Data recovery software

[Carder]

You have to resort to data recovery when you accidentally delete the necessary files, when formatting the file system with the necessary data, when the file system crashes, when for some reason the disk simply ceases to be detected by the operating system, or when the storage medium is damaged, as a result of which some files become inaccessible or disappear.

This article contains a list of programs that are somehow related to the recovery of files, folders, photos, documents, etc. from information carriers. Absolutely all of these programs are free, each of them is open source.

I divided these programs into four groups:

• Programs for recovering deleted files
• File system recovery software
• Data recovery software from damaged media
• Forensic software with data recovery function

The division is somewhat arbitrary, since some programs have wide functionality, and can be placed in several groups at once.

Programs have their own characteristics: the operating system on which they run, the methods used, the types of files they can find, the file systems, the methods used, etc. If one of the programs does not work, then it makes sense to try another.

All programs described here work on Linux, some of them are cross-platform and work on other operating systems such as Windows. This will be noted in the program description.

Usually, deleting a file does not delete its contents, but deletes information about that file. Much the same happens when formatting media quickly. This is exactly what many file recovery programs use - they find the contents of a file and copy it, this process is called "file recovery". The space (area on the disk) that the file occupied is considered unallocated (not allocated) after deletion and can be overwritten when another file is saved. Therefore, it is extremely important not to save new data to media. If you don't, then programs and system processes can do it without your participation. Operating systems continually access the file system. For example, the Windows operating system accesses its registry several times every second throughout the entire operation of the computer.

Many processeswhich you don't even know about, also work with the filesystem. From here, quite obvious rules follow:

• do not write new files to a disk or USB flash drive from which you want to recover a deleted or missing file;
• be sure to save the recoverable files to another medium, and not to the one from which the recovery is being carried out, since these files overwrite data and the chances of recovering each subsequent file fall;
• if you are on Linux, then unmount the partition or remount it read-only;
• if it is a system partition, it is recommended to turn off the computer and work from the Live disk or the image of this partition.

It is good practice not to work with the media directly, but to make an image of it and work with the image file. Thanks to this approach:

• the media can be disconnected from the system, which guarantees that any OS processes will not access it and write data to it;
• you definitely will not harm the carrier if you do something wrong;
• if the need to restore files is associated with a media malfunction, then intensive work of several programs can aggravate the situation.

Programs for recovering deleted files:​

This section mainly contains programs that restore individual files and folders.

PhotoRec
PhotoRec is perhaps one of the most user-friendly programs out there. It runs on various operating systems, including Windows. In Windows OS it can work both in console mode and with a graphical interface. Despite its friendliness, it is very effective for file recovery. It can even work with media whose file system has crashed.

This program is a companion to TestDisk, which could also be considered in the same section, since it also knows how to recover files. But the main purpose of TestDisk is to restore file systems, so it will be discussed a little later.

Scalpel
Scalpel is an open source file recovery program using a header, footer database. It can recover from disk images or devices with raw blocks, headers and footers are set by the user. The program is used not only for file recovery, but also for digital forensic research.

extundelete
extundelete is a utility that can recover deleted files from ext3 or ext4 partitions.

Foremost
Foremost is a console program for recovering files based on their headers, footers and internal data structures. This process is commonly referred to as "data scraping". Foremost can work with image files such as those generated in dd, Safeback, Encase, etc. or directly from disk. Headers and footers can be specified in the configuration file, or you can use command line switches to precisely define the built-in types. These built-in types look at the data structure of a given file format, allowing more reliable and faster recovery.

ext4magic
ext4magic is a Linux admin tool that can help recover deleted or overwritten files on ext3 and ext4 file systems.

It relies on the file system log for its work.

ext3grep
ext3grep is a tool for examining ext3 filesystems for deleted content and the ability to recover it. The program helps to recover deleted files only from ext3 file systems.

scrounge-ntfs
scrounge-ntfs is a utility for rescuing data from damaged NTFS partitions, it writes the resulting files to another working file system. Some information about the damaged partition must be known in advance.

Recoverjpeg
Recoverjpeg - Recovers JFIF (JPEG) photos and MOV video files. Recoverjpeg tries to identify jpeg images in the file system or from a file system image.

magicrescue
magicrescue - Scans a block device and extracts files of known types by magic bytes. Can be used as a utility for recovering deleted files, and rescue data from a damaged disk or partition. Works on any file system, but on very fragmented file systems, the program can only recover the first chunk of each file. However, these chunks sometimes reach 50 megabytes.

ddrescue
ddrescue is a data recovery tool. Copies data from one file or block device to another, tries to salvage the good parts first if there are read errors.

File system recovery software:​

TestDisk
TestDisk is open source software and is licensed under the GNU General Public License (GPL v2 +).

TestDisk is a powerful free data recovery software. It was designed primarily to help restore lost partitions and / or restore disk bootability if this problem is caused by software, viruses, or human error (such as accidentally deleting the Partition Table). It is very easy to restore Partition Tables with TestDisk.

TestDisk can:

• Correct the partition table, recover deleted partitions;
• Recover FAT32 boot sector from backup;
• Rebuild (reverse engineer) the FAT12 / FAT16 / FAT32 boot sector;
• Correct the FAT table;
• Rebuild (reverse engineer) NTFS boot sector;
• Recover NTFS boot sector from backup;
• Recover MFT using MFT mirror;
• Define a backup SuperBlock ext2 / ext3 / ext4;
• Recover deleted files on FAT, NTFS and ext2 file systems;
• Copy files from remote FAT, NTFS and ext2 / ext3 / ext4 partitions.

TestDisk is suitable for both beginners and experts. For those who know little or nothing about data recovery methods, TestDisk can be used to collect detailed information about non-bootable disks, which can then be used for further analysis. Those who are already familiar with such procedures should find TestDisk a handy tool when performing recovery.

TestDisk can run under:

• DOS (real or in Windows 9x, DOS-box)
• Windows (NT4, 2000, XP, 2003, Vista, 2008, Windows 7 (x86 & x64), Windows 10
• Linux
• FreeBSD, NetBSD, OpenBSD
• SunOS
• MacOS X

gpart
gpart tries to guess which partitions are present on the hard drive. It tries to find a lost, overwritten, or corrupted, but still existing on disk, partition table that the operating system cannot access. gpart ignores the master partition table and scans the disk (or disk image) sector by sector for multiple file system / partition types. In its work, it uses modules for recognizing file systems, polling them, whether the given sequence of sectors resembles the type of the file system or partition.

anyfs-tools
anyfs-tools - unix-way set of tools for recovering and converting file systems.

Tools:

• anyfs-tools provides a unix-way set of tools for recovering and converting filesystems.
• build_it reads from the directory recursively information about all inode of the file system using the driver (for reading) of the Linux OS and saves it as an external inode table.
• anysurrect searches the device for files based on the known structure of different file types. Information about the found files is also saved in the form of an external inode table.
• reblock changes the file system block size. reblock, using information from the inode table, changes the positions of individual fragments of files so that they are aligned to the boundaries of blocks of the new size.
• build_e2fs builds an ext2fs file system on the device based on the information provided by the external inode table.
• build_xfs builds an xfs file system on the device based on the information provided by the external inode table.
• anyconvertfs converts the device filesystem using other utilities from anyfs-tools.
• anyfs file system driver for Linux allows you to mount a device using information from an external inode table. In this case, such file operations as deleting, moving files will be available on the mounted file system; creation of symbolic and hard links, special files; change of access rights. All these changes are saved when the external inode table is unmounted in the same file and do not affect the device itself.
• anyfuse is the FUSE implementation of anyfs

Programs for recovering data from damaged media:​

safecopy
safecopy is a tool for recovering data from problematic or damaged media. The program rescues data from sources with read-write errors. It tries to get as much data from the source as possible, even resorting to low-level device-specific operations where possible.

recoverdm
recoverdm - Recovers files from disks with bad sectors.

recuperabit
recuperabit is a forensic file system reconstruction tool.

Forensic software with data recovery function:​

Autopsy
Autopsy is a digital forensics platform and graphical front end for the Sleuth Kit and other digital forensics tools. It is used by law enforcement, military and corporate experts to investigate what happened on computers. Ordinary users can use it, for example, to recover photos from a digital camera memory card.

Autopsy was built to be intuitive out of the box. Installation is simple and a wizard will guide you through the steps.

Sleuth kit
The Sleuth Kit (TSK) is a C library and collection of command line tools that let you explore disk images. Key TSK functionality allows you to analyze volumes and file system data on a suspect's computer. The plugin framework allows you to incorporate additional modules to analyze file content and build automated systems. The library can be incorporated into a wide variety of digital forensics tools, and command line tools can be used directly to search for evidence.

Since the tools do not rely on the operating system to manipulate the file system, deleted and hidden content is shown. The program works on Windows and Unix platforms.

DFF (Digital Forensics Framework - digital forensics framework)
DFF (Digital Forensics Framework) is an open source forensic computer platform built on top of individual APIs. DFF is intended to replace the aging digital forensics solutions used today. Designed for ease of use and automation, the DFF interface guides the user through the major steps of digital investigation, so it can be used by professionals and non-experts alike to quickly and easily complete digital investigations and incident response.

 

[Carding 4 Carders]

Compare popular backup programs​

"The disk flew" is always an event. If it happens in the sky with a large crowd of people, it's time to wait for reports on television and enthusiastic comments from ufologists. If it happened on your computer, everything is much sadder: you will have to painstakingly restore lost files and hope that the most valuable thing is not irretrievably lost. And you can avoid this altogether if you managed to make backups, for the creation of which humanity has come up with special automated programs. This article is devoted to the review of the most popular ones.

But Stirlitz managed to survive
It is necessary to make backup copies of the most valuable files in advance this is obvious and should make it a habit for any user to wash their hands before eating or put on a hat in the cold. True, fans of freezing their ears do not become less over the years, and therefore companies specializing in data recovery, for the most part, do not suffer. A truly Golden age for them came with the beginning of the mass spread of Trojan encoders, when victims whose files were encrypted by malicious programs numbered in the thousands. Now the epidemic of cryptographers seems to have gradually subsided, but it is still important to protect yourself from the loss of valuable data. Any technique, unfortunately, can break. And some even suddenly.

It is also obvious that you need to copy information to external drives that are independent of the main data storage device. If you simply save files to a neighboring hard disk partition, it is highly likely to be covered along with the hard drive if it has problems with the hardware or logic. Previously, optical disks were used for this purpose, but they, firstly, are short-lived, secondly, they are limited in volume and the maximum number of recording iterations, thirdly, the speed of accessing the optical drive itself is very low, fourthly, writing drives can soon be found only in a Museum, and fifthly… Yes, and that's enough, perhaps. The reasons already listed are enough to make a responsible statement: optics is the last century, although many companies (and ordinary users) still store archives of their documents on DVD.

Flash drives are also not very well suited for backup due to their low volume and low speed of working with the USB bus. Therefore, the best option is an external hard disk or SSD drive, cloud storage, or a remote FTP server. Another option can be NAS-Network-Attached storage, the so-called network storage. Compared to an external hard drive, it benefits because it does not require a direct connection to a computer: the NAS is a mini computer in itself, the main task of which is to organize data exchange over the network and write it to a disk or RAID array. NAS firmware, as a rule, is based on some heavily cropped version of Linux.

The device lives quietly in a local network, playing the role of a network file sharing service, to which you can upload anything, and this is convenient you can access it at any time, for example, automatically copy files to it on a schedule or during downtime of the work computer. This is also one of the disadvantages of NAS: most Trojan encoders are perfectly able to encrypt the contents of network folders attached to Windows, and sometimes vulnerabilities are found in the firmware of the storages themselves, which are used by intruders. So, in 2014, a Trojan called Trojan.Encoder.737 he encrypted files placed on network storages produced by a well-known company, and demanded $ 350 for their recovery. He penetrated there by exploiting a vulnerability in the device's firmware. The developer quickly patched the hole, but those users who did not have time to update in time still suffered from this threat.

Now let's find out what types of backups there are in the world at all. Most often, there are three options:

• full copy when a full copy of all selected data is created;
• incremental copying when only files modified since any last copy are added to the copy;
• differential adding only data that has changed since the last full copy was saved to the archive.

So, let's imagine that the place where we are going to store backups, we have: this is an external disk, NAS, or cloud. But most of all, to implement backup in everyday practice prevents elementary laziness. Really: you need to distract yourself from your favorite toys, remember which files have changed since the last backup was created, and upload them to the storage. This suggests a simple solution: automate this process as much as possible with the right SOFTWARE. And if macOS has, for example, a built-in application for time Machine backup, then the Windows developers did not provide such a convenient tool as part of the OS, and happy users of this platform have to look for third-party products.

In other words, we need to find a suitable program ideally a free one that supports scheduled work, has the ability to save copies on the network or in the cloud, and preferably includes the maximum number of backup types (preferably all three). So, what does the market offer us?

Acronis True Image
Probably everyone has heard about Acronis products. Logos of this company are emblazoned on the Formula 1 car of Russian pilot Daniil Kvyat, and there are enough Acronis ads on the Internet. Actually, the company has been specializing in the development of backup software throughout its history, and therefore has achieved some success in this field. For home users, the company offers the Acronis True Image program, which is distributed both as a licensed version designed for one installation, and by subscription.

Features of the basic version of the application include copying a disk image or selected files to the storage specified by the user, restoring data from a backup copy, cloning disk partitions, and protecting against cryptographers (the application monitors processes running in the system and warns the user when trying to encrypt files: the user will be asked to block a potentially dangerous process). Subscription customers will also have access to 250 GB of cloud storage on Acronis servers (or 1 TB, depending on how much you are willing to fork out).

The program itself in version 2020 boasts a clear and user-friendly interface: you select a local disk and files that you want to back up, show them where to upload the archive, and you can choose a locally connected device, a remote FTP server, a NAS, or any cloud as the destination, and in fact, that's all. If desired, you can encrypt the backup, and in the "Activity → Parameters" section, set the schedule and backup scheme for selected objects.

All three possible copy schemes are supported, and you can also set up exceptions for objects that don't need to be copied, and specify how often a full copy is created.

The advantages of Acronis True Image are actually limited to usability, while the most significant drawback of the program is a commercial license. If it's expired, you won't be able to restore data from the backup. In addition, if you stop paying for your subscription, the copies in the Acronis cloud will also be deleted after a while. Is such a copy storage tool reliable? Everyone is free to give their own answer, and in the meantime, we will look for a free alternative to this application.

AOMEI Backupper Standard
This is a completely free program for home use with a simple and intuitive interface, which can be downloaded, for example, from the site. The application allows you to create copies of the entire disk, its individual sections, only system files or user-specified file objects. Clone mode of a disk or its logical partition is available. You can choose local, network drive, or cloud storage as the archive location.

From the additional options of AOMEI Backupper Standard: the ability to run the batch script specified by the user before or after copying, set the compression level of the archive and configure its partitioning into volumes. Backup encryption is only available in the commercial version of the program.

You can configure the creation of backups on a schedule: once, daily, or in a specified time interval.you can use both the standard Windows task scheduler and the built-in application service.

The program has in its Arsenal full and incremental copying, differential mode is enabled in the commercial version for money. In addition, AOMEI Backupper Standard does not support the Russian language, but the program interface is so obvious and simple that even an untrained user can easily do without it. Unfortunately, the program does not support uploading files to an FTP server.

In general, the basic, free features of AOMEI Backupper Standard are enough to replace the money-hungry Acronis True Image on your home computer or laptop.

Paragon Backup & Recovery
Paragon Software is well known to users all over the world for its wonderful Partition Magic application, designed for flexible management of logical hard disk partitions. But this developer also has a free backup program called Paragon Backup & Recovery Community Edition.

The program is quite simple to set up and supports the same set of basic functions as its main competitors. You can copy the entire disk, a specified partition, or a set of files and folders selected by the user. You can also choose to copy certain types of files on the specified disk: documents, music, and videos, and you can specify the necessary extensions for each of these types. You can save copies to a local or network folder. cloud storage and FTP are not supported in the free version of the app. The Russian language is also not supported.

In the free version, you can perform all three types of backups: full, incremental, and differential. You can set up a schedule: start copying daily, weekly, monthly, or at system startup. However, there is no backup encryption in this version of Paragon Backup & Recovery.

Iperius Backup Free
Free version of the Iperius Backup software package designed for creating backups in the Microsoft Windows environment, including Windows 10 and Windows Server. You can download the program from the developer's website.

In the free version of Iperius Backup, the features are reduced: you can choose to copy individual files and folders on a local or network drive and copy the archive again to a local or network folder. Copying to an FTP server or to the cloud is not supported in the free version. The commercial edition of Iperius Backup can also copy an entire disk or partition, FTP data, Hyper-V virtual machines, Microsoft Exchange data, and various DBMS systems.

The app has a scheduler that allows you to set up copying at a specific time-daily, weekly, on days of the week, or on specific dates. In the settings, you can configure how to compress the archive, maintain log files, and add or exclude system and hidden files from the backup. You can set up sending an email message when the backup is complete, or running a custom program or script before or after the backup is created. Archive encryption is not available in the free version, but the program is equipped with a Russian-language interface, which is already quite good.

Admittedly, I spent quite a long time looking for options for creating the archive itself in the iperius Backup settings it turned out that they were hidden in the menu of the Add dialog box/create a destination folder". It is there that you can choose exactly how we will pack our data it turns out that the program supports not only full, but also incremental and differential copying. You can also enable ZIP compression and specify a password for the archive: of course, this option will not replace full backup encryption, but password protection is better than nothing at all.

The overall conclusion can be drawn as follows: the app's features look quite attractive, but everything is spoiled by a rather complicated and confusing interface, half of the buttons in which, when clicked, offer to buy the full version of the program. But if you take the time to understand its free features, they will be enough to cover most of the basic needs.

EaseUS Todo Backup Free
This is another free program from EaseUS. you can download the app from Its website. The freely distributed version also has a number of limitations: it does not support separate copying of Outlook email archives and creating an event-based schedule — you can only configure the launch time. Russian language support is not available in all versions of the product.

What, of course, pleased me was the ability to encrypt the backup with a given password. You can also enable sector-by-sector copying of the selected partition — in my opinion, this option is not supported by any other free program.

You can set up a backup by day, week, or month. The created archive can be placed on a local or network drive, in NAS network storage, or in cloud storage (if it is again connected to the computer as a disk). Copying to a remote FTP server is only available in the paid version.

A separate function of the program - System Backup-is to create an image of the operating system installed on your computer. Todo Backup Free detects the OS type itself and allows you to save it for quick deployment. You can also configure copying only individual files from the specified disks. Unfortunately, the choice of file types by mask or extension is not available for free users.

Among other things, in this version of the product, the function of cloning a disk or logical partition is available in the form of a step-by-step wizard, and in the advanced settings of Todo Backup Free, you can find tools for checking a previously created disk image, as well as for creating a bootable USB flash drive or CD with WinPE or Linux. Unfortunately, I didn't find the option to create an incremental and differential copy in the program settings it seems that Todo Backup Free can only work with the full one. And one last thing: upon a cursory acquaintance with this application, I got the impression that it is clearly slowing down compared to its competitors. On a powerful computer, this may not be too noticeable, but on a netbook with limited hardware resources, Todo Backup Free can completely hang the system. Be careful.

Conclusions
Now, let's put the information on all the reviewed applications in a table.
If you do not take into account the commercial Acronis True Image, among the free products, the Russian-language iperius Backup Free and AOMEI Backupper Standard look the most interesting in terms of the range of functions offered. The second one has a simpler and more intuitive interface, but it doesn't know how to encrypt or password protect backups. If you need encryption, but you only need to simply copy files without the possibility of creating incremental or differential copies, you can use the free program EaseUS Todo Backup Free.