data recovery
TRANSCRIPT
CSD AMU ALIGARH
Data Recovery
By:Rohit Gupta2015 MCA15
CSD AMU ALIGARH
Content1. Data Loss 1.1 What is data Loss ? 1.2 What causes Data Loss & How to prevent data Loss ?2. Data Recovery 2.1 What is Data Recovery ? 2.2 How can it be used ?3. Data Recovery Techniques
3.1 Software Data Recovery3.2 Hardware Data Recovery
4. Conclusion5. Future Scope
CSD AMU ALIGARH
What is Data Loss?
• Data has accidentally been erased or data control structures have been overwritten.
• Data has been corrupted or made inaccessible.
• Data loss is distinguished from data unavailability
CSD AMU ALIGARH
What Causes Data Lossand
Preventions
CSD AMU ALIGARH
What Causes Data Loss?
• Hardware and System problems • Software corruption or application error • Virus Attacks• Human Error– Accidental deletion– Accidental overwriting of files
• Natural Disaster
CSD AMU ALIGARH
Data loss and Preventions
• Head Crashthe read/write heads of a hard drive come into physical contact with the media surface.
Indications:Unusual noise omitting from the
hard drive – clicking, grinding or scraping. What to do?
Shut down the computer immediately
CSD AMU ALIGARH
• Power SurgeExtreme power fluctuations may
severely damage media electronics and directly effect a drive’s read/write
heads resulting in physical media damage and/or data corruption. Indication:
Smoke omitting from computer, sparks, inaccessible data, drive will not power up. What to do?
Unplug devices following all power outages.
CSD AMU ALIGARH
• Water DamageA single spill from a cup of coffee or water can bring your computer to a screeching halt.
What to do:Immediately power down computer and keep it off.Do not attempt to dry your hard drive or electronics; place in an airtight
bag.
CSD AMU ALIGARH
• Virus AttacksThere are literally thousands of viruses constantly attacking computers in this internet age.
What to do:Always protect yourself with antivirus software and never open emails from unfamiliar users.Update antivirus software regularly.
CSD AMU ALIGARH
Cause Example Percentage
Hardware and System Problems
Disk drive crashes, Electrical outages and power surges, Manufacturer defects etc..
45%
Human Errors Accidental Deletion, Overwriting of files etc.. 33%
Software Corruption or Application Error
Application displays an error message when document is opened, Installing corrupt application
etc..
12%
Computer Viruses Viruses such as MyDoom.A or MyDoom.b etc.. 6%
Natural Disasters Fires, Floods, Lightning, Earthquakes etc.. 4%
Backup Hardware
CSD AMU ALIGARH
• CDs, DVDs and Blue-Ray disks- Inexpensive, quick, months to years of
storage
• Thumb drives- Inexpensive, quick, larger storage capacity than
CDs/DVDs, months to years of storage
• Internal hard drive- Easy transfer from one hard drive to another, many
years of storage
• External hard drive- Easy transfer from internal to external hard drive,
better connection options, long-term storage
What is Data Recovery
• Data recovery is the process of restoring data that has been lost, accidentally deleted, corrupted or made inaccessible for any reason, from electronic storage media (hard drives, removable media, optical devices, etc...)
• There are occasions when damage to data is permanent and complete data recovery is not possible. However, some data is usually always recoverable.
CSD AMU ALIGARH
CSD AMU ALIGARH
Cases of Recovery
FIRE
Found after a fire destroyed a 100 year old home – All data Recovered
CRUSHED
A bus runs over a laptop – All data recovered
SOAKED
Notebook trapped underwater for two days – All data recovered
Data Recovery Techniques
CSD AMU ALIGARH
Data Recovery Using Software
CSD AMU ALIGARH
• Only restore data that is not overwritten.
• Do not work on physically damaged drives.• Uses various file system such as FAT,NTFS to
recover data
• Can be used to restore permanently deleted files, from removable devices etc..
• Recuva, Undelete Pro, EasyRecovery, Proliant, Novanet, etc..
NTFS File System
CSD AMU ALIGARH
• preferred file system for Microsoft’s various desktops and server.
• File Records are stored in a special table called as Master File Table (MFT).
• MFT does not store the data of file (unless the data is small to be able to fit in MFT Entry).
• The information about file is stored in MFT Entry as series of attributes.
• Each attribute has an identifier which identifies type of attribute
CSD AMU ALIGARH
Type Type Identifier(Hexadecimal) Attribute NameIdentifier(Decimal)
16 0x10 $STANDARD_INFORMATION32 0x20 $ATTRIBUTE_LIST48 0x30 $FILE_NAME64 0x40 $VOLUME_VERSION64 0x40 $OBJECT_ID80 0x50 $SECURITY_DESCRIPTOR96 0x60 $VOLUME_NAME112 0x70 $VOLUME_INFORMATION128 0x80 $DATA144 0x90 $INDEX_ROOT160 0xA0 $INDEX_ALLOCATION176 0xB0 $BITMAP192 0xC0 $SYMBOLIC_LINK192 0xD0 $REPARSE_POINT208 0xE0 $EA_INFORMATION224 0xF0 $EA256 0x100 $LOGGED_UTILITY_STREAM--- 0xFFFFFFFF End of Attributes
CSD AMU ALIGARH
• first sixteen entries in MFT only for NTFS metadata files which are reserved
• File Records for user created files are added after that reserved entries.
NTFS FILE SYSTEM METADATA FILES
Entry Number NFTS Metadata File Name
0 $MFT1 $MFTMirr2 $LogFile3 $Volume4 $AttrDef5 . (Dot)6 $Bitmap7 $Boot8 $BadClus9 $Secure10 $Upcase11 $Extend
CSD AMU ALIGARH
• Files and folders are differentiated using simple flag values present in MFT Entry
MFT HEADER FALG VALUE DETAILS
Value Description
0x00 Deleted File Entry0x01 File Entry0x02 Deleted Folder Entry0x03 Folder Entry
CSD AMU ALIGARH
When we delete a file on NTFS file system:Step 1:
File’s MFT Entry is made unallocated by changing the flag values in MFT Entry Header. For files it is changed from0x01 to 0x00, and for folder it is changed from 0x03 to 0x02.
Step 2:
$Bitmap attribute of $MFT metadata file is processed and value 0 is set for the file’s MFT Entry.
Step 3:
The non resident attributes of file’s MFT Entry are processed and their clusters are set to unallocated in $BITMAP metadata file.
when file is deleted on NTFS files system, actual data content of the file is not deleted. Only the changes to the MFT Entry Header and some metadata files are made
Recuva
CSD AMU ALIGARH
• Recuva is a data recovery program for windows. It is able to recover files that have been "permanently" deleted. The program can also be used to recover files deleted from USB flash drives, memory cards etc.
• The program works on both FAT and NTFS file systems.
CSD AMU ALIGARH
After installation of Recuva Wizard
CSD AMU ALIGARH
Specify Location
CSD AMU ALIGARH
Scanning required file
CSD AMU ALIGARH
Showing Results
Advantages & Disadvantages of Data Recovery From Softwares
CSD AMU ALIGARH
Advantages:
• Data Can be Recovered• Various Software are available• User Interface.• Easy to handle.
Disadvantages:
• Not work if data is overwritten.• Not work on physically damaged
devices
Data Recovery Using Macroscopic Technique
CSD AMU ALIGARH
CSD AMU ALIGARH
Macroscopic Technique
• Scanning Probe Microscopy (SPM)• Magnetic Force Microscopy (MFM)• Scanning Tunneling Microscopy (STM)
CSD AMU ALIGARH
Scanning Probe Microscopy• Scanning probe microscopy (SPM) is a new
branch of microscopy that forms images of surfaces using a physical probe that scans the specimen.
• An image of the surface is obtained by mechanically moving the probe in a raster scan of the specimen, line by line, and recording the probe-surface interaction as a function of position
Scanning Probe Microscopy (SPM)
CSD AMU ALIGARH
• Uses a sharp magnetic tip attached to a flexible cantilever placed close to the surface to be analyzed
• produce a topographic view of the surface, using a PC as a controller
CSD AMU ALIGARH
CSD AMU ALIGARH
Magnetic Force Microscopy• MFM (Magnetic Force Microscopy) is a new
technique which images the spatial variation of magnetic forces on a sample surface.
• MFM is derived from scanning probe microscopy (SPM) and uses a sharp magnetic tip attached to a flexible cantilever for analysis.
• An image of the field at the surface is formed by moving the tip across the surface and measuring the force.
CSD AMU ALIGARH
MFM Working image showing the bits of a hard disk
CSD AMU ALIGARH
Scanning Tunneling Microscopy
• STM (Scanning Tunneling Microscopy) is a more recent variation of MFM which uses a probe tip typically made by plating nickel onto a pre-patterned surface.
• The probe is scanned across the surface that is to be analyzed. STM measures a weak electrical current flowing between the tip and the sample. The image is then generated in the same way as MFM.
Advantages & Disadvantages of Macroscopic Technique
CSD AMU ALIGARH
Advantages:
• Data Can be Recovered• Gives Topographic View• Overwritten Data Recovery is possible.
Disadvantages:
• Much costly.• Can not be done at home.
CSD AMU ALIGARH
CSD AMU ALIGARH
CSD AMU ALIGARH
Conclusion
CSD AMU ALIGARH
• Individuals or companies may experience data loss at any time for many reasons.
• There are various steps that should be implemented to help prevent data loss.
• Data loss can be very costly and very upsetting.
• There are several data recovery techniques that have proven to be successful or partially successful in recovering data.
• Utilizing qualified professional data recovery specialists will aid in the degree of success of data recovery.
Future Scope
CSD AMU ALIGARH
• New File Systems Can be developed or upgraded for easy recovery of data
• New softwares can be developed for data recovery
CSD AMU ALIGARH
References• WWW.Google.co.in• http://www.intellirecovery.com/data/recovery.html• http://www.data-recovery-info.com• http://www.eng.yale.edu/reedlab/research/spm/spm.html
• http://www.ebaumsworld.com• http://www.disklabs.com
ANYQUESTIONS?
CSD AMU ALIGARH