Investigative Process Total Recall Data Recovery Software Lab

FacebookTwitterGoogle+LinkedInEmail
Description
As with the previous labs, the lab demonstrates the Total Recall Data Recovery Software utility which is a freeware tool. You can search and find this utility on the web and then configure it for use. The Total Recall Data Recovery Software is a file-focused recovery utility that looks at the entire drive and provides all types of basic information on the drive, including partition and other partition information, file sizes, does file to-folder matching, system type. Then you select the desired partitions and it runs an analysis building a virtual file list. The demonstration stresses the importance of watching this and other new programs you run for the first time to comprehend how it works, and then you see the intricacies and highlights of how the analysis is conducted and how you can use old hard drives to learn more intimately how the tool works. This is an excellent Forensics 101 beginner’s course. [toggle_content title="Transcript"] Hey, welcome, my name is Leo Dregier. I wanna talk to you about Total Recall Data Recovery Software. So I’ve got this program, and we’re gonna run through the install, right-click. You can easily find this, uh, on the internet, so, you can google it and grab the install files and download ‘em; I saved you all that time here; we’re just gonna cover from the install forward. So next let’s go to, well let’s go to Next, and you can see that it’s Total Recall Software. Now, it does say Windows 98, 2000, ME and XP; I don’t want you to think that this is a totally outdated, useless tool, because it’s not. Um, accept the agreement, you’re always gonna need to do that, it’s gonna put it into Program Files, create a Desktop Icon, next Install, and let ‘er rip, and then go ahead and launch the tool. Now, what I like to do is I like to have folders over here, so for something like Total Recall, I like to put that over in Forensics Programs so that way I can build the directory on all my test machines and then run it, so you can see, you know, I’ve got a couple different directories here, for example, you know, just, you know, shortcuts, um, a variety of shortcuts, tools to just run that you don’t need to install, and things like that. And then I’m building the same thing here for, you know, forensics. Um, and this is a great way to build the forensics lab machine. Okay. So, launch Total Recall Data Recovery Software, go ahead and click Finished, and it says “A newer version is available. Would you like to install it?” Well, for this free upgrade, we’re gonna select No here. Alright, to begin, choose the file, um, of the recovery you wanna perform, and then click the appropriate tabs. So basically it all comes into these, um, the, options here. And this is gonna be, you know, software that you ultimately can register, but we’re gonna try to use it in the, the basics. So we go over here and we select Drive; you can see that we’ve got a virtual – it, it, it pulls off right off the bat that I’m working from a virtual drive, and then I have a USB drive, um, which is NTFS and formatted as NTFS, so just grab the drive that you want, double-click it, and it’s gonna literally run through this and it’s gonna take a few minutes, uh, for it to analyze this drive. So, uh, this is where we would normally cue the music, let this program run, and, uh, then look at it once it’s done. So in about ten short minutes, you know, in the professional workplace, this is literally when you go get, uh, you know, a cup of coffee, work on something else, check some emails, do something else and then come back to this ‘cos you wanna give this program a few minutes to run. So, uh, I’ll, you know, cue the music, and, uh, or cue the fast forward, and then it will come back in just a few short minutes. You can see the types of things that I’ve found. So I’ve found a couple different partitions, and it tells you some basic information about it: the sizes, the offset, uh, the percentages, the different options here like ‘Master File Table only’, the number of files that matches the number of folders and things like that. So if you compare this to the previous program that we used, um, Recover My Files, and if you go look at that video, notice the difference in, uh, program, one that you have to register for, more of a professional program, more so than, you know, a freeware type program. Alright, so it can tell you all of this stuff down here, different partition information, different sizes, uh, I found some things that are FAT, FAT32, etc., etc., etc. Uh, then if you want you can, you know, check all of these. Apparently in the, uh, evaluation you can only, you know, select up to six partitions. So, okay, fine, let’s go get the ones that are a little bit of interest, so we’ll pick this, uh, one up here, we’ll pick a couple down here, and, who knows, we’ll maybe pick a few in here, okay, and then Continue. In Building Files List, Total Recall is building the virtual file system in memory, so it actually builds a virtual system that this program will use and analyze the, the recoverable list on your system, so it’s basically going and collected the stuff from the, the partitions that we found, okay. Um, then you can kinda learn this stuff by reading the status messages here. These are the types of things that you wanna do once, okay? So the first time you run the tool like this, you actually watch it work and process. After that, then you can ignore it. But what I don’t recommend, um, or what I do recommend that you don’t do, is, you know, the first time you’re using a tool like this, just walk away from it, okay? You wanna learn how this tool works, and that’s, there’s no better way to intimately learn a program. So here’s the different partitions that I selected, okay, and you can see there’s all sorts of stuff on these drives, okay, beast, right; so it purely does go grab the information from those, those virtual drives, okay, uh, and they’re pretty much right here. You may even see some duplicates, okay? I’ve got it set to List View right here, but I can also set it to a different view. Okay? Um, and then I could select, you know, specific files, and then save those files and then get the data off of those drives, alright? I can also look at, uh, deleted files, so I’m gonna stop the current recovery, and it’ll search for, basically, ‘deleted’, okay; so I’ve found my two drives, I’m gonna grab my C: drive, continue, um, and this generally doesn’t take nearly as long as the previous, uh, run, uh, but it may just take a few minutes for it to run. Uh, so I’m not gonna wait here, I just wanna kinda give you the highlight of the program, I’ll let you, uh, let you guys and gals, you know, use all of your old drives in the, the, computers, uh, that have all of your, you know, hard drives in your closet, you know. Uh, get ‘em out, dust ‘em off, plug ‘em in, analyze ‘em, see if you can’t recover some files off those, off them. Um, you can look at specific, um, photo recoveries, right, so, uh, same thing here, got a bunch of drives, you can go through it; you can look for CDs and DVDs. Um, the only problem I have with this is if you don’t mind your CD-ROM starting and stopping, starting and stopping and spinning up and spinning down; um, other than that, you know, I’ve had some success with this tool with actual CDs, or you can try to, you know, go add an email, uh,.psd file or something like that and then try to recover deleted email as well, and then of course you can save those from the drive. Okay? So that’s the basics of Total Recall Data Recovery Software. It’s an easy program to run, definitely what I would recommend in the beginning part of, um, you know, forensics, so, uh, learn away. Okay? Very easy, start somewhere, just start learning. My name’s Leo Dregier, thank you for watching and be sure to connect with us on Facebook, LinkedIn, YouTube, and Twitter. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel