Whenever we get a pendrive even if the drive is empty it still has a lot of information about what was stored on it. This can help you find out what he/she had saved on that drive or recover sensitivity information about your company which an employee had leaked. Recovery can be done for various reasons but the tricks remain the same.
What you need?
All you need is Kali Linux on Vmware.
How to?
Level-1:- Recuva
Recuva is one of the basic file recovery software which can be used to recovery files deleted on a regular windows computer. This software is also portable, to make a portable version you only need to copy the files from the program files directory to your pendrive. It can recovery the files of a specific file format like images, videos, music, etc. It is useful to quickly recover the file which you might have accidentally deleted.
We need to run a basic command which is fdisk -l which gives you the names of all devices which is used for tools to recover files of a USB stick mounted to your Linux system.
You can consider this as the first step towards file recovery in Kali Linux.
Level-2:- foremost
foremost is a quick recovery tool available in Kali Linux. This tool can be used in audits where you need to recover the files deleted quickly. You can use various parameters according to the requirements of the audit. To find out about all the parameters you can run the command foremost -h. But if you want to recover all files and save them on a file then you can use the command foremost -t all -v -i device name -o directory. Here -t is the parameter which decides the type of file, -i is the parameter which decides the device name or image name, -o is the parameter which decides the output directory.
Level-3:- scalpel
scalpel is like a bazooka in the field of recovery. This is the ultimate recovery tool which can recover all the files deleted from a derive or image of that drive. To use this tool you will need to first do some changes in the .confg file which is present in etc/scalpel. You have to delete the # present in front of the file type. The best thing you can do is delete all the # persent in front of all the file formats. After this save it and then open a terminal and then type scalpel -h to find out about the different parameters you can use. To recover the files to a specific directory type the command scalpel device name or image file path -o output directory.
Note:- When you use tools like scalpel and foremost you get and audit.txt file with the actual files. This audit.txt file is consist the log of all files which were recovered by the tools.
Another great feature of these tools is that it save all the different file extensions under different folders which is systematic and is helpful to sort the files and locate the file which is needed.
What you need?
All you need is Kali Linux on Vmware.
How to?
Level-1:- Recuva
Recuva is one of the basic file recovery software which can be used to recovery files deleted on a regular windows computer. This software is also portable, to make a portable version you only need to copy the files from the program files directory to your pendrive. It can recovery the files of a specific file format like images, videos, music, etc. It is useful to quickly recover the file which you might have accidentally deleted.We need to run a basic command which is fdisk -l which gives you the names of all devices which is used for tools to recover files of a USB stick mounted to your Linux system.
You can consider this as the first step towards file recovery in Kali Linux.
Level-2:- foremost
foremost is a quick recovery tool available in Kali Linux. This tool can be used in audits where you need to recover the files deleted quickly. You can use various parameters according to the requirements of the audit. To find out about all the parameters you can run the command foremost -h. But if you want to recover all files and save them on a file then you can use the command foremost -t all -v -i device name -o directory. Here -t is the parameter which decides the type of file, -i is the parameter which decides the device name or image name, -o is the parameter which decides the output directory.Level-3:- scalpel
scalpel is like a bazooka in the field of recovery. This is the ultimate recovery tool which can recover all the files deleted from a derive or image of that drive. To use this tool you will need to first do some changes in the .confg file which is present in etc/scalpel. You have to delete the # present in front of the file type. The best thing you can do is delete all the # persent in front of all the file formats. After this save it and then open a terminal and then type scalpel -h to find out about the different parameters you can use. To recover the files to a specific directory type the command scalpel device name or image file path -o output directory. Note:- When you use tools like scalpel and foremost you get and audit.txt file with the actual files. This audit.txt file is consist the log of all files which were recovered by the tools.
Another great feature of these tools is that it save all the different file extensions under different folders which is systematic and is helpful to sort the files and locate the file which is needed.
No comments :
Post a Comment