Computer Forensics & Data Recovery

Have you ever had an anti-virus or firewall tell you a file was malware, but you didn’t really think so?  It is a situation I encounter from time to time.  Sometimes, one security program will say one by another company is bad.

Well, there is a free site that helps you get a definitive 2nd, 3rd, 4th… 30th opinion.  It is VirusTotal.com .   A quick upload of the suspicous file to their site then it is scanned by numerous security programs.  This gives you a breadth of opinions on which to base your decision.

Another good way to get additional info, is to search for the file name in Google.  This will usually give some definitive write-ups on the file for anything that has been around for awhile.

Of course if you are in the Gainesville, Florida area… you can always contact me for a second opinion on your trojan, virus, or other malware.

I had a case recently where I had basically three hours  from hands on the computer to finding the evidence. If not the bad guy was going to get out of jail. To make things even more interesting the drives were in a RAID 0 configuration.

Well, I removed the drives, hooked them both to a forensic machine with Tableau write blockers. I fired up X-Ways forensics. I went into the feature to reassemble the RAID. After about 10 to 15 minutes of guessing raid striping size and header location settings, I was into the RAID. Thankfully the data was not hidden, deleted, encrypted or anything interesting like that.

I was able to quickly find the evidence in the case with supporting evidence to show personal possession/ knowledge. I still had enough time left to write arrest paperwork and drive to the jail.

Thanks to X-Ways and some quick work…. one more bad guy waiting for his day in court!

I just wanted to give a little update on my local Gainesville business.  I have been super busy lately! It seems like with every computer repair or data recovery job I do for a University of Florida student or professor I get 3 more jobs.  I am not complaining mind you :)  It just show how valuable word of mouth is among the UF community.

I have been doing more referral work, also.  Other computer shops recommending me, usually after they have given it a shot :)  It is all good.

I just want to thank everyone  who has been recommending me and helping my business take off.  THANKS!!

I haven’t learned all the features of this new release yet,  but I have already used it on two cases here in Gainesville, FL.  It performed great.  Each had thousands of videos and video fragments.  X-ways ran through all of the videos with no crashes.  It doesn’t grab a screen shot from every recovered fragment…. but not every piece of video is playable by any means.   It did go all the way through both cases with no crashes.

Considering what it is doing in grabbing these screen shots from movies…. it is fast too!  Even if it did take the computer 2 hours to run through the movies…  It would have taken me two days to physically open and preview every movie.

This new feature in X-Ways is going to be a HUGE time saver for me!  I can’t recommend it enough to anyone who has to sort through a large volume of movies.

I first downloaded CNW Recovery this software when I was working on my forensics certification. It was in Beta at the time. It was already then a nice piece of software, but needed some polishing at the time. Even then though there documentation was VERY impressive.

I recently downloaded the demo to take another look at it. I was very impressed. The software is geared towards data recovery, not forensics. The software is extremely versatile. It does a lot more than the traditional, “I can get your photos back” programs. It does have uses for forensics uses also.

I actually had a case where the suspect had deleted the boot sector in an effort to make the drive unreadable. I was able to use CNW recovery to get evidence off the drive. The software was stable and easy to use. It made quick work of the recovery job.

I will be buying the software for my data recovery business.

By the way, I am serious about their manual (and website). You can learn some lessons on data recovery just reviewing all that they have available for reading.

I am predicting that CNW Recovery will be a major player in the future of the data recovery world! Remember where you heard it!

When I have more experience with the software under my belt, I will report back with a more detailed review.