File Recovery

timer Asked: Nov 1st, 2015

Question description

File Recovery

A forensic investigator needs to understand the actual workings of the computer and operating system, which can sometimes be quite different from what people view as expected behavior. For instance, a file that is "deleted" may actually still be intact. A computer forensics investigator can, in many cases, locate and recover the contents of that file; certain actions, however, can permanently destroy the contents of an unwanted file.

When you think of a computer file, you probably think of its contents as stored on a medium such as a hard drive. Many people do not realize that the file has a second important component: its directory entry. The file system keeps a list of all the file names and locations, just like a large building would have a directory of its occupants. When you delete a file, the operating system changes or removes the directory entry, but it seldom actually erases the file's stored content. Programs called undelete or file recovery software can search file directories for deleted entries and can scan your entire disk for traces of file contents. A secure delete program, popularly called a file shredder, prevents anyone from recovering a deleted file. The shredder writes over a file's contents with a meaningless pattern, sometimes several times, to ensure that the original data is no longer on the disk.

To prepare for this application, locate and install both a file recovery tool and a secure delete program. You can find many free versions of these tools on the web, so if the first one doesn't work well for you, try another. Search the Internet for related resources.

When you have installed these programs, capture screenshots as you perform the following steps:

  1. Create a new folder on your computer's hard drive or a thumb drive. Add at least three files to this folder, and then delete one or two of them. Be sure to remove the files from your recycle bin or trashcan as well.
  2. Run the file recovery program to locate and restore the deleted files.
  3. Delete the files again. This time, use the secure delete program.
  4. Run the file recovery program and try to recover the shredded files.

Write a 1- to 2-page paper to report the process you followed and your findings. Format your report as if you were preparing a forensic results report for an official investigation. Also include your impressions about the file deletion and recovery process. For example, were you surprised at the number of old deleted files you could restore? Why aren't files deleted securely by default?

All work are to be in APA format

Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors