Sponsored Links
-->

Thursday, April 19, 2018

Data Recovery on a Formatted Drive with TestDisk by Britec - YouTube
src: i.ytimg.com

TestDisk is a free and open-source data recovery utility. It is primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table). TestDisk can be used to collect detailed information about a corrupted drive, which can then be sent to a technician for further analysis.


Video TestDisk



Supported operating systems

TestDisk supports these operating systems:

  • DOS
  • Microsoft Windows: NT 4.0, 2000, XP, Server 2003, Server 2008, Vista, Windows 7
  • Linux
  • FreeBSD, NetBSD, OpenBSD
  • SunOS
  • Mac OS X

Maps TestDisk



Supported partition table type

TestDisk recognizes the following disk partitioning:

  • Apple partition map
  • GUID Partition Table
  • PC/Intel Partition Table (master boot record)
  • Sun Solaris slice
  • Xbox fixed partitioning scheme

It also handles non-partitioned media.


Testdisk photo recovery
src: www.bleepstatic.com


Partition recovery

TestDisk queries the BIOS or the operating system in order to find the data storage devices (hard disks, memory cards, ...) and their characteristics (LBA size and CHS geometry). TestDisk can

  • Recover deleted partition
  • Rebuild partition table
  • Rewrite the Master boot record (MBR)

TestDisk does a quick check of the disk's structure and compares it with the partition table for entry errors. Next, it searches for lost partitions of these file systems:

  • Be File System (BeOS)
  • BSD disklabel (FreeBSD/OpenBSD/NetBSD)
  • Cramfs, Compressed File System
  • DOS/Windows FAT12, FAT16, and FAT32
  • Windows exFAT
  • HFS, HFS+ and HFSX, Hierarchical File System
  • JFS, IBM's Journaled File System
  • Linux ext2, ext3 and ext4
  • Linux RAID
    • RAID 1: mirroring
    • RAID 4: striped array with parity device
    • RAID 5: striped array with distributed parity information
    • RAID 6: striped array with distributed dual redundancy information
  • Linux Swap (versions 1 and 2)
  • LVM and LVM2, Linux Logical Volume Manager
  • Novell Storage Services (NSS)
  • NTFS (Windows NT/2000/XP/2003/Vista/2008/7)
  • ReiserFS 3.5, 3.6 and 4
  • Sun Solaris i386 disklabel
  • Unix File System UFS and UFS2 (Sun/BSD/...)
  • XFS, SGI's Journaled File System

However, it is up to the user to look over the list of possible partitions found by TestDisk and to select those that were being used just before the drive failed to boot or the partition(s) were lost. In some cases, especially after initiating a detailed search for lost partitions, TestDisk may show remnants of partitions that had been deleted and overwritten long ago.

A step-by-step guide explains how to use this software. TestDisk can be used in computer forensics procedure, it supports the EWF file format used by EnCase.


Installer Testdisk sur Ubuntu 13.04 - YouTube
src: i.ytimg.com


Filesystem repair

TestDisk can deal with some specific logical filesystem corruption:

  • File Allocation Table, FAT
    • FAT12 and FAT16
      • Find filesystem parameters to rewrite a valid boot sector
      • Use the two copies of the FAT to rewrite a coherent version
    • FAT32
      • Find filesystem parameters to rewrite a valid boot sector
      • Restore the boot sector using its backup
      • Use the two copies of the FAT to rewrite a coherent version
  • exFAT
    • Restore the boot sector using its backup
  • NTFS
    • Find filesystem parameters to rewrite a valid boot sector
    • Restore the boot sector using its backup
    • Restore the Master File Table (MFT) from its backup
  • Extended file systems, ext2, ext3 and ext4
    • Find backup superblock location to assist fsck
  • HFS+
    • Restore the boot sector using its backup

Test disk recovery data
src: www.bleepstatic.com


File recovery

When a file is deleted, the list of disk clusters occupied by the file is erased, marking those sectors available for use by other files created or modified thereafter. If the file wasn't fragmented and the clusters haven't been reused, TestDisk can recover the deleted file:

  • FAT file undelete
  • NTFS file undelete
  • exFAT file undelete
  • ext2 file undelete

2 TB Western Digital - cgsecurity.org
src: i.imgur.com


Popularity

TestDisk and PhotoRec (by the same author) have been downloaded more than 150,000 times in July 2008 from the primary website. In fact these utilities are even more popular as they can be found on various Linux Live CDs:

  • antiX
  • BootMed Plus
  • GParted Live CD
  • Grml Debian-based live CD
  • Iloog
  • Knoppix
  • Parted Magic
  • PLD Live CD and PLD RescueCD, based on PLD Linux Distribution
  • Slax-LFI, a Slax-derived distribution
  • SystemRescueCD
  • Trinity Rescue Kit
  • Ubuntu Rescue Remix, GUI-less Ubuntu derivation

They are also packaged for numerous Linux distributions:

  • ALT Linux
  • ArchLinux Extra Repository
  • Debian contrib
  • Fedora Extras
  • Red Hat Epel
  • FreeBSD ports
  • Gentoo and Gentoo Portage
  • Mandriva contrib
  • PLD Linux Distribution
  • Slackware Linux SBo
  • Source Mage GNU/Linux
  • Ubuntu

TestDisk - YouTube
src: i.ytimg.com


See also

  • PhotoRec
  • List of data recovery software

Testdisk photo recovery
src: www.xgate.kz


References


testdisk-6.14-WIP شرح برنامج - YouTube
src: i.ytimg.com


External links

  • TestDisk Wiki
  • List of news articles about TestDisk and PhotoRec
  • Falko Timme, Data Recovery With TestDisk HowTo
  • Digital Forensics using Linux and Open Source Tools

Source of article : Wikipedia