.

Good HDD Forensics tool on BT5

<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Mon Apr 02, 2012 5:37 am

Good HDD Forensics tool on BT5

So I've recently started looking into digital forensics and was wondering which tool on BT5 that EH would recommend for data recovery for HDD. I currently have a 750Gb laptop HDD that recently crapped out and I wondered if it was possible to recover data from it?
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

jimbob

Post Mon Apr 02, 2012 5:53 am

Re: Good HDD Forensics tool on BT5

Hi,
If the disk is failing but still working i.e. you can read the raw data from the disk then you could image the disk with a tool like ddrescue and try to recover the data. If the disk does not power up, is not recognised or you cannot transfer data from it then you're most likely out of luck.

You can check out this article on BT5 forensics for some ideas and examples.

http://technology-flow.com/articles/bac ... forensics/

Regards,
Jimbob
<<

millwalll

Post Mon Apr 02, 2012 6:28 am

Re: Good HDD Forensics tool on BT5

Yah it really does depends on the state of the HDD if its failing to boot it could just have a bad sector on it that pretty easy to repair. Most of the good tools I came across you need to pay for sadly.
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Mon Apr 02, 2012 9:29 am

Re: Good HDD Forensics tool on BT5

Jimbob:

I'll have to give that article a look over. I purchased the Laptop about 8 months ago and the HDD crapped out about month 7 :/ I did some basic troubleshooting and what I could gather from the HP website was that the HDD failed (not so helpful). I have recently come into poession of the cables needed and a forensic bridge to hook it to my other laptop to try to rip the data.

Jamie:

Yeah, I had found a few tools but they were all kinda $$$ I know at some point I'll break down and purchase one eventually but I'd rahter do it once I have a better grasp of what's out there. At this point the laptop won't even go to the BIOS screen. I feel the HDD attempt to spin up but then it just stops. It sucks because I had a good amount of music and documents on there :/
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Apr 02, 2012 10:56 am

Re: Good HDD Forensics tool on BT5

If the laptop doesn't get to BIOS then there are other issues most likely, easy test on whether the rest of the hardware is good is to use a bootable CD/DVD/USB image.  This will ensure the MoBo and other hardware are functioning.  Bad drive will not prevent the BIOS from posting.  But a bad MoBo, RAM or CPU will.  Bad RAM or CPU will usually cause error beeps unless the CPU is really fried.

For the drive I typically keep an IDE/SATA to USB adapter handy.  This lets you connect the drive as if it was an external one.  If it is accessible then like Jamie said, you probably just have some data corruption.  If it is not accessible and you don't hear it spinning up, then you might have a mechanical failue and there isn't much you can do with your limited budget.  If you store the drive in the freezer (in a zip lock freezer bag) for a couple hours, that sometimes helps getting it to spin up enough to get data off it.

Good luck!
Certs: GCWN
(@)Dewser
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Apr 02, 2012 11:37 am

Re: Good HDD Forensics tool on BT5

Just download FTK imager (http://accessdata.com/support/adownloads) and go from there. Not necessarily a fan of forensics tools on a pentesting OS. FTK Imager's sole purpose is data recovery.
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Mon Apr 02, 2012 11:54 am

Re: Good HDD Forensics tool on BT5

Well after doing some more looking into it I'm pretty sure the mobo is fried. I swapped RAM with a buddy's laptop and still nothing. I also tried my USB copy of BT4 with no luck :(

Just download FTK imager (http://accessdata.com/support/adownloads) and go from there. Not necessarily a fan of forensics tools on a pentesting OS. FTK Imager's sole purpose is data recovery.


Thanks, I'll have to look into this one when I have some free time later.
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Sun Jul 01, 2012 4:20 pm

Re: Good HDD Forensics tool on BT5

You may be out of luck all together and the HDD is just bad and nothing can read it or even see it.  I had this 2 wks ago with a case I am working on.

It was a USB external drive.  I tried it with Encase, FTK, a Knoppix boot CD, a Tableau TD1 and even a Tableau USB Bridge.  Nothing worked.  The computer wouldn't even see it so we had to write a NO Findings report on it.
Security+, Network+, C|EH, CHFI, CPT

Return to Forensics

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software