( File Recovery: File Scavenger 3.2 ) { Recover Files: Deleted from the Recycle Bin } Background Information Background File Scavenger is a Windows file undelete and data recovery utility for NTFS and FAT/FAT32 volumes. It can recover files that were damaged by virus or accidentally deleted from Windows Explorer, the Recycled Bin, command line window, or a network share along with original folder names and file Create and Modified dates. It supports reformatted volumes or broken hardware/software RAID volumes as well as file compression, dynamic disks, alternate data streams, sparse files, Unicode file names and more. With the trial version only 64KB or smaller files can be recovered. File Scavenger offers 3 different search modes, one for quick access to recently deleted files, one for exhaustive search and also a defunct volume search that can even recover files from compromised striped and RAID volumes. We tested the product on a machine that was reformatted a few days ago, and safely recovered some of the files, old desktop shortcuts and more. File Scavenger can be installed or used in portable mode.   Reference Link:  http://www.quetek.com/ http://www.snapfiles.com/featured/406688-104372.php Prerequisite Login to the Instructor VM. Download File Scavenger 3.2 from the below link: http://www.snapfiles.com/featured/406688-104372.php Click Download   When Saving the file Click on the Save Button (See Below)   Location to save the file. Navigate to C:\tools\File Scavenger\ Click Save.   Click Run   Click Run   Install Select the Install Radio button if not already selected. Note:  If this was an actual Forensics investigation, you run this program without installing it.   Click Next   Select "I accept the agreement" and click next   Click Next   Click Next   Click Install   Click Finished   Section 1: Create a test file to delete and recover Start Up Notepad Go to All Programs --> Open a Virtual Machine --> Notepad   Saving the file. Type something in the file. Save the file at C:\tools\File Scavenger\ Name the file trojan-horse.txt Click Save.   Section 2: Delete File and Send to Recycle Bin Delete the file Go To Windows Explorer Navigate to C:\tools\File Scavenger\ Right click on file trojan-horse.txt Click Delete   Send to Recycle Bin Click Yes.   Delete File from Recycle Bin Click on the Recycle Bin Icon located on your desktop.   Delete trojan-horse.txt Right Click on trojan-horse.txt Click Delete   Confirm that you are sure that you want to delete trojan-horse.txt   Section 3: File Scavenger Start up File Savenger 3.2 Start --> All Programs --> File Scavenger 3.2 --> File Scavenger 3.2   Searching for trojan-horse.txt Search for: trojan* The "*" is a wildcard character that replaces the ".txt" Look in: Select "Disk 0" Mode: Select Quick. Note: If you do not find what you are looking for, then you will use the Long mode. Then Click Search   Boot section Question Select OK.   Skip Deleted files? Select "No. Display deleted files."   Viewing your results. Click on the OK button.   Click on the Recover Tab Highlight trojan-horse.txt by clicking the checkbox next to the file.   How to recover your file Select the Browse Button. Navigate to C:\tool\File Scavenger\ Select OK   Click on Recover (See Below)   Select the Demo radio button and Click OK. Note: Since we are using the trial version, you can only recover a 64 kilobyte file.  But for the purposes of learning how to recover a file that has been deleted out of the recycle bin, it will serve our purposes.    Recovering Data to the Same Drive Check the "I have pressed F1 and read the warning" checkbox. Type "Yes" in the Overriding code textbox Select OK   Overwrite Mode. Select "Use the more recent file" if not already selected. Click OK.   Files were successfully recovered. Click OK.   Verify the file has been recovered. Bring Up Windows Explorer. Navigate to C:\tools\File Scavenger\ Proof of Lab Open Windows Explorer.  Navigate to C:\tools\File Scavenger\ Right Click on file trojan-horse.txt Click on Properties   Make a screen print of the trojan-horse.txt Properties Cut and Paste into a word document Submit to Moodle.

Help ComputerSecurityStudent pay for continued research, resources & bandwidth