday life. The greater part of you might even think that whenever you have organized your hard drive or your PDA, each of your information is no more. In any case, that is not the substantiated reality. Information can be recuperated in any way. In addition, on the off chance that it's organizing, information recuperation procedures are a simple assignment and should be possible with basic and free devices accessible on the web. However, to fledgling individuals out there, who don't know about this, information recuperation strategies can be an arrangement-breaking circumstance.

Some of you may not even what is Data Recovery methods and what are the parts of Digital Forensics. In this way, Let's investigate that.

Digital Forensics

The vast majority of you might believe that once you have a secret key ensured hard circle drive, your information is gotten. What's more, assuming you erase everything and afterward design it once more, you would think it is gone, eh? In any case, that is not the situation. What's more, this is the place where Digital Forensics becomes possibly the most important factor.

Computerized criminology is a piece of Ethical hacking. It manages Data Recovery procedures and information control, finding the wellspring of pictures, recordings, and mp3s transferred on the web. Computerized Forensics is a different classification to manage. It likewise involves checking, fixing, and assembling Intel out of the most adulterated hard circle drives and different gadgets like Cell telephones, PDAs, versatile PCs, biometrics, and some more. Consequently, Data Recovery strategies are fundamental pieces of Cybercrime since enough information about a particular programmer/party would assist with tackling the wrongdoing without any problem. Assuming not that, then, at that point, basically the recuperated information could assist with recognizing the programmer's functioning technique.

Daily Life Scenario

Now you think: Ok, that’s fine for a White Hat and a Penetration tester, but how is that useful in our daily life? Let me give you a real-life scenario.

Scenario I: Nexus 5 Revelation

During the days when I began finding out about hacking and stuff, I was a device freak. I generally had the propensity for buying a lot of gadgets and analysis with them. However, since, cash is an issue; I used to buy recycled PDAs sold on eBay, Olx, or from the side of the road dealers for a fourth of the first cost. Not really long back, when I was exploring different avenues regarding a Nexus 5 I acquisition of from eBay for 8K, I lost a great deal of information I had inside it. The stuff happened something like this:

Nexus 5 Bootloader

After I bought the Nexus 5, it was completely organized by the past proprietor. I established it and introduced Cyanogen Mod 11.00 (CM11-KitKat) and introduced an AK portion. It was working so fine that I began involving it as my everyday driver. Yet, when I attempted to overclock it, the telephone went dead. The battery was scorched because of over-burden. I bought another battery and bound it. However, when I began the Cell, it was stuck on the boot circle (Bootloop meaning endless stacking at stacking screen on fire up). Thus, I needed to re-introduce the entire OS. However, since I needed to recuperate every one of the information I had inside it, I needed to do a few monkey tricks to recuperate every one of the information. It was anything but a clear circumstance. What's more, when I say information recuperation methods, I don't mean inside information. I mean the genuine telephone information where settings and other stuff are put away. Along these lines, I began looking on the web for information recuperation preparing instruments free, and observed the Safecopy apparatus for Linux. I had the advantage in Linux yet knew nothing about it. I introduced it by composing:

$apt-get install a safe copy

Once installed, I tried to make a whole disk image of the data and cache partition using Safecopy using the below command:

$safecopy /dev/Nexus5 nexus5.iso

. My whole data was of something 5-6 gigs, but the recovered data seemed to be of around 14 gigs. I was shocked to see that. Since I was desperate and curious to get my data back without corruption, I also used ADB tools (Android Debug Bridge) to backup.

I installed ADB tools in Linux by typing:

$apt-get install android-tools-ADB

I used the following command to take the full backup of my cell phone:

$adb backup -apk -shared -all -f /root/temp.ab

If you just want to backup without the app, you can use either of the following:

$adb backup -all -f /root/temp.ab

You can notwithstanding, check the assist order with checking for additional banners and choices.

Presently comes the most stunning part. It required roughly 3-4 hours to get the full reinforcement of the mobile phone. When done, the complete document I got was 33 gigs. I was shell-stunned when I saw this. My entire Nexus 5 was off 16 gigs, out of which I had simply 12 gigs accessible to store stuff, and again I simply utilized something like 5-6 gigs from that. Then, at that point, from where in the world did the excess 26 gigs come from? The most noticeably awful inquiry was, the place where was everything put away? Mistaken for this, I utilized SQLite Viewer to see the reinforcement record before I could reestablish it back once more, and what I saw was amazing. In addition to the fact that I took a reinforcement of mine, however, when I attempted to recuperate the information, every one of the information the past proprietor put away was reestablished. I could see the Facebook talks and We-visit information just as utilizing the SQLite program and the SQLite Viewer. It was inevitable before I could isolate the old recuperation information from my information. I might have likewise recuperated the SMS and the contacts information utilizing the scandalous Sleuth Kit, however, I thought to provide it with a touch of time before I could dominate the fundamental Database Recovery. I likewise recuperated the Whatsapp information base, and with a tad of social designing, I additionally hacked the encoded key of the individual from whom I had bought the Cell Phone. Notwithstanding, later on, I called the particular individual since he was a modest man and informed him about the issues that might have occurred if this somehow managed to fall into some unacceptable hands.

Scenario II: The Kevin Mitnick Method

I question whether a large portion of you might have known about the notorious programmer Kevin Mitnick. He has composed heaps of books connected with Social Engineering and Hacking. He was on the FBI's most-needed rundown and served 5 years in jail for something very similar, however was subsequently delivered since much proof was not found against him. You might be asking why I say this. The justification behind that is that; Kevin was an incredible Social Engineer. Also, I have utilized a few of his stunts to enter into sites and associations (legitimately, clearly). He used to do very well since he used to imitate somebody such as himself, gain actual admittance to an association, and afterward hack it. He additionally used to do dumpster passing through which he could get too touchy documents tossed as refuse in the trash.

Presently when I read his book "Specialty of Deception", I thought, how about we check it out. What's more, this was two years back when I was working in an alternate IT association. I realized that like clockwork, the organization stayed up with the latest by changing a portion of the equipment and used to offer these parts to the most elevated bidder on eBay in parcels. I bought a couple of hard drives from around there. It was generally perfect and organized and slow. Along these lines, I utilized this device known as EASEUS Data Recovery strategies to recuperate erased information. By then, I didn't be aware of safe duplicates. Thus, I utilized this Data Recovery preparing programming. I utilized the preliminary form first and tracked down bunches of records, yet it was seriously harmed, and I was unable to recuperate them. Additionally, the records which were displayed as 'can be recuperated documents' were more than 2-3 years of age. In this way, I had a live plate then, at that point, which was Knoppix, the well-known live circle, to investigate anything. In any case, what I did and I later acknowledged was that it very well may be done through any Linux dispersion and not simply Knoppix. I utilized the dd order to clone the entire hard palate and output it area by area. dd is a plate utility duplicating device for Linux. Here you can even determine nearly everything from the square size to cloning an entire drive.

I utilized the accompanying order to clone the hard plate:

$dd if=/dev/sdb1 of=/root/tempclone.iso bs=2048

You can indicate any square size according to your desire going from 512k to 4096 until you know what you are doing. Here dd is requesting that the PC check for a drive with mark sdb1, and assuming it is there, duplicate the entire plate into an iso or a picture document contingent on your use with the square size to be of 2048k and afterward save it to root catalog with the name of tempclone.iso. You can likewise invert the method involved with changing over an iso clone into an actual HDD by composing the accompanying:

$dd if=/root/tempclone.iso of=/dev/sdb1 bs=1024

Here, I generally lean toward o utilize the low side square size because of individual inclination. You can expand it if you need, however, I had terrible encounters with it before. Consequently the low square size.

Thus, by cloning the HDD, you currently have a full clone of the entire HDD on your PC. Yet, note that this won't chip away at a plain, designed HDD since there isn't anything to clone. You would initially need to recuperate the adulterated information by utilizing some great plate recuperation programming like EASEUS; regardless of whether it's muddled, it's anything but an issue. Once recuperated, you can clone it utilizing the dd order. The justification for this is since, supposing that your hard circle has gone terrible areas, the hard plate will not permit you to peruse the excess lump of information close to that area. Yet, we can do that by cloning the drive. Once cloned, you can utilize the accompanying instruments to recognize and eliminate the awful areas and save just the great and recoverable areas and afterward read it:

  1. HDDs can




3. Check Flash


4. Chip Genius


Thus, by doing this, I removed around 390 gigs of information out of the 500 gigs hard drive, out of which I could recuperate uncorrupted information of around 236 gigabytes. Presently, this was a significant issue since the data I got was amazingly classified. By investigating the information, I saw that this was the hard drive utilized by the Human Resource group to save Salary, fortunate assessed other bookkeeping data. I immediately reclaimed this data to the IT departmental head and informed him about this, however, no legitimate moves were made since this is India. I suggested that the organization annihilate the hard plates instead of selling them since this could be a bad dream assuming the subtleties of the financial balance data get into some unacceptable hands. In any case, I was approached to remain down, yet be that as it may, I got an advancement because of this, which is out and out an alternate story.

Digital forensics and Data Recovery techniques: Aftermath

However, the point here is that information recuperation methods are material to every other association and typical individuals utilizing electronic gadgets to store private information. Don't even get me started! about this, however, that doe I 't make any difference. The significant thing to know is how to obliterate computerized legal sciences proof. Programmers these days use LUKS encryption to obliterate information assuming that somebody alters it, which overwrites every single byte with zeros rather than some other hexadecimal number. This, be that as it may, makes the information recuperation strategies futile. In any case, once more, it's anything but a piece of cake for everybody to utilize LUKS encryption. Furthermore, utilizing LUKS encryption has a major impediment: assuming you fail to remember the secret word to the put-away informal put-away can't be recuperated regardless. You will be stuck until the end of time. However, nobody should approach the information rather than some criminal involving it for vindictive purposes.

Information Recovery Techniques and Digital Forensics is another significant justification for why programmers regularly annihilate every one of the information with secure cancellation from the person in question or slave PC once their work is done as such that nothing can be followed back to them. There is something else to it besides it appears. Information Recovery Techniques, similar to some other thing in the world, is aid just a revile. They are cut out of the same cloth. You can't save one while obliterating the other.

First Image Source:

Ethical Hacking
Cyber Security
Was this blog helpful?
You must be Logged in to comment
Code Block
Nilima Paul
Technology Security Analyst
201 Blog Posts
0 Discussion Threads
Trending Technologies
Frontend Development24
Backend Development20
Server Administration17
Linux Administration26
Data Center24
Penetration Testing16

Techiio is on the journey to build an ocean of technical knowledge, scouring the emerging stars in process and proffering them to the corporate world.

Follow us on:

Subscribe to get latest updates

You can unsubscribe anytime from getting updates from us
Developed and maintained by Wikiance
Developed and maintained by Wikiance