Data Recovery and Disk Utilities Forum @R-TT

Hello to all,
sorry for my English lousy,
some days I'm trying to retrieve data from a hard drive infected with ramsonware, if I make a normal recovery all files are corrupted or can not be opened, but all work in RAW. you can recover files from raw but use the file system tree?

Mattia

Hello Mattia

Ciao

No non puoi, quelli che trovi sono I files temporanei.

Il processo esegue

- copia del file originale in un file temporaneo
- cripta il file temporaneo
- lo copia di ritorno sovrascrivendo quello originale
- cancella il file temporaneo

Li troverai e non tutti solo in RAW

----- English Version ----

No you can't. The files you find in RAW mode are temporary files.

The process does

- copy the original file into a temp file
- encrypt the temp file
- copy back the temp file overwriting the original one
- delete the temp file

You'll find them and not all of them in RAW mode only

Ciao

però ad esempio ne sto facendo uno in questo momento, tramite raw riesco a risalire ad alcuni files che il cliente mi dice che erano sul desktop. avendo io l'albero "decriptato" ma con i files illegibili chiedevo se ci fosse un modo per fare un match ad esempio per estensione e dimensione ed andare a sostituire i files non leggibili.

Mattia

****English version****

But for example I'm doing one right now, I can go back through raw to some files that the client tells me that they were on the desktop. as I had the "decrypted" tree but with the unreadable files wondering if there was a way to make such a match by extension and size go and replace the files unreadable.

Mattia

No way

Customer have to replace and rename them manually

(P.S. per casi di hdd danneggiati RecuperoDati299euro offre un concreto programma di sconti per gli operatori del settore informatico)

R-Studio has some means to find the original files: Finding Previous File Versions. But prospects are really really grim.