There are ways to do secure erasure of files to avoid recovering files from computer systems and it is very simple to overwrite the file before deleting it with the same amount of information as it originally contained, for this there are already software tools that perform secure deletion of files and they can even be integrated into the functions of the operating system if you want, in this way you can never recover the information that was contained in the storage units of computer systems, allowing many criminals not to leave any type of information that incriminates them before the law.Ĭan entire partitions be recovered with everything and the information contained in them? Secure erasure is a way to prevent testdisk / photorec from recovering the information:
This tool is key in the area of police technology in each country, since at the time of seizing computer equipment with erased information that can serve as evidence to determine different crimes according to the Laws of each country itself is key to recovering said key information. Use of Testdisk / Photorec for Forensic Analysis Note: If you have deleted files on a storage drive and you want to recover them, do not use it to save new files until you have done the process of recovering the deleted files. Once the files are deleted, their memory addresses still exist, if you have not saved new files or formatted a removable memory (pendrive), but the references to those memory parts are deleted, testdisk / photorec, in its algorithm interprets all those parts of the files and reconstructs them, although in cases where the person saved files after realizing that they deleted important files by mistake, the recovery of the files is not reliable, due to the overwriting the memory locations of part of the files that were deleted. Then the recovery process begins, after this process, you only have to enter the destination folder that has been created for this purpose. On the next screen, just press enter, this confirms the option selected in terms of permissions on the destination folder to save the files.Ħ. In the interface that is displayed, select the removable storage unit (pendrive) with the keyboard navigation keys.ĥ. Run photorec with the command: photorecĢ. You can see that the removable storage drive is /dev/sdb1 the next thing to do is to create the destination folder to save the recovered files with: mkdir recoveredFiles Easy Steps to follow for Data Recoveryġ.
I/O size (minimum/optimal): 512 bytes / 512 bytesĭevice Start Start End Sectors Size Id Type Sector size (logical/physical): 512 bytes / 512 bytes The first thing to do is to run the command fdisk -l as administrator or (root) to obtain and identify a list of drives connected to the computer, here is an example of the result on the console screen:ĭisk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors Here are some simple steps to recover files from a removable storage drive (flash drive): It should be noted that testdisk/photorec works with a wide range of file systems such as FATx, NTFS, EXTx, UFSx, ReiserFS, among many other partition systems. The testdisk command allows to some extent to recover damaged partitions, defective disks and data on partitions, in the case of photorec it is mostly to recover files that are deleted or on partitions that have been damaged.
Now having the answer to our initial question, testdisk and photorec are 2 tools that are found together in the installation package in Debian and Debian GNU/Linux based Linux distributions, it can be installed as follows with root or sudo access on a terminal: apt install testdiskįor a simple user manual we can run the following command: man testdiskĪ quick help on the testdisk and photorec commands can be viewed as follows: testdisk -help TestDisk can be used to obtain detailed information about a corrupted disk which can be sent to a technician for further analysis.” Source: Wikipedia It was developed primarily to help recover lost data on partitions and to repair bootable disks, problems caused by faulty software, some types of viruses or human error (such as deleting the partition table).
“TestDisk is a data recovery utility licensed as free software. To answer this question let us take the following text quote: The first thing to know before discussing the process is to introduce you to free and open software called TestDisk.