Please note that certain information in the pictures below are removed for my own security purposes.... sorry for all inconveniences...
The software I used is a freeware, where anybody can download it and use it...
It's called Winhex.. since it is a free software, it can only recover the size of files no larger than 2MB if I'm not wrong..
Here, I had used a USB Flashdrive, which had been popular nowadays, just like mobile phone, everyone have at least one, while me I have lots... I had formatted it, place two folders containing files on it into the flashdrive, shown below...
So, the two folders are "HTML" and "Firearms"...
I chose to delete the "Firearms" folder. In USB flashdrive, the stuffs that you delete will not go into recycle bin, but it looks like it has been "deleted" forever to you and me, but its not. This goes the same to hard disk drive. When you hit the delete button, the computer does not use an eraser to wipe the data off, nor put those stuffs into a recycle bin just like you throw your rubbish, but writing extra information onto the stuffs that you chose to delete, the extra information is tagging those files, stating the files is no longer required, and is open for re-writing new information on it, so if that space is not re-written, it will remain there for as long as it takes..
In Winhex, what I like the most is, after you download the zip files, you can un-zip them into a folder you like, and you doesn't need to install them, you can run them on your USB Flashdrive or Hard Disk Drive whenever and where ever you like... Here is the UI for winhex...
To examine the disk drive you want, click "Tools", and then "Open Disk", or just type F9.
It will list out a series of disk drive including USBs Flashdrive plugged into your computer.. Choose the one you are going to examine...
Then it will scan every single item on your drive, it will list out lots of stuffs that you didn't know it was there in your flash drive... Shocking huh???? The above panel is all your files in the flashdrive, the lower middle panel is files written on Hexdecimal code, I might talk about Hexadecimal code in other post... depends on demand...
On the right panel will show all the information on your flashdrive...
Here's a comparison on what you normally see, and what you normally doesn't see....
This includes the deleted folder "Firearms"..
Where the folder icon is different from others (HTML)...
So, here, I wanted to recover my "Firearms" folder, right click that folder, and click "Recover/Copy"..
And then select your Target/Destination Folder, in other words, where do you want the folder to be save to... I chose back my flashdrive folder..
and it starts to recover...
After recovering, it will tells you how many files and folders had been successfully recovered, sometimes if the file had been overwritten or corrupted, then the data is long gone and please just kiss goodbye...
and this is the result... A recovered folder containing files...
Lesson for digital forensic, is never send your computer with your hard disk to some repairmen, trust nobody... This happens to Edison Chen... He claimed he had deleted all his files, but all those files are recoverable... So, go for some basic computer course, learn how to format and install windows on your own... if there is really a hardware problem, remove your hard disk first before sending the computer for service...
2 comments:
wau, that is very good education ,
i will try to use on my pendrive ,
thanks a lot ....
but what about files that are 2mb and higher ?
if files larger than 2MB, the full version must be used.. which you will have to buy... i know that's a bit frustrating.. but this is the world.. or you can search for those free unlimited software..
Post a Comment