< All Computer Hacking and Forensics Notes

jgalarza2 | Computer and Hacking Forensics | Module 10 – Recovering and Deleting Files

By: jgalarza2 | Related Course: Computer Hacking and Forensics | Published: November 5, 2017 | Modified: November 6, 2017
Join Cybrary

NotepadDDR Professional Recovery

Welcome to the first last in the Recovering and Deleting Files module, DDR Professional Recovery.  In this demonstration, you’ll learn how to use the tool, DDR Professional Speedy and Mighty, a file recovery tool.


Not only will you observe how it capture files on a hard drive whose file system has changed from its original configuration, you’ll also learn what you realistically learn and capture about user deleted files even when the hard drive has been reformatted then reconfigured to a different file system and when you’d want to use this tool.

NotepadDeleting and Recovering Deleted Files

This is the second lab in the Deleting and Recovering Deleted Files series which demonstrates the tool, File Scavenger for file recovery.


You’ll learn how to configure it to determine your search criteria and observe the outcome/output of that recovery effort, and equally, what the search output didn’t reveal.

We discuss in comparison the File Scavenger recovery tool and the DDR Professional recovery tool which finds data on a drive that has been previously formatted in terms of when each should be used forensically and why.

NotepadHandy Recovery

The Handy Recovery tool is a very quick, very efficient file recovery tool.


You’ll observe how it works and learn why it’s the ideal “go-to” tool to determine whether or not a hard drive has been sanitized.

NotepadNecleus Kernal tool

This lab in the Deleting and Recovering Deleted Files series demonstrates the Necleus Kernal tool.  The Necleus Kernal is a Windows utility used for file recovery services on Linux partitions from with a Windows environment, so on launch, you’ll overserve its auto search for a Linux partition.


Necleus Kernal is designed for Linux. You’ll learn why it’s an especially powerful tool for recovering data from a compromised system and why data readings such as heads, cylinder and provides more thorough for information your documentation purposes.

NotepadRecovering and Deleting Files

Welcome to Module 10 of the Computer Hacking and Forensics course. This module introduces and discusses Recovering and Deleting Files, and begins discussing the differences target sources where files live and the how to recover data files from each of them and what key tools should be used for each of your targeted sources.

You’ll learn the benefits of configuring the computing environment with a particularly discussion on the Master File Table (MFT), what it entails and how it works.  We discuss in details the inner workings of the MFT, what content it holds, how to manage files within it and how to recover links to files emptied from the recycle bin.

You’ll learn the differences in the variety of free and paid recovery tools, validating their use, how they work, and recommendations on what to use.

The hands on demonstrations you’ll engage as part of the Recovering and Deleting Files module include the following labs:

  • DDR Professional Recovery Lab
  • File Scavenger Lab
  • Handy Recovery Lab
  • Necleus Kernal Lab
  • testdisk Lab
  • Total Recall Lab
  • WinUndelete Lab

Recovery Tools

restorer 2000, BADcopy Pro, PCinspector, ISO Buster, File Recover, 

NotepadTestdisk is also a Linux utility

Testdisk is also a Linux utility.  This lab demonstrates installation to confirm the most current version and they it demonstrates how the utility functions.

Testdisk is a command line utility that provides a number of partition and file recovery functions including undeleting files/file directories and repairing file system errors and how to make a non-bootable disc bootable.

In this lab, you’ll learn how it performs its task from all the FAT system environments, and you’ll also learn how this tool works within the UNIX environment for a balanced level proficiency.

NotepadWelcome to the Total Recall lab

Welcome to the Total Recall lab. In this lab we continue with file recovery tools demonstration by scanning a USB drive. Total Recall is a very thorough, time consuming scanning tool.
You’ll learn from observing it the myriad information it provides on the partition of the scanned device, down the most minute details including every file system and type, master boot record, partition table data.
You also see how Total Recall builds a master files list which is a virtual file system in memory and how you can recapture the files its recovered.


For our final lab in the Deleting and Recovering Deleted Files series, you’ll explore WinUndelete.
The WinUndelete tool is an easy to use Windows utility for recovering files.
You’ll observe the creation of several files, different in size, see them deleted and then observe how the WinUndelete tool works to recover them.

< All Computer Hacking and Forensics Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?