Data Recovery Blog

Computer Forensics: Hard Disk and Operating Systems (Ec-Council Press Series : Computer Forensics) by EC-Council

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker’s path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder’s footprint and gather all necessary information and evidence to support prosecution in a court of law. Hard Disks, File and Operating Systems provides a basic understanding of file systems, hard disks and digital media devices. Boot processes, Windows and Linux Forensics and application of password crackers are all discussed.

Hard Disk Repair

SATA Hard Drive Cables

DATARECOVERYUNION.COM15 years ago4 years ago04 mins

Connectors and cables present the most visible differences between SATA and parallel ATA drives. Unlike PATA, the same connectors are used on 3.5-inch SATA hard disks for desktop and server computers and 2.5-inch disks for portable or small computers; this allows 2.5-inch drives to be used in desktop computers with only a mounting bracket and no wiring adapter. Smaller disks may use the mini-SATA spec, suitable for small-form-factor Serial ATA drives and mini SSDs.

There is a special connector (eSATA) specified for external devices, and an optionally implemented provision for clips to hold internal connectors firmly in place. SATA drives may be plugged into SAS controllers and communicate on the same physical cable as native SAS disks, but SATA controllers cannot handle SAS disks.

There are SATA ports (on motherboards of a PC) that can use SATA data cable with locks or clips, thus, reducing the chance of accidentally unplugging while the PC is turned on. So does the same with SATA power connector and SATA data connector connected to a SATA HDD or SATA optical drive. Also, there are right-angled and left-angled connectors only on one end of SATA data cable, which can only be used when connecting to a SATA HDD or SATA optical drive.

The SATA standard specifies a different power connector than the decades-old four-pin Molex connector found on pre-SATA devices. Like the data cable, it is wafer-based, but its wider 15-pin shape prevents accidental mis-identification and forced insertion of the wrong connector type. Native SATA devices favor the SATA power-connector, although some early SATA drives retained older 4-pin Molex in addition to the SATA power connector.

1. Molex 4pin Male To 15pin SATA Power Cable

2. Molex 4pin Male To Two 15pin SATA Power Cable

3. SATA Power Cable With Two 90 Degree Power Connector

4. 15-Pin SATA Power Male to two Dual Molex 4-Pin Female

5. SATA Data Cable

6. Serial ATA data cable with single right-angle connector

7. SATA Cable with 2 Right Angle Connectors

8. SATA to eSATA Transition Cable

9. Sata 1.8 inch All in one power and data cable

10. SATA Internal Extension cable 22-pin extension cable male to female

11. Serial ATA Data Cable with Power Adapter

12. SATA Power Cable Extension Male to Female 15-Pin

13. SATA Power Splitter Cable with Molex 4-Pin Outptu and Dual 15-pin Sata Output 7 inch cables

14. eSATA Extender Cable Internal to External Cable Bracket

15. SATA Power Adapter Cable Splitter with 3-Molex Power outputs from One SATA Power Input

16. 4-Pin Molex Output from sata power cable input, SATA to Molex Y-Cable

17. SATA I type Connector and SATA L type Connector

18. SATA Power Extender Plug 15-Pin Input to 15-Pin Output

19. SATA to Molex Power Cable Adapter 15-pin Female to 4-pin Male

Data Recovery

Computer Forensics For Dummies

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Uncover a digital trail of e-evidence by using the helpful, easy-to-understand information in Computer Forensics For Dummies! Professional and armchair investigators alike can learn the basics of computer forensics, from digging out electronic evidence to solving the case. You won’t need a computer science degree to master e-discovery. Find and filter data in mobile devices, e-mail, and other Web-based technologies.

You’ll learn all about e-mail and Web-based forensics, mobile forensics, passwords and encryption, and other e-evidence found through VoIP, voicemail, legacy mainframes, and databases. You’ll discover how to use the latest forensic software, tools, and equipment to find the answers that you’re looking for in record time. When you understand how data is stored, encrypted, and recovered, you’ll be able to protect your personal privacy as well. By the time you finish reading this book, you’ll know how to:

Prepare for and conduct computer forensics investigations
Find and filter data
Protect personal privacy
Transfer evidence without contaminating it
Anticipate legal loopholes and opponents’ methods
Handle passwords and encrypted data
Work with the courts and win the case

Plus, Computer Forensics for Dummies includes lists of things that everyone interested in computer forensics should know, do, and build. Discover how to get qualified for a career in computer forensics, what to do to be a great investigator and expert witness, and how to build a forensics lab or toolkit.

Data Recovery

File System Forensic Analysis

DATARECOVERYUNION.COM15 years ago4 years ago03 mins

This is an advanced cookbook and reference guide for digital forensic practitioners. File System Forensic Analysis focuses on the file system and disk. The file system of a computer is where most files are stored and where most evidence is found; it also the most technically challenging part of forensic analysis. This book offers an overview and detailed knowledge of the file system and disc layout. The overview will allow an investigator to more easily find evidence, recover deleted data, and validate his tools. The cookbook section will show how to use the many open source tools for analysis, many of which Brian Carrier has developed himself.

Coverage includes:

Preserving the digital crime scene and duplicating hard disks for “dead analysis”
Identifying hidden data on a disk’s Host Protected Area (HPA)
Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

When it comes to file system analysis, no other book offers this much detail or expertise. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Computer Forensic

The Purpose Of Computer Forensics

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Computer forensics is the branch of forensic science that examines evidence stored digitally on a hard drive or other data storage medium.

History

Computer forensics can be traced back to the beginning of the 1990s when computers began to be integrated into our daily existence. DIBS USA was one of the first computer forensics companies to emerge.

Function

Computer forensics is about the preservation and extraction of data. Data is often found in server logs or on suspects’ hard drives. Since every move on a computer leaves a footprint, forensic experts have to find out how to tie that footprint to a case.

Misconceptions

Computer forensics doesn’t involve a lot of high-level hacking or computer security knowledge since most of the data that investigators would be looking for is in logs. The hardest part is going through each of those logs that can contain thousands of entries per second.

Types

There are various types of computer forensics that look to fulfill different purposes. Network analysis shows data traffic while another branch could involve retrieving data off a scorched laptop hard drive.

Effects

Computer forensic technology has led a lot of criminals to use encryption technology. Since military-grade encryption is legal for use in the United States, many people encrypt their files with algorithms that are impossible for forensic experts to crack.

Hard Disk Repair

What are the common Reasons of Hard Disk Drive failure?

DATARECOVERYUNION.COM15 years ago12 years ago19 mins

What are the common Reasons of Hard Disk Drive failure?

1. Electronic Component Failure
2. Motor Failure
3. Read / Write Head Failure
4. Media Damage
5. Firmware Corruption
6. Logical Failure

One or all of the above primary causes may be evident when diagnosing a failed hard disk drive.

Electronic Component Failure

Electronic components may fail due to voltage transients, heat or poor handling. Substitution, repair and re-programming is generally required in order to recover data stored on the hard disk. PCB assemblies are however hyper tuned at the manufacture stage and specialist re-programming and calibration is subsequently required to restore the hard disk to a working condition.

Motor Failure

Hard disk motor spindles have fluid bearings; sometimes this fluid leaks or becomes overheated and in-effective. The motor will then seize and the hard disk platters fail to rotate. Platter and component re-location to another hard disk assembly is required to effect a repair and restore data.

Read / Write Head Failure
Read / write heads are aerodynamically designed to “fly” at nanometer distances above the surface of the platters. Ceramic thin film sensors at their tip detect magnetic information (data) stored on the surface of the platter. Occasionally the atmosphere in the hard disk enclosure will become contaminated or vibration will cause the dynamic of the head to be disturbed. This disturbance will cause the read /write process to malfunction resulting in bad data read write cycles and eventual failure.
This type of failure usually manifests itself as a distinct clicking noise as the head actuator makes failed repeat attempts to locate data at the same platter track location.

Media Damage

Amazingly all computer hard disk magnetic storage media is manufactured imperfect but to acceptable and controllable levels. During normal operations imperfections will sometimes increase above the predefined acceptable level. This can be due to heat, vibration, head crash, shock or other factors. The operating system will flag errors or fail to boot and data files will then become in-accessible. Read/.Write head replacement and file repair will allow data file structures to be examined and assessed as to their validity.

Firmware Corruption

Hard disk firmware holds precise parameters relevant to the configuration of the assembly at the time of manufacture. Occasionally the firmware becomes corrupt or will “roll back” to an incorrect set of parameters. Under these conditions the location of the stored data as reported to the operating system will be lost. Simple restoration of the correct parameters will allow the hard disk to function correctly. What causes this corruption? Operating system to drive software bugs, control bus protocol failure, it is difficult to determine but failures do occur.

Logical Failure

Data files are stored at logical locations that relate to a number of physical locations on the surface of the hard disk platters. These logical locations are held in tables by the operating system and indexed when running specific software applications. Operating system errors, reloads or incorrect upgrade applications will sometimes corrupt these tables and data will become in-accessible. This is generally referred to as a logical failure. Logical errors can be repaired with software tools available from the internet. Be cautious however – if you are intending to run a fix utility on your disk you can inadvertently damage these tables irreparably and your data will be unrecoverable. This is especially true when running ScanDisk and Chkdsk on a damaged hard drive.

Hard Drive Failure Signs

Your computer “freezes” too often (the picture on the screen is still and does not react to mouse or keyboard manipulations)
Regular booting problems. That may be a sign of bad sectors on the disk with corrupted booting data.
You computer is terribly slow while accessing, saving and opening files.
The usual sound produced by your hard drive is louder than before
Regular appearance of BSOD (Blue Screen of Death), “Operating system not found or Missing Operating System” or “your hard drive is not formatted” messages at startup.

Even if you haven’t backed up your files yet, these signs give you a chance and some time to copy the data before the drive crashes.

Far more ominous signs are:

Your computer is still running normally, but you can hear unusual metallic sounds (grinding, clicking, whirring, scratching, buzzing). That’s a very bad sign that may imply mechanical damage.
You cannot hear any hard drive sounds at all. When the information is written to or read from the disk, it spins and produces sounds, you must be accustomed to these normal sounds. As an example, hard drive becomes silent when it’s inside components expand and get stuck because of overheating.
Your hard drive is clicking or producing grinding metallic sounds, your computer won’t recognize the hard disk. This is a sign that hard drive failure have happened.

If the above occurs, shut down immediately and contact a disk recovery service! If you keep your computer running the platters may be damaged and your files will be unrecoverable. Also, if your hard drive has undergone mechanical damage or was exposed to water, fire, smoke or high temperatures, don’t try to power it up. Contact a disk recovery service.

Hard Disk Repair

Maxtor HDD Firmware Repair Tool 2.0

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Maxtor Firmware Repair 2.0 is a program aiming at solution for typical firmware malfunction of Maxtor 541DX (2B020H1 2B010H1), which may manifest itself as follows:

1. HDD is not identified or identified by its factory alias “Maxtor Athena”;
2. HDD starts the motor and then hangs.

How does Maxtor Firmware Repair 2.0 work?

1. The restoration program will not overwrite the HDD data so it is applicable to data recovery.

2. It provides the users with a most friendly operation interface and it only takes you a few seconds to restore an HDD with typical firmware malfunction.

3. So, after you have this powerful freeware installed, all you have to do is to insert the bootable disk and have the target HDD connected correctly to you IDE slot. In minutes, you could start fixing the defective HDD using this powerful utility by pressing several keys.

4. This free version can only restore typical firmware malfunction of Maxtor 541DX series HDDs but not for others.If you need to restore other series of Maxtor HDD, you can purchase our professional version Maxtor Firmware Repairer PRO.

CD-ROM: Maxtor Firmware Repair 2.0
Floppy Disk: Maxtor Firmware Repair 2.0

Hard Disk Repair

HDD Scan and Repair Tool 3.0

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Are you facing a scandisk on your HDD because there is some bad sectors?
Is it annoying and time-consuming? then you’ve come to the right place.

HDD Scan And Repair 3.0 is the only one known professional program which can scan HDD over 136 G directly that need not the support of computer mainboard with high speed. It can utmost afford 2000 G HDD in theory.

Notice: If you have recently installed Windows Service Pack 2 (SP2) you would be having problems with your SP2 after using HDD Scan And Repair 3.0 installation program to create the bootable floppy disk.

How does HDD Scan and Repair 3.0 work?

1. A breakthrough of this program is that, without depending on BIOS, it can control read and write to the HDD directly, with high-speed, veracity, friendly interface and simple management; there will be an intuitionistic and intact report for the physical defective sectors created after the scanning. The continual defective sectors can be easily skipped; therefore the defective HDD will not get stuck.?

2. There is a “Restorer” in this program which can restore the usual physical defective sectors by adding them into the G-list.

3. So, after you have this powerful freeware installed, all you have to do is to insert the bootable disk and have your target HDD connected correctly to you IDE slot. In minutes, you could start fixing the defective HDD using this powerful utility by pressing several keys.

CD ROM: HDD Scan And Repair 3.0
Floppy Disk: HDD Scan And Repair 3.0

Hard Disk Repair

Seagate HDD Firmware Repair Tool 5.0

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Seagate Firmware Repair 5.0 is a demoware aiming at one-key solution towards typical firmware malfunction of Seagate Barracuda VII drives, which may manifest itself as follows:
1. HDD is not identified or identified incorrectly;
2. HDD starts the motor and then hangs.

How does Seagate Firmware Repair Demo 5.0 work?

1.The restoration program will not destroy the HDD data so it is applicable to data recovery.

2.It provides the users with a most friendly operation interface. Powerful and easy in fixing HDD typical firmware malfunction: Just one click and your data and drive comes back (80% of corrupt Seagate drives are caused by typical malfunction).

3.Check HDD firmware: Powerful function that enables you to figure out the problem of a drive, there will be a check result created and saved as DIAGNOSIS.TXT; you can receive remote technology support from our experienced engineers on the drive then by simply sending the DIAGNOSIS.TXT to us.

4.So, after you had this powerful freeware installed, all you have to do is to enter the program and have the target HDD connected correctly. In minutes, you could start fixing the defective HDD using this powerful utility by pressing one single key.

5.This demo version can only restore typical firmware malfunction of Seagate Barracuda VII series HDDs, not for others. If you need to restore other series of Seagate HDD, you should purchase our PRO version with full support range

Demo: Seagate Firmware Repair Demo 5.0

Hard Disk Repair

Maxtor HDD Bad Sectors Repair Tool 2.0

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Bad Sectors Repair 2.0 can add bad sectors of Maxtor 541DX(2B0X0H1) HDD into the factory defects list (P-LIST), up to 15,000 bad sectors can be added into the list at most.

How does Bad Sectosr Repair 2.0 work?

1. It is able to move defects from G-list to P-list, empty and reset both P-list and G-list, reset the HDD capacity and add your specific sector as defect into the P-list…

2. The HDD restored would work just as a brand-new HDD: There will be no bad sector,and it could be partitioned and formatted at your will.

CD-ROM: Bad Sectors Repair 2.0
Flobby Disk: Bad Sectors Repair 2.0