In The News

From CGSecurity
Jump to navigation Jump to search

En.png English De.png Deutsch Es.png Español Fr.png Français


TestDisk and PhotoRec got some reviews on the Net. They are also cited in various data recovery stories.

2023

In the video J'ai été contacté par la DGSE, Micode interviews 2 DGSE agents. During a demonstration (~14:15), TestDisk is used to recover deleted files.

2016

  • TestDisk et PhotoRec pour la récupération de données

By Laurent Delmas, Linux Pratique n°98, Nov/Dec 2016, ISSN 0183-0872

  • State of Tennessee v. Edythe Christie, W2015-02485-CCA-R3-CD (Tenn. Crim. App. 2016)

"Officer Jay Stanfill processed the cell phone using Photorec recovery software, a computer program designed to recover deleted files, and discovered five photographs and a video that had been deleted from the phone." https://www.courtlistener.com/opinion/4335391/state-of-tennessee-v-edythe-christie/

2015

by Jared Palmer, Apr 20, 2015

By Thomas Drilling, iX 3/2015

By Christophe Grenier
Misc n°78 mars-avril 2015, ISSN 1631-9036

By Fiona Gartland, Colin Gleeson, 19/2/2015
Det Sgt Browne said he used software Photorec to “carve out” the files he was looking for from the unallocated space. The files recovered were SqLite, a format used for text messages.

2014

By Ben Lam, December 23, 2014

  • Cell Phone Investigations: Search Warrants, Cell Sites and Evidence Recovery

By Aaron Edens, December 4, 2014
<amazon>163180006X</amazon>

  • NIST CFTT - Forensic File Carving
    • Graphic File Carving: PhotoRec 7.0-WIP and X-Ways Forensics v17.6 (July 2014) gives better results in L0_nopadding, L1_padded and L2_frag_in_order tests than all other tested tools: R-Studio v6.2, Recover My Files v5.2.1, EnCase Forensic v7.09.05, Adroit Photo Forensics 2013 v3.1d, FTK v4.1, EnCase Forensic v6.18.0.59 and Scalpel v2.0
    • If your goal is only to recover fragmented jpg, enable the option brute-force mode in PhotoRec, it hasn't been used during NIST tests. Adroit Photo Forensics also get some good results.
    • Video File Carving: PhotoRec 7.0-WIP gives betters results than all other tested tools Defraser v1.3, Encase v7.09.05, iLook v.2.2.7, R-Studio v6.2, Recover My Files v5.2.1, Scalpel v2.0 and X-Ways v17.6 in the tests T1_no_padding, T2 cluster padded, T3 Frag in order, T4 Incomplete. All in one document to compare things.

IMYO you should not add the results of each test when comparing tools:

  • identify the expected data layout: padding was present or not, files were fragmented or not, fragments were in order or not...
  • consider only this case: use the correct tools for the job

2013

By Thomas Laurenson. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi.28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.419-433, 2013, Security and Privacy Protection in Information Processing Systems. <10.1007/978-3-642-39218-4_31>. <hal-01463843>

  • Nosy Mom's Guide Recovering Deleted Files: Getting Your Important Pictures, Files, and Other Documents Back From Your Camera, Computer, and Phone

By Elizabeth Peterson, 6 September 2013
<amazon>1492356379</amazon>

Posted by Sierra Adamson on May 1, 2013
Alex was arrested for merely filming the police in Miami, the police later illegally deleted the footage from Alex’s camera and charged him with resisting arrest. Alex recovered the video using PhotoRec.

  • Protéger les données stockées sur votre Machine

By Fred Scali-West
Linux Essentiel n°23 juin-juillet 2013, ISSN 1969-2463

  • Effacer n'est pas jouer! Ce que vous supprimez ne disparaît pas!

By C.G.B. Spender
Linux Essentiel n°23 juin-juillet 2013, ISSN 1969-2463

2012

By Samer Kurdi on October 3, 2012
PhotoRec was the only program tested that was able to identify AND recover files from the corrupt hide drive we tested it with. It also recovered files from both FAT and NTFS with a very high recovery ratio, even if not the highest.

By Nathan Riley, 2012/05/16

By Serdar Yegulalp, 2012/03/06: As a result, I recommend PhotoRec for tech-savvy users.

By Alex Wagner, 2012/02/09 PhotoRec can recover lost data from the SxS Pro cards to which the Arri Alexa records after A Quick Format.

2011

By Andrew Currie, 2011/01/03

  • Digital Forensics with Open Source Tools. Syngress. ISBN: 978-159749-586-8.

By Cory Altheide, Harlan Carvey (2011)
<amazon>1597495867</amazon>

2010

By Philippe Richard, 2010/11/29 - PhotoRec has been used to recover confidential data from Cybercafe

By Sean Kearney on 2010/11/21

By Daisuke Tanaka, 2010/11/08

By Julie Pichon, 2010/10/30

By Ariel Torres, 2010/08/20

2010/02/08

  • Computer Forensics: A Pocket Guide, p. 67. IT Governance Publishing. ISBN 978-1-84928-039-6.

Nathan Clarke (2010)
<amazon>1849280398</amazon>

2009

By Scott Nesbitt, 2009/08/02

By Troy Ingram, 2009/07/12

By Janek Thomaschewski, 2009/03/28

By Yuri Carlenzoli, 2009/03/22

By eineki, 2009/03/05

By foxcarlos, 2009/03/01

2009/01/05

  • Computer Forensics: Investigating Hard Disks, File and Operating Systems. ISBN 978-1-43548-350-7.

EC-Council (2009)
<amazon>1435483502</amazon>

2008

By Jeffrey Friedl, 2008/12/03

By Fiona Meg Riessler, 2008/12/01

By Salvatore Aranzulla, 2008/11/04

By Stephan Wiesend, 2008/09/16

By Paul Salmon, 2008/09/03

Kaspersky Lab, 2008/06/04: After encrypting files, the virus deletes the original but PhotoRec can recover it.

By Dale Al Teclado, 2008/02/11

By Carsten Knobloch, 2008/01/10

  • Malware Forensics: Investigating and Analyzing Malicious Code, p. xxviii. Syngress Publishing Inc. ISBN 978-1-59749-268-3.

Cameron H. Malin, Eoghan Casey, James M. Aquilina (2008).
<amazon>159749268X</amazon>

  • Upgrading and Repairing Microsoft Windows, Second Edition, page 685. Pearson Education Inc. ISBN 978-0-7897-3695-6.

Scott Mueller, Brian Knittel (2008).
<amazon>0789736950</amazon>

2007

Author: Kent Brewster

Author: Falko Timme

Source: Make

Author: Adrian Crenshaw
This video introduces the concept of data carving/file carving for recovering deleted files, even after a drive has been formatted.

Source: n0id's blog

Source: My PKB's blog

Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it.

  • The best damn cybercrime and digital forensics book period, page 200 and page 373. Syngress. ISBN 978-1-59749-228-7.

Jack Wiles, Kevin Cardwell, Anthony Reyes (2007).
<amazon>1597492280</amazon>

  • The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator. Syngress. ISBN 978-159749-197-6

By Dave Kleiman, Craig Wright, Jesse "James" Varsalone, Timothy Clinton, Michael Gregg (2007)
<amazon>1597491977</amazon>

2006

Author: KaruppuSwamy Thangaraj

By: Shawn Hermans - Linux.com
Recently I wanted to make sure I had enough space to back up my home digital videos and pictures, so I purchased a new hard drive to add to my home Linux server. I moved all the files I wanted to save onto a single hard drive and repartitioned the old hard drive so I could upgrade to a newer version of Linux. After going through the process of reinstalling the operating system, I mounted the backup hard drive and discovered that it was empty. I had some how mixed up the hard drive I used to back up all the data with a hard drive that I wanted to wipe. Because I had done such a poor job of retaining backups on external media, I did not have any backups of my pictures and videos.

Author: Ionut Ilascu, Softpedia

Author: Jeff Potts

Authot: Ido Perelmutter

Author: Falkra - libellules.ch

2005

2003

2002

  • Scene of the cybercrime, page 328. Syngress. ISBN 978-1-931836-65-4.

Debra Littlejohn Shinder, Michael Cross (2002).
<amazon>1597492760</amazon>