TestDisk

TestDisk
Developer(s) Christophe Grenier
Stable release 6.12 / May 11, 2011; 9 months ago (2011-05-11)
Development status Active
Written in C
Platform Cross-platform
Type Data recovery
License GPL (free software)
Website www.cgsecurity.org/wiki/TestDisk

TestDisk is a free data recovery utility. It was primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table). TestDisk can be used to collect detailed information about a corrupted drive which can then be sent to a tech for further analysis.

Contents

Supported operating systems

TestDisk supports these operating systems:

Supported partition table type

TestDisk recognizes the following disk partitioning:

It also handles non-partitioned media.

Partition recovery

TestDisk queries the BIOS or the operating system in order to find the data storage devices (hard disks, memory cards, …) and their characteristics (LBA size and CHS geometry). TestDisk can[1]

TestDisk does a quick check of the disk's structure and compares it with the partition table for entry errors. Next, it searches for lost partitions[2][3] of these file systems:

However, it's up to the user to look over the list of possible partitions found by TestDisk and to select the one(s) which were being used just before the drive failed to boot or the partition(s) were lost. In some cases, especially after initiating a detailed search for lost partitions, TestDisk may show partition data which is simply from the remnants of a partition that had been deleted and overwritten long ago.

A step by step guide[4] explains how to use this software. TestDisk can be used in Computer forensics procedure[5], it supports the EWF file format used by EnCase.

Filesystem repair

TestDisk can deal with some specific logical filesystem corruption[6]:

File recovery

When a file is deleted, the list of disk clusters occupied by the file is erased, marking those sectors available for use by other files created or modified thereafter. If the file wasn't fragmented and the clusters haven't been reused, TestDisk can recover the deleted file:

Popularity

TestDisk and PhotoRec (by the same author) have been downloaded more than 150,000 times in July 2008 from the primary website. In fact these utilities are even more popular as they can be found on various Linux Live CDs:

They are also packaged for numerous Linux distribution

See also

References

  1. ^ Debra Littlejohn Shinder, Michael Cross (2002). Scene of the cybercrime, page 328. Syngress. ISBN 978-1931836654.
  2. ^ Ido Perelmutter - Debian Administration, Recovering from file system corruption using TestDisk
  3. ^ Ionut Ilascu, Softpedia, Your HDD Is Missing a Slice? Try TestDisk for a change
  4. ^ TestDisk Step by Step
  5. ^ Presentation of TestDisk in The Sleuth Kit Informer
  6. ^ Jack Wiles, Kevin Cardwell, Anthony Reyes (2007). The best damn cybercrime and digital forensics book period, page 373. Syngress. ISBN 978-1597492287.
  7. ^ Advanced FAT Repair
  8. ^ NTFS boot sector and MFT repair
  9. ^ Locate ext2/ext3/ext4 backup superblock
  10. ^ FAT file undelete
  11. ^ NTFS file undelete
  12. ^ ext2 file undelete
  13. ^ TestDisk on ALT Linux
  14. ^ ArchLinux Extra Repository
  15. ^ TestDisk on Debian
  16. ^ TestDisk in Fedora
  17. ^ TestDisk in Red Hat Epel
  18. ^ TestDisk in FreeBSD ports
  19. ^ TestDisk in Gentoo
  20. ^ TestDisk in Gentoo Portage
  21. ^ TestDisk in Source Mage
  22. ^ TestDisk in Ubuntu

External links