Data%20Recovery%20Techniques - PowerPoint PPT Presentation

About This Presentation
Title:

Data%20Recovery%20Techniques

Description:

Tapes can simply break. Hard disks can suffer from mechanical problems. Logical Damage ... DATA totally lost. Cause the system to crash. Strange behavior ... – PowerPoint PPT presentation

Number of Views:253
Avg rating:3.0/5.0
Slides: 25
Provided by: csF2
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Data%20Recovery%20Techniques


1
Data Recovery Techniques
  • Florida State University
  • CIS 4360 Computer Security
  • Fall 2006
  • December 6, 2006

Matthew Alberti MCA05_at_fsu.edu
Horacesio Carmichael HMC03c_at_fsu.edu
2
Explanation
  • Data recovery techniques are used to recover
    information that has been deleted or compromised.
    End users, companies, and government agencies may
    use data recovery for different reasons. Data
    recovery techniques are often a major part of
    computer forensics.

3
Background
  • Data recovery techniques have been around for a
    long time
  • Does not necessarily relate to computer systems
  • Today, data recovery is most often related to
    computer systems

4
Common Misconception
  • When data is removed from a system it is either
    deleted or overwritten. But there are ways to
    recover deleted data.
  • Just because a file is deleted that does not mean
    the data is gone. The Operating System simply
    removes the pointer from the file, but the data
    is still there.
  • Now new data can be written to this space.

5
Misconception cont.
  • Data is recorded onto magnetic media by using
    ones and zeroes. When the data is overwritten,
    the disk will only detect the new data leaving
    only remnants of the old data.
  • The time to read the remnants would be very time
    consuming and all the old data would not be read
    correctly. This would cause a very problematic
    and impossible puzzle to solve.

6
Reasons for End User
  • Recover files deleted accidentally
  • Recover files that have been compromised
  • Hardware failure
  • Malicious activity

7
Reasons for Companies
  • Recover data from an ex-employee's computer
  • Recover lost files
  • Lost due to hardware failure
  • Compromised or lost due to network problem

8
Reasons for Government Agencies
  • Similar to companies
  • Recover files from an ex-employee's computer
  • Recover data after hardware or network failure
  • Law Enforcement Agencies
  • Recover evidence from a suspect's computer
  • Search for particular information on the hard
    drive
  • Establish motive for the crime
  • Identify any accomplices
  • Support forensic analysis of computers

9
Techniques
  • Perform a forensic analysis of the computer
  • Search for one file or a single file type
  • Attack encryption methods
  • Restore disk using an existing image
  • Examine data in RAM

10
More Techniques
  • Examine disk at the cluster or sector level
  • Analyze data using hex editor
  • Create hash of entire disk
  • Export for use in another tool

11
Statistics
  • Cause of Data Loss
  • Hardware or System Malfunction
  • Human Error
  • Software Program Malfunction
  • Viruses
  • Natural Disasters
  • Frequency of Occurrence
  • 44
  • 32
  • 4
  • 7
  • 3

12
Types of Damage
  • Physical Damage
  • Logical Damage

13
Physical Damage
  • CDs can suffer scratches
  • Tapes can simply break
  • Hard disks can suffer from mechanical problems

14
Logical Damage
  • Logical damage is primarily caused by power
    outages that does not allow the file to be
    completely written to the storage device.
  • Some Results are
  • File is left in an inconsistent state
  • DATA totally lost
  • Cause the system to crash
  • Strange behavior
  • Partial storage

15
Tools - Explanation
  • Many different tools exist that make data
    recovery easier. Some tools are only meant for
    government or commercial use. Also, the cost of
    some tools is too high for them to be feasible
    for an end user.

16
Tools
  • WinHex
  • Very popular
  • Available to End User
  • Forensic Tool Kit (FTK)
  • Used by some law enforcement agencies
  • More oriented towards forensics
  • Encase
  • Also used by law enforcement agencies
  • More oriented towards forensics

17
More Tools
  • Many special-purpose tools
  • Oriented towards End User
  • Single function
  • Typically very easy to use
  • May not be as accurate or powerful
  • Should not be considered forensically sound

18
Defeating Data Recovery
  • Methods exist than can make data recovery very
    difficult or impossible. These methods should be
    used to secure financial information, medical
    records, or classified data. Most people are
    generally unaware that deleted data may still be
    recoverable for a long time.

19
Back Up File
  • Back Up refers to the copying of data so that the
    additional copies may be restored after data is
    lost.
  • Data Recovery is necessary when you lack the
    proper back up system.

20
Techniques to Prevent Recovery
  • Write over deleted space with random data
  • 1s and 0s
  • Make space appear random
  • Use a unique or uncommon algorithm
  • Some recovery tools can reverse the algorithm and
    recover the data
  • Use a tool to wipe data securely
  • Automates process of covering up deleted data
  • Tools are available to End User
  • Sometimes included with security software suites

21
WinHex Screenshots
22
WinHex Screenshots
23
WinHex Screenshots
24
QUESTIONS?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Data%20Recovery%20Techniques" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!