.png)
8 months ago
48 BOOK THIS SPACE FOR AD
ARTICLE AD
Scraping deleted data is kind of nice thing . And i want to do something with my pendrive so i fully zeroed usb drive using dd (linux tool).
Usb drive is now contains nothing but zeroes i copied some jpg images to usb
While each filesystem handles deletion differently in technical implementation, the concept they utilize is the same. When you delete a file from the storage medium where your filesystem is located, the bits that your data is stored in are simply marked as "unused".
Deletion by the definition of the word tends to imply an "overwriting" or "zeroing" procedure, i .e. actually getting rid of the data. Actually zeroing the bits that hold your to-be-deleted data would be a time intensive procedure;
especially when you start to consider deletion of large files.
Now we know deleting data actually not deletes it.
I deleted the jpg files from usb drive
We can now run our recovery tool to scrape out as many files as we can from the free (i.e. deleted) space of our device. The tool we are going to use is called Foremost. It i s a very simple to use tool that was originally created by the U.S. Air Force and later made open source and public. It has the ability to recover a few common filetypes automatically.
These types include images, executables, documents, movies, etc. It supports ext3, fat, and ntfs filesystems, so chances are that your device will be supported. On a Debian system it was just a matter of running the following command to install foremost.
Need to found path of the usb drive for that you can use more than one way.
To find out if usb is mounted you can check it by
lsusbNo we need to find out our path to usb for that we can use
lsblkOr
sudo fdisk -lMy path to drive was
/dev/sdbI confirmed it by looking at it’s size you can also check it by plugging and unplugging usb and entering these command will help you find your path
We are now ready to recover our files. If you know the specific type of file you wish to recover you can save time by telling Foremost
sudo foremost -T -t {fileType or all for all types} -i {drive} -o {outputFolder} -qIt will take some time to complete after completion it will create a folder named recovery
Once it has finished you will have hopefully recovered the data you were looking for to the recovery folder you specified. There is however one more hurdle to jump before you can find out. Foremost (like most of the tools we’ve used so far) can only operate as root. As such the output files it generated are also owned by root. To fix this we' ll chown them to our user.
sudo chown -R username:username {folder path}It will conclude it’s findings on audit.txt and creates and arranges each filetype in different folders
Foremost successfully recovered the images
This should serve as a good starting point for your journey into understanding computer forensics. Advanced topics exist to supplement your knowledge. For instance, Foremost is limited to specific filetypes. If you want to recover other files you may have to resort to using advanced software like Autopsy and Sleuth kit, but these require a deeper understanding of computer forensics.
Bengali (Bangladesh) · 
English (United States) ·