In The News
In the video J'ai été contacté par la DGSE, Micode interviews 2 DGSE agents. During a demonstration (~14:15), TestDisk is used to recover deleted files.
- TestDisk et PhotoRec pour la récupération de données
By Laurent Delmas, Linux Pratique n°98, Nov/Dec 2016, ISSN 0183-0872
- State of Tennessee v. Edythe Christie, W2015-02485-CCA-R3-CD (Tenn. Crim. App. 2016)
"Officer Jay Stanfill processed the cell phone using Photorec recovery software, a computer program designed to recover deleted files, and discovered five photographs and a video that had been deleted from the phone." https://www.courtlistener.com/opinion/4335391/state-of-tennessee-v-edythe-christie/
by Jared Palmer, Apr 20, 2015
- iX 03/2015
- https://shop.heise.de/katalog/restaurator-e5e3d7 Restaurator - Partitionen retten mit TestDisk
By Thomas Drilling, iX 3/2015
By Christophe Grenier
Misc n°78 mars-avril 2015, ISSN 1631-9036
By Fiona Gartland, Colin Gleeson, 19/2/2015
Det Sgt Browne said he used software Photorec to “carve out” the files he was looking for from the unallocated space. The files recovered were SqLite, a format used for text messages.
By Ben Lam, December 23, 2014
- Cell Phone Investigations: Search Warrants, Cell Sites and Evidence Recovery
- NIST CFTT - Forensic File Carving
- Graphic File Carving: PhotoRec 7.0-WIP and X-Ways Forensics v17.6 (July 2014) gives better results in L0_nopadding, L1_padded and L2_frag_in_order tests than all other tested tools: R-Studio v6.2, Recover My Files v5.2.1, EnCase Forensic v7.09.05, Adroit Photo Forensics 2013 v3.1d, FTK v4.1, EnCase Forensic v184.108.40.206 and Scalpel v2.0
- If your goal is only to recover fragmented jpg, enable the option brute-force mode in PhotoRec, it hasn't been used during NIST tests. Adroit Photo Forensics also get some good results.
- Video File Carving: PhotoRec 7.0-WIP gives betters results than all other tested tools Defraser v1.3, Encase v7.09.05, iLook v.2.2.7, R-Studio v6.2, Recover My Files v5.2.1, Scalpel v2.0 and X-Ways v17.6 in the tests T1_no_padding, T2 cluster padded, T3 Frag in order, T4 Incomplete. All in one document to compare things.
IMYO you should not add the results of each test when comparing tools:
- identify the expected data layout: padding was present or not, files were fragmented or not, fragments were in order or not...
- consider only this case: use the correct tools for the job
By Thomas Laurenson. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi.28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.419-433, 2013, Security and Privacy Protection in Information Processing Systems. <10.1007/978-3-642-39218-4_31>. <hal-01463843>
- Nosy Mom's Guide Recovering Deleted Files: Getting Your Important Pictures, Files, and Other Documents Back From Your Camera, Computer, and Phone
Posted by Sierra Adamson on May 1, 2013
Alex was arrested for merely filming the police in Miami, the police later illegally deleted the footage from Alex’s camera and charged him with resisting arrest. Alex recovered the video using PhotoRec.
- Protéger les données stockées sur votre Machine
By Fred Scali-West
Linux Essentiel n°23 juin-juillet 2013, ISSN 1969-2463
- Effacer n'est pas jouer! Ce que vous supprimez ne disparaît pas!
By C.G.B. Spender
Linux Essentiel n°23 juin-juillet 2013, ISSN 1969-2463
By Samer Kurdi on October 3, 2012
PhotoRec was the only program tested that was able to identify AND recover files from the corrupt hide drive we tested it with. It also recovered files from both FAT and NTFS with a very high recovery ratio, even if not the highest.
By Nathan Riley, 2012/05/16
By Serdar Yegulalp, 2012/03/06: As a result, I recommend PhotoRec for tech-savvy users.
By Alex Wagner, 2012/02/09 PhotoRec can recover lost data from the SxS Pro cards to which the Arri Alexa records after A Quick Format.
By Andrew Currie, 2011/01/03
- Digital Forensics with Open Source Tools. Syngress. ISBN: 978-159749-586-8.
By Philippe Richard, 2010/11/29 - PhotoRec has been used to recover confidential data from Cybercafe
By Sean Kearney on 2010/11/21
By Daisuke Tanaka, 2010/11/08
By Julie Pichon, 2010/10/30
By Ariel Torres, 2010/08/20
- Computer Forensics: A Pocket Guide, p. 67. IT Governance Publishing. ISBN 978-1-84928-039-6.
By Scott Nesbitt, 2009/08/02
By Troy Ingram, 2009/07/12
By Janek Thomaschewski, 2009/03/28
By Yuri Carlenzoli, 2009/03/22
By eineki, 2009/03/05
By foxcarlos, 2009/03/01
- Computer Forensics: Investigating Hard Disks, File and Operating Systems. ISBN 978-1-43548-350-7.
By Jeffrey Friedl, 2008/12/03
By Fiona Meg Riessler, 2008/12/01
By Salvatore Aranzulla, 2008/11/04
By Stephan Wiesend, 2008/09/16
By Paul Salmon, 2008/09/03
Kaspersky Lab, 2008/06/04: After encrypting files, the virus deletes the original but PhotoRec can recover it.
By Dale Al Teclado, 2008/02/11
By Carsten Knobloch, 2008/01/10
- Malware Forensics: Investigating and Analyzing Malicious Code, p. xxviii. Syngress Publishing Inc. ISBN 978-1-59749-268-3.
- Upgrading and Repairing Microsoft Windows, Second Edition, page 685. Pearson Education Inc. ISBN 978-0-7897-3695-6.
Author: Kent Brewster
Author: Falko Timme
- Data Carving with PhotoRec to retrieve deleted files from formatted drives for forensics and disaster recovery.
Author: Adrian Crenshaw
This video introduces the concept of data carving/file carving for recovering deleted files, even after a drive has been formatted.
Source: n0id's blog
Source: My PKB's blog
- Memories of a Media Card (Slashdot)
Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it.
- The best damn cybercrime and digital forensics book period, page 200 and page 373. Syngress. ISBN 978-1-59749-228-7.
- The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator. Syngress. ISBN 978-159749-197-6
Author: KaruppuSwamy Thangaraj
- TestDisk & PhotoRec (Japanese)
- How to recover lost files after you accidentally wipe your hard drive
By: Shawn Hermans - Linux.com
Recently I wanted to make sure I had enough space to back up my home digital videos and pictures, so I purchased a new hard drive to add to my home Linux server. I moved all the files I wanted to save onto a single hard drive and repartitioned the old hard drive so I could upgrade to a newer version of Linux. After going through the process of reinstalling the operating system, I mounted the backup hard drive and discovered that it was empty. I had some how mixed up the hard drive I used to back up all the data with a hard drive that I wanted to wipe. Because I had done such a poor job of retaining backups on external media, I did not have any backups of my pictures and videos.
Author: Ionut Ilascu, Softpedia
Author: Jeff Potts
Authot: Ido Perelmutter
Author: Falkra - libellules.ch
- Scene of the cybercrime, page 328. Syngress. ISBN 978-1-931836-65-4.