A Cool Open Source Forensic Tool

I learned of this program from a friend at my work who went through a similar situation that I just went through described in this post. He told me about TestDisk, which calls itself a “powerful free data recovery software,” program that is designed for situations like recovering photos and other files from damaged partitions and hard drives. It is not a fancy User Interface, so this will no doubt scare off most Window$ Users, but it was intended to work in a Terminal/DOS environment. Do not get me wrong, the application is very simple, basic and powerful! I highly recommend it, even if you are a newbie, or dabbler user of computers, this program could save your bacon.

The Scenario

A friend of mine asked me to look at his laptop because the hard drive was damaged. He needed to get some photographs so that he could finish a project for the company. His back-up hard drive was stolen just a week ago, which held the files, so in a last ditch attempted I agreed to have a look at the laptop and see what could be selvedge from it. The laptop was damaged too, so getting the files from it meant wiring it to my PC, and doing the recovery this way.

The problems that I faced were two fold. First, the hard drive was able to power up and generally work, but several of the jumpers were damaged. If I moved the cable just a bit, the drive would shut down and I would have to restart it again to connect to back to it. Second, the disk was partitioned with Window$ and Linux. Normally not a big deal, but the Linux side of it was encrypted, so lurking through that side of the partition was difficult. I could see most directories and all the system files, but moving through his Home directory meant using a password every time I moved from one directory to the other.

Within an hour we had pulled off what we could from the broken hard drive, and recovered about 30 percent of what he believed was on the disk.

Using the Program

To start the command (In Linux) type: sudo testdisk

Once the program loads up on the Terminal (or DOS) window, just follow the easy to use prompts.  This program operates and functions just like, or similar to, what the forensics teams use in various police agencies. I was amazed at how some of the files were that were still on the disk (that were supposedly deleted right from when his machine was purchased), about five years ago, and we could still see them!

The TestDisk Website: TestDisk

2 Thoughts on “A Cool Open Source Forensic Tool

