| Starije izmjene na obje strane
Starija izmjena
Novija izmjena
|
Starija izmjena
|
racfor_wiki:datoteke_i_datotecni_sustavi:povrat_podataka [2020/01/08 18:05]
pguichard [Conclusion] |
racfor_wiki:datoteke_i_datotecni_sustavi:povrat_podataka [2024/12/05 12:24] (trenutno)
|
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>**iii) The actual data recovery**</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>**iii) The actual data recovery**</font> |
| |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>To recover these files, data recovery tools are used, this is a software approach. These are the most sold solutions online. It can either only repair partitions or completely repair the lost data. This kind of tool permits to locate recoverable data by browsing the disk you erased data from. Then this tool pieces it all together and pieces it back together, no matter its extension (.jpg, .zip…) and the storage media (SD card, USB disk…). This software may even recreate the original structure of the different folders.</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>To recover these files, data recovery tools are used, this is a software approach. These are the most sold solutions online. It can either only repair partitions or completely repair the lost data. This kind of tool permits to locate recoverable data by browsing the disk you erased data from. Then this tool pieces it all back together, no matter its extension (.jpg, .zip…) and the storage media (SD card, USB disk…). This software may even recreate the original structure of the different folders.</font> |
| |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>It seems useless to remind that a perfect software for this usage does not exist. If the data we are searching for was overwritten too many times or compromised we will most probably not recover it.</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>It seems useless to remind that a perfect software for this usage does not exist. If the data we are searching for was overwritten too many times or compromised we will most probably not recover it.</font> |
| |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>The last phase is done either by hand or using software. This is a very important step for computer forensics scientists searching for traces. We can differentiate two types of failures: software and material failure. In the first case, we obviously need a software solution and in the second, a material one. Material failures often allow partial data recovery, but it might end in a storage media destruction. Software data recovery solutions well done do not alter the medium. This is the reason why the previous diagnostic is essential, in order to know if the problem was caused by a damaged material, or by the software itself if a human mistake is not to blame. A software approach on a material failure may make any recovery attempt useless and, moreover, make it impossible afterwards.</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>The last phase is done either by hand or using software. This is a very important step for computer forensics scientists searching for traces. We can differentiate two types of failures: software and material failure. In the first case, we obviously need a software solution and in the second, a material one. Material failures often allow partial data recovery, but it might end in a storage media destruction. Software data recovery solutions well done do not alter the medium. This is the reason why the previous diagnostic is essential, in order to know if the problem was caused by a damaged material, or by the software itself if a human mistake is not to blame. A software approach on a material failure may make any recovery attempt useless and, moreover, make it impossible afterwards.</font> |
| | |
| |
| ===== 3. Recovering data to find traces ===== | ===== 3. Recovering data to find traces ===== |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>The most efficient solution remains to physically destroy the support, data will thus be definitely unreachable.</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>The most efficient solution remains to physically destroy the support, data will thus be definitely unreachable.</font> |
| |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>**ii) From a magnetic disk**</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>**ii) Gutmann's method for magnetic disks**</font> |
| |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Through his paper, Gutmann proposes a solution to counter the method that permits to read data on a magnetic disk. It is a way to degauss the drive. The purpose of this is to saturate the disk to the greatest depth possible to erase all traces of data that was once stored. However, highest frequencies only scratch the surface of the pattern. Thus, we need to use the lowest frequency possible. And, since producers try to increase the storage on hard drives, the frequencies used in drives are higher and higher.</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Through his paper, Gutmann proposed a solution to counter the method that permitted to read data on a magnetic disk. It is a way to degauss the drive. The purpose of this is to saturate the disk to the greatest depth possible to erase all traces of data that was once stored. However, highest frequencies only scratch the surface of the pattern. Thus, we need to use the lowest frequency possible. And, since producers try to increase the storage on hard drives, the frequencies used in drives are higher and higher.</font> |
| |
| <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Because of methods of encoding, used to make sure the head does not lose the trace of where it is, it is just not possible to overwrite everything with zeros, then with ones as many times as possible. The RLL (Run-length limited) code permits to avoids analog signal peaks overlapping. Plus, it defines a certain maximum number of consecutive zeros. Without this, synchronization could be difficult.</font> | <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Because of methods of encoding, used to make sure the head does not lose the trace of where it is, it is just not possible to overwrite everything with zeros, then with ones as many times as possible. The RLL (Run-length limited) code permits to avoids analog signal peaks overlapping. Plus, it defines a certain maximum number of consecutive zeros. Without this, synchronization could be difficult.</font> |
