Recovering and Deleting Files DDR Professional Recovery Lab

[toggle_content title="Transcript"] Hey, Leo Dregier here. I want to talk about a piece of software called DDR Professional Speedy and Mighty. One of the things that I like about this particular utility is that as soon as you go into it you can select the media that you want, and you can get all of the high level information: the model number; the media type, it's removable USB media; the capacity, 478 megabytes; the number of cylinders; the number of heads; the number of sectors; the number of bytes per sector, specifically when you format it; the number of sectors per track; the firmware revision ID of the actual USB software, that doesn't always show up; the PNP device idea; the system name that I'm currently on; and the physical device name, and, or the serial number. In this case, this device does have a serial number, but this program didn't specifically pull that; however, it was just a basic search. So, then you can go ahead and click next, and you see that there's a FAT 32 part, FAT 32 partition on the drive. And again, it's formatted as FAT 32. The search mode is basic, it's what we selected from before. It's got the starting sector, the ending sector, and then the total size of the drive. Then you can go through, and it will take a little bit of time to go ahead and evaluate the, the hardware, or the image file that you're looking at to determine if there's any files on that partition that have been deleted. So we're going to go ahead and let this run, um, and see what it can't find on our [1:53] system. Okay, now that the drive has finished searching, we can go ahead and look through it. Now you can see that I've found all sorts of information. Now I want to point out something in here only because this is my drive and I know exactly how it was set up before. These are files here that it found when I had this drive formatted as NTFS. I have thus far reformatted this drive as FAT 32, and it still finds the files on the drive. This proves that when you delete five it just – when you delete files, or folders, it just deletes the pointer records to the actual files. It does not delete the actual files themselves. So I can pull these different directories here that I've had on the system. You know I, uh, here's a good/bad [02:48] opportunity from a class that I did. Um, now again if you – I did double click on the file, but it specifically says, "Hey, if you want to get your files back, you need to buy now." And that's fine, at least you get to evaluate the drive for free, and go through the directories and see if it has what you need on it because why pay for a program if it's not going to find them. So this DDR Professional Recovery, if you are going to try to find files on the file system that, you know, has been completed or formatted or something like that, try the DDR Professional Speedy and Mighty System. Um, if you buy it it will take you to the website, and I trust you guys can go find the information on how to purchase it. Um, but it's just, and, uh, the website's very, very helpful. You guys should have no problem there. Um, so as you can see it pulls lots of information right off the drive. Now, in the world of forensics we're always about recovering deleted files, or anytime a user tries to cover their tracks, what did – can we get back? What can we recover, right, in terms of our investigation? Well, this is a great professional recovery software to use. My name's Leo Dregier and thanks for watching. [/toggle_content] Welcome to the first last in the Recovering and Deleting Files module, DDR Professional Recovery.  In this demonstration, you’ll learn how to use the tool, DDR Professional Speedy and Mighty, a file recovery tool. Not only will you observe how it capture files on a hard drive whose file system has changed from its original configuration, you’ll also learn what you realistically learn and capture about user deleted files even when the hard drive has been reformatted then reconfigured to a different file system and when you’d want to use this tool.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?