Recovering LOST files from a hardrive
Help I have lost data files from my harddrive (due to CME-24 or other reasons).
First if at all possible TURN off the computer and put the infected drive on another system that is not infected.If for one reason or another you can not you should cosider one of the cdrom or floppy based
recovery systems and an extra drive.
You should preform recovery to a different filesystem then the one being recovered from other wise you risk overwriting some files as you recover others.
Be aware some companies offer demos that identifies "lost" files but doesn't save the files it finds.
Here is a short list of forensic tools and data recovery tools.
Windows:
http://www.x-ways.net/davory/index-m.htmlThe free version is limited to recovering files of 200k or smaller.
Linux/Unix based tools:
http://www.sleuthkit.org/autopsy/
CDROM based Bootable images
FCCU GNU/Linux boot CD 10.0 from the Belgian "Federal Computer Crime Unit"http://www.lnx4n6.be/index.php?sec=Downloads&page=bootcd
Fire from SourceForge
http://fire.dmzs.com/
FoRK from Vital Data
http://www.vitaldata.com.au/modules/tinycontent1/index.php?id=9
Requires a registration.
Here is a good list of forensic's tools.
http://www.forensics.nl/toolkitsKeywords:
0 comment(s)
CME-24 aka blackworm update
The numbers of infected emails have dropped off some
but we are still getting reports of CME-24 infected emails
being blocked inbound from several sources so the infection continues.
We are also getting a few reports of loss data due the malicious payload.
Many people have commented on the high counts of reported CME-24 in Puru and India.
One possible explanation comes from the way the worm updates the counter.
The worm hits its counter every time it starts up. Such as when a computer is rebooted.
So countries would have a higher hit count if they had
Older compters that require fequent rebooting.
dynamic IPs with a high rate of change
Systems that charge by the hour for connections (internet cafe')
but we are still getting reports of CME-24 infected emails
being blocked inbound from several sources so the infection continues.
We are also getting a few reports of loss data due the malicious payload.
Many people have commented on the high counts of reported CME-24 in Puru and India.
One possible explanation comes from the way the worm updates the counter.
The worm hits its counter every time it starts up. Such as when a computer is rebooted.
So countries would have a higher hit count if they had
Older compters that require fequent rebooting.
dynamic IPs with a high rate of change
Systems that charge by the hour for connections (internet cafe')
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments