File Recovery Paper
Autor: Wilson Tom • December 11, 2016 • Research Paper • 4,104 Words (17 Pages) • 873 Views
Contents
Exercise 1:
FILE RECOVERY (RECUVA)
Exercise 2:
JOHN THE RIPPER
Exercise 3:
ONION ROUTING (TOR)
Exercise 4:
REFOG KEYLOGGER
Exercise 5:
INSSIDER
Exercise 6:
CAIN and ABEL
Exercise 7:
NMAP
Exercise 8:
HASHCALC
Exercise 9:
USB LOCK (PREDATOR)
Exercise 10:
PACKET CAPTURE (WIRESHARK I)
My System Configuration:
Processor: Intel (R) Core (TM) i5-4210U CPU @ 1.70 GHz
Installed Memory (RAM): 4.00 GB
System Type: Windows 10 64-Bit Operating System, x64-based processor
[pic 1]
Exercise 1:
FILE RECOVERY (RECUVA)
Software Version: 1.53.1087
Compatible with: Windows 10, 8.1, 7, Vista and XP. Including both 32-bit and 64-bit versions
Recuva is a data recovery program for Windows, developed by Piriform. It is able to recover files that have been "permanently" deleted and marked by the operating system as free space. The program can also be used to recover files deleted from USB flash drives, memory cards, or MP3 players. All kinds of file types can be recovered using Recuva from a hard drive or a flash drive, as long as the file system is either FAT or NTFS. As with other file recovery programs Recuva works by looking for unreferenced data, but if the operating system has written new data over a deleted file then recovery will often not be possible.
What did I do?
- Navigated to http://www.piriform.com/recuva/download. Under Recuva Free Section clicked on Download FileHippo.com. Downloaded Recuva 1.53.1087 and installed Recuva on my VM.
- I formatted my flash drive and changed the file system from FAT32 to NTFS.
- Copied Netflix.pptx file and one image to the flash drive and deleted the files from it.
- I opened Recuva and in the Recuva wizard selected All Files to scan. In the file location screen, I selected ‘In a specific location’ option and set the location to my flash drive and then I started my scan.
- Within a minute the scan was completed and it showed the list of all the previously deleted files showed up in the list. The List View shows a list of all of the files Recuva is capable of recovering, as well as their location on the drive(s), the date they were last modified, and what were the chances of recovering them are. I switched to advanced mode and a new window opened up on the right which would display preview of the image file. In my case for both the files no image was displayed. I did online research and I found out that as it is one of the limitations. Recuva will not be able to show the preview for all the files.
- I selected Netflix.pptx and clicked the recover button after which I was prompted to select the destination path of the recovered file. I selected desktop and immediately the file was recovered and placed on my desktop.
- I then selected the image file and was successfully able to recover the file.
What were the results?
- I had initially deleted two files (PowerPoint Presentation and an image file) from my flash drive and then via Recuva scanned my flash drive to recover deleted files. Immediately the file showed up in the scan results.
[pic 2]
Fig 1.1: Screenshot of the List Preview
- Once the selected file is successfully recovered, the below message is displayed.
[pic 3]
Fig 1.2: Screenshot of the message displayed after successful recovery
Since my VM had very few files on it, I also installed Recuva on my base machine and performed a recovery scan on my recycle bin. The results were quite surprising which listed files which I had deleted in my previous semester. Many files were marked as red, which were stated as unrecoverable and in the comments column it stated that the file has been overwritten.
...