1 / 25

DAVORY: Data Recovery

DAVORY: Data Recovery. Supervised By: Dr. Lo'ai Tawalbeh Prepared By: Ibrahim Al-Shurbaji. DATA RECOVERY.

keala
Download Presentation

DAVORY: Data Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DAVORY: Data Recovery Supervised By: Dr. Lo'ai Tawalbeh Prepared By: Ibrahim Al-Shurbaji

  2. DATA RECOVERY • Data RecoveryData recovery is the act of salvaging data stored on damaged media, such as magnetic disks and tapes. There are a number of companies and software products that can help recover data damaged by a disk crash or virus. Of course, not all data is recoverable, but data recovery specialists can often restore a surprisingly high percentage of the data on damaged media.

  3. DATA RECOVERY cont. • Data recovery cases can be divided up into two main categories: • Common Recoveries – Involves floppies and hard drives that are usually from single-user personal computers. • Complex Recoveries – Involves hard drives, RAID arrays, tape and optical media or corrupted databases and file systems usually from multi-user, business systems. Data storage at the high end has become a very complex field. In the case of these complex systems data recovery can be seen as "troubleshooting data storage." • Whether common or complex, each data recovery case is unique and the process can be very resource extensive and exceedingly technical.

  4. DATA LOSS • What is Data Loss? • Typical Characteristics of a Common Data Loss Situation: • Accidental deletion of data • The sudden inability to access data from a previously functioning computer system or backup • Accidental re-forming of partitions • Hard disk crash or hard disk component failure • Ticking or grinding noises coming from the system unit where the hard drive is located while powering up or trying to access files. This symptom almost always indicates a failing hard drive and is often accompanied by some of the other symptoms.

  5. DATA LOSS cont. • Consider these facts: • More data is being stored in smaller spaces – Today’s hard drives store 500 times the data stored on the drives of a decade ago. Increasing storage capacities amplify the impact of data loss, making mechanical precision more critical. A slight nudge, a power surge, or a contaminant introduced into the drive may cause the head to touch the platter resulting in a head crash.

  6. DATA LOSS cont. • Data has become more mission-critical – Users today store more data on their desktops and networks that is mission-critical to their organizations and to their personal lives. Loss of mission-critical data, by definition, causes major business processes to stop. • Backup technology and practices have failed to adequately protect data – Many users back up their data only to find their backups useless at that crucial moment when they need to restore from them.

  7. DATA LOSS cont. • They fail because the systems are designed with a set of requirements that rely on a combination of technology and human intervention for success. Taped, tape drives and cartridges do not always work properly, due to their dependence on mechanical perfection. Backup software can become corrupted. Users accidentally back up corrupted or incorrect information

  8. WHAT TO DO? What to do • In cases where files have been deleted or overwritten, it is important for the best chance of recovering the files not to write any new data to the disk they were stored on, because the old data will only exist until such time as the space it occupied on the disk gets used for something else. If the files were on the main drive of the computer you're using now, this means that you should turn off the computer right now, and use another computer to search for a solution to recover your data. You may even need to consider putting your computer's hard disk in another computer to do the data recovery, because installing the software on your own computer could overwrite the data you want to recover.

  9. WHAT TO DO? cont. • We understand that this may not be easy or convenient to do. So it's your decision. It depends on how important these lost files really are to you. Continuing to use your computer, and installing software on it, won't necessarily overwrite the data you want to recover. But it could. It's up to you.

  10. DATA RECOVERY METHOD • Choosing the data recovery method • Choosing the right method to use to recover your data isn't easy. There are many different recovery tools on the market. Some are better at recovering deleted files, others are better at restoring overwritten files, or recovering files from damaged disks. Some are specialized for recovering photo images, or Microsoft Word or Excel document files, because they know what these files look like, and can retrieve their data even when all other clues to its existence have disappeared. One tool may succeed at recovering your files, even if another failed.

  11. DAVORY • DAVORY SOFTWARE • by X-Ways Software Technology AG. • X-Ways Software Technology AG is a stock corporation incorporated under the laws of the Federal Republic of Germany. • The following operating systems are supported: • • Windows 95/98/Me • • Windows NT 4.0 • • Windows 2000 • • Windows XP • Homepage: http://www.x-ways.net

  12. DAVORY • HOW TO USE • There are two ways how to recover data using Davory. Both require that you select the disk to recover from. • 1) Automatic recovery of files with given filenames. Preferred method. • 2) Automatic recovery of files of a certain type. Try if 1) is not available or if you are not satisfied with the results. Does not require a healthy file system)

  13. DAVORY • Important: At any rate, do not use the drive that you wish to recover from for writing data any more! You may inadvertently overwrite lost files, making them unrecoverable. This includes not booting Windows from such a drive any more, as booting involves numerous write operations as well. Davory can be run directly from a floppy disk or CD, and does not require a real installation using the setup program. Davory does not recover files "in place", on the original drive, but it recreates them on a different drive, so there is no danger of inadvertently making the data loss situation even worse. The original drive is not touched except for reading.

  14. DAVORY • Selecting the Disk

  15. DAVORY • Select the disk that contained the files you have lost. • Preferably, select a logical drive (also called a "drive letter" or "volume"). In that case WinHex relies on Windows being able to access the drive. Selecting a physical disk (also called "raw device") on the other hand, means opening the entire medium, as it is attached to the computer, e.g. a hard disk including all partitions. If the disk is not properly formatted, damaged, or if its file system is unknown to Windows, so Windows is unable to make it accessible as a drive letter, select the physical disk instead. When you select a physical hard disk, it is recommended to open one of the partitions separately. Note that File Recovery by Name can only be applied to a logical drive or a single partition.

  16. DAVORY • If you notice that Davory does not detect the size of your disk correctly, you could either enable the option "Check for last accessible sector" in the case of a physical disk when selecting the disk, or use Disk Parameters later. Please note that searching the last accessible sector may cause very long delays, strange behavior or even damage on some systems.

  17. DAVORY • Limitations: • • Under Windows NT, 2000, and XP administrator rights are needed to access hard disks. • • Davory cannot operate on remote (network) drives. • File Recovery by Name • Works on FAT12, FAT16, FAT32, and NTFS logical drives/partitions. You may specify one or more filename patterns that cover all the files you wish to retrieve, e.g.: • Letter to Mr. Smith.doc • Invoice*.pdf • m*.xls • Image*.gif • *.tif

  18. DAVORY • Please note that files that were moved to the recycle bin prior to permanent deletion are internally renamed by Windows, where only the filename extension remains the same. So if you wish to undelete files that were in the recycle bin before, specify only an asterisk before the dot (e.g. "*.jpg", not "mypicture.jpg"). • Optionally WinHex only recovers files that are explicitly marked as deleted in the file system. It may be wise not to use that option if you are looking for files that got lost other than by normal deletion, e.g. due to file system corruption. In that case you can even switch to files that are not marked as deleted. With that setting you will recover only those files that existed at the time when the corruption occurred and no duplicates (like previously existing working copies, temporary files etc.) that were deleted because they were no longer needed.

  19. DAVORY • If you deselect "Use file allocation table where possible", Davory will always rely on files not being fragmented, recovering them as a continuous stream of consecutive clusters. • Check “Intercept invalid filenames” to prevent a failure of the recovery because of filenames with characters considered as invalid by the file system. Useful for example if you wish to recover files that had filenames in a non-western language with a western-language Windows version. This option will rename such a file if necessary to ensure that it can be recreated.

  20. DAVORY • If you enable "Recover from one folder only", Davory will not search for the files on the entire drive, but only within the specified folder and optionally its subfolders (if traces of these subfolders can still be found). Only with both of these options (folder tree and subfolders) enabled, Davory will recreate the original folder tree within the output folder and will place recovered files into their respective subfolders. Not available for NTFS drives. • On an NTFS drive, if the file you are looking for cannot be found, it may help to enable the "thorough" search. It is not enabled by default because it takes significantly more time.

  21. DAVORY • You also specify an output folder where Davory should recreate the original file(s). Important: make sure this folder is on a different drive. Specifying a folder on the same drive where you are recovering from could easily overwrite disk space where deleted files reside that you still wish to recover! That way they would be lost forever. It might also lead to a loop, if Davory repeatedly "recovers" files that it has just recreated. • Unlike File Recovery by Type, "File Recovery by Name" will also restore the file date & time and its attributes.

  22. DAVORY

  23. DAVORY • File Recovery by Type • A data recovery function that searches for files that can be recognized by a certain "signature". Many file types have such a signature. Choose one more more file types from the list. To select multiple file types, hold the Ctrl key on your keyboard while clicking list items. More than 30 file types are pre-defined. • Davory tries to detect the original correct size of JPEG, GIF, PNG, BMP, TIFF, AVI, WAV, ZIP, HTML, RTF, and MS Office files automatically. If this fails, or for other file types, the files are recovered the fixed maximum size that you specify. Usually it does no harm to recover with a "too big" size (unlike "too small"), since the programs that deal with these files can tell from the file format where the actual end of file is. So be "generous" when specifying the size.

  24. DAVORY • The resulting files are named according to a pattern you provide (e.g. ~~~~ will result in files like 0001.jpg, 0002.jpg, and so on). A log file is written to the output directory as well. Optionally, files of each type will be put into their own subfolder, i.e. .jpg files into to the subfolder "jpg", .html files into the subfolder "html", and so on. • By default, all files found on the disk (existing or deleted) are recovered. Optionally you can limit the recovery to files that are found in unused parts of the disk, that is to presumably lost or deleted files. Please note that this recovery mechanism does not produce sound results in the case of files that were stored in a fragmented way (in discontiguous clusters).

  25. DAVORY • You also specify an output folder where Davory should recreate the original file(s). Important: make sure this folder is on a different drive. Specifying a folder on the same drive where you are recovering from could easily overwrite disk space where deleted files reside that you still wish to recover! That way they would be lost forever. It might also lead to a loop, if Davory repeatedly "recovers" files that it has just recreated.

More Related