[转载]Recovering LOST files from a hardrive

信息来源：http://www.incidents.org/diary.php?storyid=1096

Help I have lost data files from my harddrive (due to CME-24 or other reasons).
First if at all possible TURN off the computer and put the infected drive on another system that is not infected.
If for one reason or another you can not you should cosider one of the cdrom or floppy based
recovery systems and an extra drive.

You should preform recovery to a different filesystem then the one being recovered from other wise you risk overwriting some files as you recover others.
Be aware some companies offer demos that identifies "lost" files but doesn't save the files it finds.

Here is a short list of forensic tools and data recovery tools.


Windows:
http://www.x-ways.net/davory/index-m.html
The free version is limited to recovering files of 200k or smaller.

Linux/Unix based tools:
http://www.sleuthkit.org/autopsy/


CDROM based Bootable images
FCCU GNU/Linux boot CD 10.0 from the Belgian "Federal Computer Crime Unit"
http://www.lnx4n6.be/index.php?sec=Downloads&page=bootcd

Fire from SourceForge
http://fire.dmzs.com/

FoRK from Vital Data
http://www.vitaldata.com.au/modules/tinycontent1/index.php?id=9
Requires a registration.


Here is a  good list of forensic's tools.
http://www.forensics.nl/toolkits