Editer l'article Suivre ce blog Administration + Créer mon blog
3 juillet 2011 7 03 /07 /juillet /2011 23:51

Even if you use a NAS to store your files, it does not prevent from deleting files by yourself, as a mistake.


Okay so let's open the box, and pick a HDD up. Then use a USB to SATA adaptor, and plug it on a computer.


On Win 7, here is what disk management says:




A bit strange partitioning, isn't it?


In fact, there are "only" 455.38GB, out of 500, that are really available as usable storage on the NAS. 10 GB are just not even allocated.


Windows does not recognize the file system. Well, either they used a proprietary one, or a pure Linux one...


Let's give BackTrack a try. BTW, welcome BT5 :)




Ermf... Ext2, ext3 and... ext4!


While I'd indeed suggest to consider ext4 as a good FS solution, in this case, it will complicate a bit the investigation: most of the forensics tools were built for ext2 and 3.


I wanted to try ext3undel, see http://projects.izzysoft.de/trac/ext3undel, on BT5:

- wget http://apt.izzysoft.de/ubuntu/dists/generic/index.php?file=ext3undel_0.1.6-izzy1_all.deb

- then dpkg -i ext3undel_0.1.6-izzy1_all.deb


But I don't know for now if this tools suite can be used on ext4, meaning without destroying the data.


More to come later on...


Update 1:


First results using the Gabi tools suite:

- lots of BMP files recovered, almost all of the same size, but none of them usable...



- lots of zip files also... but still none usable


- lots of jpg fies, ah... most of them are okay, but they lost their names (only numbers right now):



Will try others tools... since photographers don't like JPG files as they loose data information (describing the picture)....

Partager cet article