[ale] (OT) data recovery - show and tell?
Michael D. Hirsch
mhirsch at nubridges.com
Mon Apr 26 15:02:01 EDT 2004
I think subject would make a fantastic presentation. Would anyone like to
volunteer to present. This would be a fabulous way for a consultant to
advertise their abilities, or a great opportunity for someone to get
motivated to learn this stuff.
If you are interested, please let me know.
Michael
On Friday 23 April 2004 05:40 pm, Greg Freemyer wrote:
> On Fri, 2004-04-23 at 11:04, Preston Boyington wrote:
> > where does one acquire training in data recovery. i was looking for
> > something more along the lines of a seminar or such. i've been fortunate
> > in doing small things (recovering from single drives/deleted files), but
> > i've yet to try anything RAID related or jobs of really any scale.
> >
> > basically backup and data recovery is something that has always
> > interested me, and i would like to add another feature to my resume.
> >
> > anyone offer training like this? could someone recommend a good resource
> > for related information?
> >
> > thanks,
> > preston
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
> It is not a simple topic and I don't know of any comprehensive training.
>
> My company does computer forensics (CF), and as a sideline we end up
> having data recovery capabilities.
>
> If we are trying to recover deleted files, or even file fragments, we
> normally use FTK. It is CF software and training is available. (Maybe
> even at Kennesaw, they have CF classes I think.) Neither FTK nor the
> company training are low-cost. I don't know what Kennesaw charges, but
> they host a national CF seminar in March.
>
> FTK does not do well if the logical filesystem structure is corrupted,
> but even then it can get back individual disk clusters based on keyword
> searches. I have used it to recover files from drives with a
> significant number of badblocks. [Often in those cases, you cannot just
> use windows to copy of the files.]
>
> There are some Linux based computer forensic tools you could look into.
> I think most of the good tools are on the Penguin-slueth CD.
>
> http://www.linux-forensics.com/
>
> So far we have only used that CD as a boot CD to make dd images of
> suspect drives, but supposidely there are some good recovery tools on
> there.
>
> Raid system recovery can be much more difficult.
>
> Greg
More information about the Ale
mailing list