Recovering and Deleting Files Testdisk Lab

[toggle_content title="Transcript"] Hey, Leo Dregier here. I want to talk about a utility called TestDisk. This is a Linux utility for recovering deleted information from hard drives. Let's go ahead and run the install, apt –getinstall testdisk, okay. And it will go ahead and build the dependency tree, and it says, "Testdisk is already at its newest version." Okay, great, so let's just run the command, testdisk, and you can see your screen changes color immediately. Testdisk is a free data recovery software designed to help recover lost partitions and, or make non-bootable disks bootable again when these symptoms are caused by faulty software, certain types of viruses, and human error. It can also be used to repair some file system errors. Information gathered during TestDisk, um, used to be recorded for later review. If you choose to create a text file, testdisk.log, it will contain the TestDisk options, technical information, and various outputs including any file folder names TestDisk was able to – was used during the screening. So what we're going to do is we're going to create a new log file, just go ahead and hit enter there. Select the disk in which you want to evaluate. So in this case I'm going to grab the USB drive which is a 488 – 5 megabyte file. Um, in UNIX terms it's /dev/sdb. We'll go ahead and hit enter there. Uh, please select the partition table type and hit enter. So if you know what it is, uh, this would be a good time to help. So is it Intel PC, is it human partition par table, is it Apple, non-partition media, Sun Solaris, X-Box, or return to the disk selection menu. Well, considering that I formatted it last in Windows, let's go ahead and do Intel PC Partition. Analyze, you can go to advanced options here, change some of the disk geometry, modify the options, look at the master boot record code, uh, to the first sector, uh, delete all data in the partition table, and then return. So we're going to analyze here, and you can see that it pulls the partition, all of partition information, sys=72, 79, 0D, etcetera, etcetera. Um, he start and stop, uh, blocks in terms of sector size, and you can kind of just read this like a book, here: warning; bad strings ahead; uh, CHS and LBA don't match for NetWare 3.11; warning; bad strings; uh, some more bad strings here; right to partition; and then go hit enter. Should TestDisk search for partition created under Vista or later, yes or no? Let's do yes, and it will go ahead and analyze the cylinders. Um, and this may take a couple seconds, but nonetheless, uh, let's go ahead and let it run. Uh, we're already at 22%. So one of the things that I like to do is I like to show you Windows utilities and UNIX utilities. And I hope you guys think that that's helpful, and if it is, please, uh, comment in the chat dialogue, dialogue box after the video, um, because I try to balance things out. It's one thing to know how to do this stuff on Windows, but then again UNIX people need to be included in these conversations as well, and vice versa. There's things we do on the Linux side that we kind of ignore on the Windows side. So try to round out your career by learning both the equivalent in UNIX and Windows. And if you agree or disagree, make sure that you chat in the chat dialogue box and we'll argue it out there. So in this case it looks like, uh, it's now run, okay. So no partition found or selected for recovery. So it's going to analyze the cylinders again, um, it does find the heads in the cylinders. It finds out there's some FAT information. Uh, the number of sectors per track, 63, and we've seen this over on the Windows side to match exactly. Um, they found that it's FAT32, right, and so you can kind of read this. It doesn't have a partition name. It actually does, it's blue USB. So we're going to let this run here. It's only a couple more seconds. Uh, let it run, finish analyzing it, and then see what we get. Clearly, we can stop it if we want, uh, but let's go ahead and let it run. Credit here goes to, to, uh, Christopher, uh, Grenier, and you can check him out at, okay. So it evaluates it, no partition found. Um, they do have advanced system utilities built into this. If you want to evaluate it, it pulls a bit more of the partition, uh, table, uh, information. Okay, also it pulls out some of the permissions and things like that. So go ahead and use the utility, um, evaluate it, let us know what you think. Um, and you can simply navigate this utility by hitting Q for Quit, and that will kind of get you back out to, uh, some of the options. So that way if you wanted to navigate back out and go into the Modify options or the Disk Geometry options, you certainly could do that. All right, if you want to look at the master book record code, read and write Master – new Master Boot record to the drive, um, you can certainly do that right here, or delete all the data very similar to what F Disk would do, or simply just quit the program altogether. So my name's Leo Dregier, thanks for watching. [/toggle_content] Testdisk is also a Linux utility.  This lab demonstrates installation to confirm the most current version and they it demonstrates how the utility functions. Testdisk is a command line utility that provides a number of partition and file recovery functions including undeleting files/file directories and repairing file system errors and how to make a non-bootable disc bootable. In this lab, you’ll learn how it performs its task from all the FAT system environments, and you’ll also learn how this tool works within the UNIX environment for a balanced level proficiency.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?