can any body suggest the best kit for recovery of deleted files from sd cards within the handsets etcI have been told recover my files etc are not best
Hi Bigjon.
I tend to normally use EnCase. It's quick and easy to use on memory cards etc. Firstly, acquire the image of the device, then run a script over the image to look at the unallocated space. You can then export your findings.
Another one to consider, is something like Photorec. That checks for the headers etc of designated file types and extracts the findings to a folder of your choice.
Both can and do pick/miss somethings that the other one doesn't.
Kind regards.
Dunk.
cheers dunkjt74 does this translate the hex into readable format as well?
Yes it can in most circumstances, either directly or via a custom script (there are hundreds out there). Depends on exactly what you wish to do, so the variations of the results are determined by what scripts (custom or otherwise) etc you use with EnCase.
Photorec, for your info, tends to just try to retrieve files/part files that it finds and produces what it can in its export (so you can end up with part images/videos or nothing viewable at all if it's only found a header). It doesn't deal with 'data' as such. Best used for image/movie files etc.
Both are very good, but as always, don't just rely on one of them.
Hope this helps.
Dunk.
If the deleted data is still referenced by the file system (deleted, but not unallocated) a free tool such as FTK Imager would make it very straightforward.
If you want something old-school, command line (and free!) Scalpel often does a good job, but you'll need to know a little about the file signatures of the types of files you're digging for.
thank you again guys great help,matbe see you at trews conference 25 26 nov