Hey, i have a big question, ive heard that once you delete something from your Recycling Bin, they are deleted forever. But recently i heard about something called "Forensic Software" that can be installed in a PC and recover all the deleted files, is this true? Can anyone use this? is it available somewhere?

Thanks!

Janetuniverse.

There is a good, long article (http://www.techtv.com/screensavers/supergeek/story/0,24330,3414953,00.html) about it at Techtv.com.

From my understanding, the software to do such a thing is quite expensive($1000+) and available only to law enforcement. The companies that offer this as a service use their own proprietary software.

If you delete something from your hdd all that happens is that it is removed from the FAT (file allocation table). The data is still there, however the FAT knows that it can now use that area if it wants.

Eventually new data will be written over that area of the hdd and the file will be "deleted". However that can still be recovered using the appropriate software. Trust me I know this, as I have seen it done.

There is software available to completely obliterate files. This can be used to different levels. Options will be something like delete all data, fill this space with zeros, repeat x number of times.

These are standards. e.g. the US Military will have a standard for deleting secret material. The software available will work to that standard, or whichever one you chose.

Yep, Jpaul is right...however, if you have system mechanic you can pretty much really eliminate it with its incinerator feature...

System Mechanic? Is that a public software or also only for law enforcement? How does it work?

Janet.

You have to pay for it if you want a legal copy.

It is shareware, so you can use it for 30 days I think for free with all of the features.

Download System Mechanic 3.7h here (http://www.iolo.com/downloads.cfm)

Or you can download 'Eraser' for free: http://www.heidi.ie/eraser/
This one can also create a floppy nuke disk, which will erase all HD detected. Beware: large files can take forever to erase. Picture yourself copying a 700 MB movie, which can be about 5 minutes. Multiply the time by 35 and you'll get the picture.


Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS.
Eraser is FREE software and its source code is released under GNU General Public License.
The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.

Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting methods.

with norton system works there is a way to get back deleted stuff works quite often, as long as you havent written something over the space on the hdd

look for a program called "EnCase". it's one of the programs that are used to make an evidence record of the contents of a drive and was mentioned on here a while ago.

you'll need to look for somewhere to download it yourselves, as it's a rather rare/expensive/illegal program.

looking at their on website, i believe it was $2500 or so for a license

you'll also need either 2 hard drives or 2 partitions to run it

Originally posted by 2nd gen noob@30 June 2003 - 08:34
look for a program called "EnCase". it's one of the programs that are used to make an evidence record of the contents of a drive and was mentioned on here a while ago.

you'll need to look for somewhere to download it yourselves, as it's a rather rare/expensive/illegal program.

looking at their on website, i believe it was $2500 or so for a license

you'll also need either 2 hard drives or 2 partitions to run it
This is a sweetass program, know from first hand experience. B)


For home use I have Forensic Utility Suite (http://www.lc-tech.com/forensic_suite.htm).

EnCase is fairly awesome, it is used by the law enforcement community in the UK and has been tested in court .

Originally posted by JPaul@30 June 2003 - 14:27
EnCase is fairly awesome, it is used by the law enforcement community in the UK and has been tested in court .
True so true, the ability to incorporate it's finding into a finalized professional documented report makes it stand well in court.

I have used these guys data recovery software many times to great success.
it is easy and not priced in the thousands...

Ontrack Data Recovery services and Software (http://www.ontrack.com/)

I accidently formatted a hard drive at work. But was able to retrieve 90% of all files, including the deleted 'Recycle Bin' files. Since the hard drive was recently defragged, recovering lost files was not hard.

I had a copy of that software (one of them atleast) and it is listed as VERY expensive. I downloaded it from K-Lite. I'll post the naem of it when I remember what it was.

Originally posted by Spindulik@1 July 2003 - 21:42
I accidently formatted a hard drive at work. But was able to retrieve 90% of all files, including the deleted 'Recycle Bin' files. Since the hard drive was recently defragged, recovering lost files was not hard.

I had a copy of that software (one of them atleast) and it is listed as VERY expensive. I downloaded it from K-Lite. I'll post the naem of it when I remember what it was.
Nice one, I'd like a hash for that if you have one.

Originally posted by Spindulik@1 July 2003 - 21:42
I accidently formatted a hard drive at work. But was able to retrieve 90% of all files, including the deleted 'Recycle Bin' files. Since the hard drive was recently defragged, recovering lost files was not hard.

I had a copy of that software (one of them atleast) and it is listed as VERY expensive. I downloaded it from K-Lite. I'll post the naem of it when I remember what it was.
I did the same today I used Getdataback to recover most of my files, I lost the partition I kept my movies on but got everything else back.

Great, thanks for all your replies, please if you know a cheaper or free software to recover my files, because i lost very important paperwork and some Mp3s and video clips, actually 800 MP3s of mega rare remixes. It was such a shame, but i went so happy when i heard you can recover files deleted from the Recycling Bin.

But anyway please reply more, thanks so much

Janet.

Oh, I remember the name...

ONTRACK EASY RECOVERY DATARECOVERY Professional Edition V5.1

Wont Windows Washer delete the files that are supposedly "undeletable?" It has someting that can "bleach" items. so Will indows Washer work?

I use a program like that... My stupid sister once decided to delete all my mp3s. cause shes against downloading stuff. I got pissed for a sec then I laughed at her she couldn't figure out why. I just sat down on the computer and recovered all my file right in front of her it was quit funny! :lol:

cool!!!

But what about windows washer???

Fast File Undelete is a sweet lil program i have used to undelete files before. "hint look for the serial on google then download the trial verision"an enjoy...Not that I do that. A friend mentioned that...lol

There's a program called "Encase" which is what Gvt agencies use to recover files.

You can find it on kazaa if your lucky or the emule network if you dont mind the slow download speed.

Originally posted by evilbagpuss@5 July 2003 - 00:59
There's a program called "Encase" which is what Gvt agencies use to recover files.

You can find it on kazaa if your lucky or the emule network if you dont mind the slow download speed.
is there an echo in here?

:P

Agencies such as FBI and CIA use special programs the erase data. Those programs overwrite data with bogus data 7 times or more.

Originally posted by 2nd gen noob+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (2nd gen noob)</td></tr><tr><td id='QUOTE'>is there an echo in here?[/b]

Point taken :rolleyes: That&#39;ll teach me to scan through threads quickly.

In my defence at least I might have stopped people searching kazaa for hours instead of using emule :P

<!--QuoteBegin-Paul
Those programs overwrite data with bogus data 7 times or more. [/quote]

Thats nowhere near enough these days, not if you expect them to use hardware techniques such as MFM.

If your HD uses an RLL encoding scheme created prior to 1995 use a 35 pass gutmann wipe, if it uses an RLL encoding scheme post 1995 you&#39;d probably be better off using a 30-40 pass &#39;plain&#39; pseudorandom wipe. Dariks boot and nuke disk is probably the best as it offers concurrent wiping with >1 drive.

You also need to make sure that write behind caching is disabled on the drive in question. If your using win2k make sure you have SP4 (or SP3 at the very least) installed as win2k with SP2 or less doesnt disable it even though it says it does. I&#39;ve heard that some drives refuse to disable it under any circumstances but I havent been able to verify this.

Even after all that I still think they could recover a few bits and bobs and maybe more with enough time, money and expertise. It&#39;s similar to hitting a piece of metal with a hammer on one side then turning it over, hitting it a few more times and expecting it to be perfectly flat again. i.e virtually impossible.

I hope no ones posted all that in this thread already :D

I think the best way to get rid of any incriminating evidence is to smash your hard drive to hell with a hammer. Better to lose a hard drive than to lose a court case&#33; :lol:

Originally posted by Gooch2k@5 July 2003 - 08:01
I think the best way to get rid of any incriminating evidence is to smash your hard drive to hell with a hammer. Better to lose a hard drive than to lose a court case&#33; :lol:
this sounds a bit high tech for me.

can you give a link to a tutorial or something?

:P

Seriously though. I find Evidence Eliminator a very useful program for getting rid of files, registry values and such. It&#39;s got a 30 day trial so it&#39;s worth taking a look at.

Seriously though. I find Evidence Eliminator a very useful program for getting rid of files, registry values and such. It&#39;s got a 30 day trial so it&#39;s worth taking a look at.

Originally posted by Gooch2k
Seriously though. I find Evidence Eliminator a very useful program for getting rid of files, registry values and such. It&#39;s got a 30 day trial so it&#39;s worth taking a look at.

Thats snake oil dude, I have tested it extensively and have had no problems recovering files after a "secure wipe". I was very careful in setting all the options to &#39;maximum&#39; so to speak.

There are free alternatives that do a better job, e.g eraser.

i just saw an advice column on MSN.COM of all places, recommending that you take the proper steps to truly erase all your data before giving/tossing a hard drive away.