Category Archives: Deleted File Recovery

You Can Be A Computer Detective Too, With OSForensics Beta

imageThe CSI TV franchise is great entertainment – but that’s what it is – entertainment. Nevertheless, the investigative techniques, despite the fact they are, in the main, pure science fiction – are pretty convincing.

One area where television productions, like this, and movies for that matter, generally get it right is – computer forensic investigation. While this type of investigation, with the investigators fingers flying across the keyboard, appears to be complex, in fact – the process is generally driven by software that is well organized, and logically constructed.

If you would like to try your hand at being a computer “Sherlock Holmes”, then checkout OSForensics Beta (latest release February 4, 2011), a menu driven forensic application that will allow you to identify, extract, document, and interpret data, on your computer.

The GUI is laid out in a functional and logical step by step process – easy to understand and navigate.

image

I won’t cover all of the capabilities of OSForensics ( I don’t want to spoil all your investigative fun), but as an example, the application can scan a system for evidence of recent activity, including accessed websites, USB drives, wireless networks, recent downloads, website logins and website passwords.

image

Just one example – in the screen shot below, you can see that the application has captured my login password (blacked out for privacy), for my Hotmail account.

OSF

The deleted file recovery function is particularly powerful and the application provides a graphical view of the allocation of the deleted file clusters on the physical disk.

image

Fast facts:

Search for Emails – An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.

Recover Deleted Files – After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.

Uncover Recent Activity – Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:

Opened Documents

Web Browsing History

Connected USB Devices

Connected Network Shares

Collect System Information – Find out what’s inside the computer. Detailed information about the hardware a system is running on:

CPU type and number of CPUs

Amount and type of RAM

Installed Hard Drives

Connected USB devices, and much more.

View Active Memory – Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible. Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.

Extract Logins and Passwords – Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.

While the application is designed as a forensic recovery tool, I can think of a number of uses for this application (since it can be run from USB drive), over and above its expressed purpose. I’m sure you can too.

System requirements: Windows XP, Vista, Win 7, Server 2000, 2003, 2008 (32bit and 64bit support – 64bit recommended). Minimum 1GB of RAM. (4GB+ recommended), 30MB of free disk space – can be run from USB drive.

Download the beta at: PassMark Software

There are a number of worthwhile additional free tools which can be used in conjunction with OSForensics. Checkout the developer’s site here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Beta Software, Computer Audit Applications, Computer Forensic Tools, Computer Tools, Deleted File Recovery, Freeware, Geek Software and Tools, Software, System Utilities

Deleted File Not in the Recycle Bin? No Worries – Glary Undelete Can Help You Recover

frustrated 2

The music collection you’ve spent years putting together, or that family photo album you’ve worked on for weeks – gone.

That document you’ve been working on for weeks is no longer in your document folder. Yikes!

We’ve all done it; accidentally deleted an important file.

Back in the DOS days, we would just use the command Undelete, or one of its variations, but today the solution is so much simpler.

The easy solution to this problem, that most of us can use, most of the time, is to simply restore the file from the Windows Recycle Bin. The Recycle Bin can be a life saver when a file has been accidentally deleted.

Normally, the deleted file sits in the Bin until you empty it, or restore the file. But what if the file has been permanently removed from the Bin, to make room for more recently deleted files for example, when the maximum size allocated in the Recycle Bin properties has been exceeded? And yes, it does happen.

image

All is not lost and here’s why: when a file is deleted from your Hard Drive, or portable media, what really gets deleted is the system link pointing to the file; but not the file itself.

Surprisingly, it can often be relatively easy to retrieve the deleted file, or a good portion of the file, using specialized file recovery software, which takes advantage of this reality.

To enhance the possibility of recovering the deleted file, rapid action is a prime requirement. File recovery software has limitations, so once you have realized you have deleted that important file; do not write any more files to the drive until you can run the recovery program.

Glary Undelete is a free recovery application, (from the developers of my all time favorite Windows utility – Glary Utilities), with a wizard driven interface, that makes file recovery just about as simple as it gets. In fact, Glary Undelete is the file recovery application that I have come to rely on.

image

I’ve had good success with this small application recovering deleted files, and I recommend that all users consider adding Glary Undelete to their toolbox.

Note: Glary makes the statement that this utility will, “even recover files that have been deleted by bugs, crashes and viruses”. I have not specifically tested this function.

Fast facts:

Supports FAT, NTFS, NTFS + EFS file systems

Supports recover compressed, fragmented and encrypted files on NTFS

Undelete files on portable media (SmartMedia, Secure Digital, MemoryStick, etc.)

Filter by file name, file date, size, and recovery state

Simple and User friendly interface

And more…

System Requirements: Windows Vista, XP, Windows 2003, Windows 2000, Windows 7.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Deleted File Recovery, downloads, Freeware, Software, Utilities, Windows 7, Windows Vista, Windows XP

Find That Deleted File Easily with Pandora Recovery

frustrated 2 We’ve all done it; accidentally deleted an important file. That document you’ve been working on for weeks is no longer in your document folder. Yikes!

The music collection you’ve spent years putting together, or that family photo album you’ve worked on for weeks – gone.

Back in the DOS days, we would just use the command Undelete, or one of its variations, but today the solution is so much simpler.

The easy solution to this problem that most of us can use, most of the time, is to simply restore the file from the Windows Recycle Bin. The Recycle Bin can be a life saver when a file has been accidentally deleted.

Normally, the deleted file sits in the Bin until you empty it, or restore the file. But what if the file has been permanently removed from the Bin, to make room for more recently deleted files for example, when the maximum size allocated in Recycle Bin properties has been exceeded?

All is not lost and here’s why: when a file is deleted from your Hard Drive, or portable media, what really gets deleted is the system link pointing towards the file, but not the file itself.

Surprisingly, it can often be relatively easy to retrieve the deleted file, or a good portion of the file, using specialized file recovery software, which takes advantage of this reality.

image

To enhance the possibility of recovering the deleted file, rapid action is a prime requirement. File recovery software has limitations, so once you have realized you have deleted that important file; do not write any more files to the drive until you can run the recovery program.

Pandora Recovery is a free recovery application, with a wizard driven interface, that makes file recovery just about as simple as it gets. In fact, Pandora Recovery is the file recovery application that I have come to rely on.

Those users who are unfamiliar with this type of application, will find the well written and instructive help file, particularly useful. As an added bonus, quick help links, make it easy for new, or casual computer users, to easily complete a task that can often be frustrating.

I’ve had good success with this small application recovering deleted files, and I recommend that all users’ consider adding Pandora Recovery to their toolbox. A good indication of the value of this small application is the 4 Star rating which this program has earned in CNET’s  user comments.

Fast facts:

Search Deleted Files

– Recovery of files whose MFT record has been reused by OS,

– Recovery of files from reformatted media,

– Recovery of files from discs with damaged or missing file allocation table.

Recover Archived, Hidden, Encrypted, Compressed files

Browse Deleted Files

Recover Alternate Data Streams (ADS)

Recover Images, Documents, Movies, or any other type of file

System Requirements: Windows Vista, Windows XP, Windows 2003 and Windows 2000, Windows 7

Download at: Download.com

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under computer repair, Deleted File Recovery, downloads, Freeware, Geek Software and Tools, Software, System Utilities, Utilities, Windows Tips and Tools