Recovering and Deleting Files WinUndelete Lab

FacebookTwitterGoogle+LinkedInEmail
Description
[toggle_content title="Transcript"] Hey, Leo Dregier here, welcome back. Let's go ahead, delete some stuff, and then make deleted stuff reappear. First what I'm going to do is open up my handy dandy USB drive here, and let's go ahead and create some new documents, some text documents, I don't know a bitmap image there, oh and then I don't know, a new journal document. Okay, so everybody can agree at this point that files have been created. Um, now some of them don't have any size in them, so just to be thorough we're going to put whatever we want in there, save the file, close out of it, uh, just do a refresh here just to prove that there's some size, not a lot, but that's okay. Now let's go ahead and delete that and make that go bye-bye, all right, so there you go. Now we're going to run a program called Undelete. Actually, that's not the program. Let's go Programs, WinUndelete, Undelete. Are you sure you want to run it? Yes, I do. Recover from what disk? Well, the files that I deleted were actually on the F Drive. Uh, however I could do it from an image file too, specifically a WinUndelete image file, or a WUI file. Then you can go to step, uh, no, I guess it's click Next. That will get you to step two. Enable file to recover, we're just going to leave it as All Files, but you can actually select specific file types if you know what you're looking for, uh, for example, documents. Ignore temporary internet files, and ignore files with zero length. Well, just to be thorough here because we do have files with zero length, let's just go ahead and uncheck that. Go ahead and select Next. Enter the destination folder which it wants to recover your files to. We're going to do the desktop, and it's going to do, do you use anything other than the drive that you're on, and then go ahead and Finish. Scan completed, five files found. So not only did it find the files that I did during this lab, but it also found, again, the files that I did in the previous lab just to run through and test this out. And then so there you are. You have Bulk Select, so if you want to move these somewhere else, somewhere, you can do a Select All, Select None, or Inverse Select, okay, so you have some sorting options, some evaluation files, and then you can go ahead and recover those files. However, WinUndelete Evaluation Version Limitation you can only undelete them. So the good news about this tool is that one, if you find them, well then you can pay for the tool if you want to actually get your files back. Some people will call that ransomware, other people would call that, you know, hey, it's the cost of doing business. Hey, I just found your files, how about giving me, giving me a few bucks, all right. So nonetheless, files were there, we made them go bye-bye, and then we recovered them and got them back. Thank you for watching, my name's Leo Dregier. [/toggle_content] For our final lab in the Deleting and Recovering Deleted Files series, you’ll explore WinUndelete. The WinUndelete tool is an easy to use Windows utility for recovering files. You’ll observe the creation of several files, different in size, see them deleted and then observe how the WinUndelete tool works to recover them.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel