1 / 44

D A T a

R E C O V E R y. D A T a. R E C O V E R y. Team Members-: Renu Kumari Sharma (04317) Viplav Anand (04345) Sanjay Moulik (04348) Upal Mukherjee (04352) Amal Mandal (04354). D A T a.

dore
Download Presentation

D A T a

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. R E C O V E R y D A T a

  2. R E C O V E R y • Team Members-: • Renu Kumari Sharma (04317) • Viplav Anand (04345) • Sanjay Moulik (04348) • Upal Mukherjee (04352) • Amal Mandal (04354) D A T a A TECHNICAL PROJECT BY THE STUDENTS OF 3rd YEAR CSE

  3. WHAT DO WE MEAN BY DATA ? • DATA MAY BE DEFINED AS FACTS, FIGURES AND STATISTICS SUITABLE FOR COMMUNICATION, INTERPRETATION, OR PROCESSING BY HUMANS OR BY AUTOMATED MEANS. GENERALLY, IT REFERS TO THEINFORMATION ENTERED INTO, AND STORED WITHIN A COMPUTER SYSTEM IN THE FORM OF A FILE. • CONNOTATION OF DATA IS COMPREHENSIVE, IT INCLUDES NOT ONLY MULTI-MEDIA FILES SUCH AS TEXT DOCUMENTS, IMAGES, VOICES THAT ARE STORED IN A FILE SYSTEM OR DATA BASE, BUT ALSO HARDWARE INFORMATION, NETWORK ADDRESSES AND OPERATING SYSTEM SERVICES, WHICH ARE USED TO DEPOSIT AND MANAGE THOSE INFORMATION.

  4. WHAT DO WE MEAN BY DATA RECOVERY? • DATA RECOVERY MEANS RETRIEVING LOST, DELETED, UNUSABLE OR INACCESSIBLE DATA THAT LOST FOR VARIOUS REASONS. • DATA RECOVERY NOT ONLY RESTORES LOST FILES BUT ALSO RECOVERS CORRUPTED DATA. • ON THE BASIS OF DIFFERENT LOST REASON, WE CAN ADOPT DIFFERENT DATA RECOVERY METHODS. THERE ARE SOFTWARE AND HARDWARE REASONS THAT CAUSE DATA LOSS, AND ACCORDINGLY WE CAN RECOVER DATA USING SOFTWARE AND HARDWARE TECHNIQUES.

  5. SCOPE OF DATA RECOVERY • SYSTEM PROBLEM. • PARTITIONING PROBLEM. • DEVELOPMENT OF BAD SECTORS. • LOSS OF FILES. • LOSS OF PASSWORDS. • INACCESSABLE FILES.

  6. PRINCIPLES OF DATA RECOVERY • BACKUP ALL THE DATA IN YOUR HARD DISK. • PREVENT THE EQUIPMENT FROM BEING DAMAGED AGAIN. • DON’T WRITE ANYTHING TO THE DEVICE FROM WHICH YOU WANT TO RECOVER DATA. • TRY TO GET DETAILED INFORMATION ABOUT HOW THE DATA WAS LOST AND THE LOSING PROCESS. • BACKUP THE DATA RECOVERED IN TIME.

  7. CAUSES OF DATA LOSS • SOFTWARE REASONS, LIKE COMPUTER VIRUSES AND OTHER MALACIOUS PROGRAMS, MIS-FORMAT, MIS-CLONE ETC.; FIXED THROUGH SOFT-RECOVERY TECHNIQUES. • HARDWARE REASONS, LIKE DEVELOPMENT OF BAD SECTORS, DAMAGE OF THE READ HEAD, HARD DISK SCRAPE, CHIP BURNOUT, CIRCUIT PANEL SNAG ETC.; FIXED THROUGH HARD-RECOVERY TECHNIQUES.

  8. DATA PROTECTION TECHNOLOGIES • SELF MONITORING ANALYSIS AND REPORT TECHNOLOGY(SMART). • SHAKE PROTECTION SYSTEM(SPS). • DRIVE FITNESS TEST(DFT). • FLOPPY DISK ARRAY(FDA)/REDUNDANT ARRAY OF INEXPENSIVE DISKS(RAID). • STORAGE AREA NETWORK(SAN). • NETWORK ATTACHED STORAGE(NAS).

  9. DEVELOPMENT HISTORY OF HARD DISK DRIVES • IN 1956, IBM INVENTED THE FIRST COMPUTER DISK STORAGE SYSTEM, THE 305 RAMAC. THIS SYSTEM COULD STORE 5 MEGABYTES. IT HAD 50, 24-INCH DIAMETER DISKS. • IN 1970, THE 8-INCH FLOPPY DISK DRIVE WAS INTRODUCED BY IBM. • IN 1980, SEAGATE TECHNOLOGY INTRODUCED THE FIRST HARD DISK DRIVE FOR MICROCOMPUTERS, THE ST506. IT WAS A FULL HEIGHT 5.25-INCH DRIVE, WITH A STEPPER MOTOR, AND HELD 5 MEGABYTES OF DATA. • IN 1981, SONY STARTED SHIPPING THE FIRST 3.5-INCH FLOPPY DISK DRIVES. • IN 1997, SEAGATE INTRODUCED THE FIRST 7,200 RPM, ULTRA ATA HARD DISK DRIVE FOR DESKTOP COMPUTERS AND IN FEBRUARY 2006, THEY INTRODUCED THE FIRST 15,000 RPM HARD DISK DRIVE, THE CHEETAH X15.

  10. TECHNICAL SPECIFICATIONS OF HARD DISK DRIVES • STORAGE CAPACITY. • ROTATION SPEED. • DUTY CYCLE. • AVERAGE SEEK TIME. • AVERAGE LATENCY. • AVERAGE ACCESS TIME. • BUFFER SIZE. • NOISE AND TEMPERATURE.

  11. PHYSICAL STRUCTURE OF HARD DISK DRIVES • BASE CASING. • SPINDLE. • SLIDER AND READ/WRITE HEAD ASSEMBLY. • ACTUATOR ARM. • ACTUATOR. • RIBBON CABLE. • PLATTERS. • SCSI INTERFACE CONNECTOR. • JUMPER CONNECTOR. • POWER CONNECTOR.

  12. LOGICAL STRUCTURE OF HARD DISK DRIVES • TRACKS. • SECTORS. • CLUSTERS.

  13. READING HARD DISK DATA USING GMR HEADS • FREE LAYER IS THE SENSING LAYER, MADE OF A NICKEL-IRON ALLOY, AND IS PASSED OVER THE SURFACE OF THE DATA BITS TO BE READ. • SPACER LAYER IS NONMAGNETIC, TYPICALLY MADE FROM COPPER, AND IS PLACED BETWEEN THE FREE AND PINNED LAYERS. • PINNED LAYER IS MADE UP OF COBALT MATERIAL AND IS HELD IN A FIXED MAGNETIC ORIENTATION BY VIRTUE OF ITS ADJACENCY TO THE EXCHANGE LAYER. • EXCHANGE LAYER IS MADE OF AN "ANTI-FERROMAGNETIC" MATERIAL, AND FIXES THE PINNED LAYER'S MAGNETIC ORIENTATION. • WHEN THE HEAD PASSES OVER A MAGNETIC FIELD OF ONE POLARITY, THE FREE LAYER ELECTRONS GET ALIGNED WITH THOSE OF THE PINNED LAYER; THIS CREATES A LOWER RESISTANCE IN THE ENTIRE HEAD STRUCTURE. • WHEN THE HEAD PASSES OVER A MAGNETIC FIELD OF THE OPPOSITE POLARITY, THE ELECTRONS IN THE FREE LAYER ROTATE SO THAT THEY ARE NOT ALIGNED WITH THOSE OF THE PINNED LAYER. THIS CAUSES AN INCREASE IN THE RESISTANCE OF THE OVERALL STRUCTURE.

  14. HARD DISK INTERFACES • INTEGRATED DRIVE ELECTRONICS(IDE). • ADVANCED TECHNOLOGY ATTACHMENT(ATA). • SERIAL ATA(SATA) AND PARALLEL ATA(PATA). • DIRECT MEMORY ACCESS(DMA). • UNIVERSAL SERIAL BUS(USB). • SMALL COMPUTER SYSTEMS INTERFACE(SCSI).

  15. REGIONS OF A HARD DISK DRIVE • MASTER BOOT RECORD(MBR). • DOS BOOT RECORD(DBR). • MASTER FILE TABLE(MFT) OR, FILE ALLOCATION TABLE(FAT). • FILE DIRECTORY TABLE(FDT). • DATA.

  16. LOW LEVEL FORMATTING OF A HARD DISK DRIVE • TEST THE HARD DISK MEDIA. • PARTITION TRACKS FOR HARD DISK. • ARRANGE SECTORS FOR EACH TRACK ACCORDING TO THE SPECIFIED INTERLEAVE. • SET THE SECTOR ID TO EACH TRACK AND FINISH SETTING SECTORS. • TEST THE HARD DISK SURFACE, MARK “BAD” TO THE DAMAGED TRACK AND SECTOR. • WRITE A CERTAIN ASCII TO EACH SECTOR OF HARD DISK.

  17. HIGH LEVEL FORMATTING OF A HARD DISK DRIVE • ASSIGN LOGICAL SERIAL NUMBERS FOR SECTORS (SERIAL NUMBERS IN PARTITION) FROM CYLINDER THAT ASSIGNED BY EACH LOGICAL DRIVE. • ESTABLISH DBR IN BASIC PARTITION, AND LOAD 3 SYSTEM FILES OF DOS IF THERE IS “/S” PARAMETER IN THE COMMAND. • ESTABLISH FILE ALLOCATION TABLE (FAT) IN EACH LOGICAL DISK. • ESTABLISH FILE DIRECTORY TABLE (FDT) THAT IS CORRESPONDING TO THE ROOT DIRECTORY AND THE DATA AREA.

  18. USING “FORMAT” FOR HIGH LEVEL FORMATTING • FORMAT <VOL> [/FS: ] [/V: ] [/Q] [/A: ] [/C] [/X] • FORMAT <VOL> [/V: ] [/Q] [/F: ] • FORMAT <VOL> [/V: ] [/Q] [/T: /N: ] • FORMAT <VOL> [/V: ] [/Q] [/1] [/4] • FORMAT <VOL> [/Q] [/1] [/4] [/8] • <VOL> SPECIFIES THE DISK VOLUME TO BE FORMATTED. • [/FS: ] SPECIFIES FILE SYSTEMS LIKE NTFS OR, FAT32. • [/V:] SPECIFIES THE VOLUME LABEL TO BE ASSIGNED, IF ANY. • [/Q] SPECIFIES WHETHER QUICK FORMAT IS TO BE ENABLED. • [/A: ] SPECIFIES THE DEFAULT ALLOCATION SIZE TO BE USED. • [/C] SPECIFIES COMPRESSION TO BE ENABLED. • [/X] SPECIFIES FORCES THE VOLUME TO BE DISMOUNTED. • [/F: ] SPECIFIES THE SIZE OF THE FLOPPY DISK. • [/T: /N: ] SPECIFIES THE NUMBER OF TRACKS AND SECTORS.

  19. USING “FDISK” FOR MASTER BOOT RECORD RECOVERY • FDISK [/CMBR] [/ACTOK] [/Q] [/PRI: ] [/EXT: ] [/LOG: ] [/FPRMT] • [/CMBR] SPECIFIES RECREATION OF THE MASTER BOOT RECORD. • [/ACTOK] SPECIFIES IGNORING OF BAD SECTORS, IF ANY. • [/Q] SPECIFIES TO QUIT AFTER FORMAT WITHOUT AUTO REBOOT. • [/PRI: ] SPECIFIES CREATION A DOS PARTITION. • [/EXT: ] SPECIFIES CREATION OF AN EXTENDED PARTITION. • [/LOG: ] SPECIFIES CREATION OF A LOGICAL PARTITION. • [/FPRMT] SPECIFIES SUPPORT CHECKING IN INTERACTIVE MODE.

  20. USING “FIXMBR” FOR MASTER BOOT RECORD RESTORATION • FIXMBR <DRIVE> [/A] [/D] [/P] [/Z] • <DRIVE> SPECIFIES THE HARD DISK DRIVE SCOPE. • [/A] SPECIFIES ACTIVE DOS PARTITION. • [/Q] SPECIFIES TO QUIT AFTER FORMAT WITHOUT AUTO REBOOT. • [/P] SPECIFIES DISPLAY OF PARTITION. • [/D] SPECIFIES DISPLAY OF MASTER BOOT RECORD. • [/Z] SPECIFIES ZERO MASTER BOOT RECORD.

  21. COMPONENTS OF MASTER BOOT PARTITION • IO.SYS. • MSDOS.SYS. • COMMAND.COM. • NTLDR.EXE. • BOOTLOG.TXT. • _RESTORE • RECYCLED

  22. SYMPTOMS OF MASTER BOOT PARTITION DAMAGE • INVALID MEDIA TYPE ERROR WHILEST READING HARD DISK DRIVE. • FILE SYSTEM DISPLAYED AS “RAW”. • WINDOWS MAY ASK TO FORMAT THE DRIVE. • FILENAMES GET MORPHED TO INCLUDE WEIRD CHARACTERS. • “SECTOR NOT FOUND” MESSAGES BY THE OPERATING SYSTEM.

  23. MASTER BOOT PARTITION RECOVERY • RECOVERY BY HIGH LEVEL FORMAT. • RECOVERY BY PARTITION TABLE DOCTOR.

  24. FILE ALLOCATION TABLE RECOVERY • RECOVERY USING DISKEDIT. • RECOVERY USING WINHEX.

  25. FILE DIRECTORY TABLE INTERPRETATION USING WINHEX • BYTES 0 TO 7(8 BYTES) REPRESENT FILENAME. • BYTES 8 TO 10(3 BYTES) REPRESENT FILE EXTENSION. • BYTE 11(1 BYTE) SPECIFIES FILE ATTRIBUTES. • BYTES 12 TO 21(10 BYTES) ARE RESERVED BYTES. • BYTES 22 AND 23(2 BYTES) INDICATE THE FILE CREATION TIME. • BYTES 24 AND 25(2 BYTES) INDICATE THE FILE CREATION DATE. • BYTES 26 AND 27(2 BYTES) GIVE THE NUMBER OF FILE CLUSTERS. • BYTES 28 TO 31(4 BYTES) SPECIFY THE FILE LENGTH.

  26. FEATURES OF NEW TECHNOLOGY FILE SYSTEM • MULTI-DATA STREAMS. • NAME BASED ON UNICODE. • GENERAL INDEX MECHANISM. • THE DYNAMIC BAD CLUSTER REPRINTS MAPS. • SUPPORTS POSIX. • FILE COMPRESSION. • FILE ENCRYPTS. • DISK QUOTA. • HARD LINK AND SOFT LINK. • LINK TRACKS. • LOG RECORDS. • FRAGMENTATION.

  27. TERMINOLOGIES OF NEW TECHNOLOGY FILE SYSTEM • LOGICAL CLUSTER NUMBER(LCN). • VIRTUAL CLUSTER NUMBER(VCN). • BIOS PARAMETER BLOCK(BPB). • FILE SYSTEM DRIVER(FSD). • SYSTEM CONTROL BLOCK(SCB). • FILE CONTROL BLOCK(FCB). • ENCRYPT FILE SYSTEM(EFS). • MASTER FILE TABLE(MFT). • MASTER FILE TABLE MIRROR(MFTM).

  28. OBTAINING FILES ON THE HARD DISK BY NTFS • NTFS OBTAINS STREAM CONTROL BLOCKS(SCB-S) OF FILE ATTRIBUTES THROUGH THE FILE OBJECT INDICATOR. • EACH SCB EXPRESSES A SINGLE ATTRIBUTE OF THE FILE, AND INCLUDES INFORMATION ON HOW IT OBTAINS THAT PARTICULAR ATTRIBUTE. • ALL SCB-S OF A FILE POINT TO A COMMON FILE CONTROL BLOCK(FCB). • FCB CONTAINS AN INDICATOR THAT POINTS TO THE FILE’S RECORD IN THE MASTER FILE TABLE(MFT). • NTFS GETS THE FILE ACCESS AUTHORITY THROUGH THIS INDICATOR.

  29. NUMBER METADATA FUNCTION 0 $MFT MFT ITSELF 1 $MFTMIRR PART IMAGE OF MFT 2 $LOGFILE LOG FILE 3 $VOLUME VOLUME FILE 4 $ATTRDEF ATTRIBUTE DEFINITION LIST 5 $ROOT ROOT DIRECTORY 6 $BITMAP BITMAP FILE 7 $BOOT BOOT FILE 8 $BADCLUS BAD CLUSTER FILE 9 $SECURE SECURE FILE 10 $UPCASE CAPITALIZED FILE 11 $EXTENDED METADATA DIRECTORY EXTENDED METADATA 12 $EXTEND\$REPARSE REPARSE POINTS FILE 13 $EXTEND\$USNJRNL LOG CHANGING FILE 14 $EXTEND\$QUOTA QUOTA MANAGEMENT FILE 15 $EXTEND\$OBJID OBJECT ID FILE 16~23 -------------- RESERVED 24~ -------------- USER DATA • INTERPRETATION OF RECORDS IN $MFT IN NTFS

  30. DIRECTORY AND FILE MANAGEMENT IN NTFS • NTFS ASSIGNS FILES ACCORDING TO CLUSTERS. NTFS DOES NOT CARE FOR SECTORS, BUT CLUSTER SIZE IS ASSIGNED AUTOMATICALLY AS PER VOLUME SIZE DURING FORMATTING. • THE MASTER FILE TABLE(MFT) IS USED TO DETERMINE FILE STORAGE LOCATION ON DISK. THE MFT ITSELF HAS ALSO ITS OWN FILE RECORD. • EACH FILE IN AN NTFS VOLUME HAS A 64-BIT FILE REFERENCE NUMBER. IT HAS 2 PARTS, FILE NUMBER AND FILE ORDER. FILE ORDER INCREASES AS REPEATED USAGE OF FILE RECORDS INCREASES. • NTFS LOCATES CLUSTERS WITH LOGIC CLUSTER NUMBER(LCN) AND VIRTUAL CLUSTER NUMBER(VCN). LCN IS A SIMPLE NUMBER FOR ALL CLUSTERS FROM BEGINNING TO END. VCN IS THE NUMBER FOR SPECIFIED FILES FROM BEGINNING TO END, WHICH IS CONVENIENT FOR REFERENCING THE DATA OF THE CORRESPONDING FILES. • A DIRECTORY OF NTFS IS ONLY A SIMPLE FILENAME AND AN INDEX OF THE FILE REFERENCE NUMBER. IF THE DIRECTORY ATTRIBUTE LIST IS SMALLER THAN THE LENGTH OF A RECORD, THEN ALL INFORMATION OF THIS DIRECTORY ARE SAVED IN THE MAIN FILE TABLE RECORDS.

  31. A FEW FREQUENTLY ASKED QUESTIONS • WHEN USING DATA RECOVERY WIZARD 3.0 TO RECOVER FILES, THERE IS SOME STRANGE SOUND IN HDD. HOW TO HANDLE IT? • HDD CANNOT BE DETECTED IN BIOS, HOW TO RECOVER DATA BY DATA RECOVERY WIZARD 3.0? • THERE IS NOT ENOUGH SPACE IN HARD DISK TO SAVE THE RECOVERED FILES, NOR THERE IS REMOVABLE STORAGE DEVICE; HOW TO HANDLE IT? • I HAVE RECOVERED SOME FILES, BUT I CANNOT RIGHTLY OPEN THEM. • IN WHAT OCCASION I CANNOT RIGHTLY RECOVER DATA?

  32. WORDS OF CAUTION • BECAUSE THE FILE MIGHT BE RECOVERED EASILY, IT IS QUITE POSSIBLE TO EXPOSE YOUR SENSITIVE INFORMATION. DATA SECURITY WIZARD CAN RENDER YOUR DATA IRRECOVERABLE FOREVER. • IT CAN ERASE INFORMATION THOROUGHLY BY US DOD ARITHMETIC. IT GUARANTEES IRRECOVERABILITY. • IT CAN ERASE INFORMATION EXACTLY. IT CAN ERASE THE SYSTEM INFORMATION OF A FILE, AND LEAVE NO TRACE. • DATA SECURITY WIZARD CAN ERASE A WHOLE HARD DISK.

  33. PREVENTION IS BETTER THAN CURE • AVOID CLOSE CONTACT OF A HEAT SOURCE WITH THE HDD. KEPP YOUR HDD AS MUCH COOL AS POSSIBLE WHILEST RUNNING. IF NECESSARY, MOUNT EXTRA COOLERS BENEATH THE HDD. • NEVER SUBJECT THE HDD TO HARD SHAKES AND IMPACTS. IT MAY DAMAGE THE GMR READ HEAD. • ALWAYS BACKUP IMPORTANT DATA IN TIME. • USE STRONG VIRUS AND MALWARE PROTECTION SOFTWARES TO PREVENT SUBSTANTIAL DAMAGE TO YOUR DATA.

  34. BIBLIOGRAPHY AND NETWORK SOURCES • DATA RECOVERY EBOOK V1.5 BY CHENGDU YIWO, DOWNLOADED FROM WWW.EASEUS.COM. • WWW.SEAGATE.COM. • WWW.WIKIPEDIA.COM. • WWW.PCGUIGE.COM. • WWW.GOOGLE.COM.

More Related