If you’ve ever wondered what tools a technical data recovery engineer might use on a daily basis, then here are my top five tools, although they may not be quite what you’re expecting.
If you think that data recovery is just about running a bunch of software tools on hard disks or RAIDs or data from backup tapes then for a professional technical company, this is far from the truth. As a data recovery expert my job at Altirium involves interrogating raw data and writing software to solve often complex problems. This is one thing that I think sets us apart from some of the other companies in the data recovery industry. Yes we use “off the shelf” recovery software where it’s appropriate but often they are found lacking and don’t give the best results or properly report their findings. Therefore to recover data where there are no tools available, we develop them in-house.
Some of the achievements we’ve delivered in the past 12 months, using my top five tools include:
- Reverse engineering the MS SQL Server data structures and written software to recover data from dropped tables, where off the shelf tools failed.
- Extending our Tivoli Storage Manager recovery software capabilities, adding extractors for more data sources and software compressed data.
- Identifying and implementing the processing of many undocumented structures in the Microsoft Tape Format, used in software such as Symantec BackupExec.
- Reverse engineering Atempo Time Navigator backup format including processing of software compressed data.
All of this has contributed to solving genuine data recovery issues and has saved the companies that have come to us, thousands of pounds in lost revenue, many hours of support time and countless terabytes of potentially “unrecoverable” data.
Here are the top five tools that I use pretty much every day during the course of my job.
1. Winhex: Undoubtedly one of the best hex editors for Windows. I originally discovered this tool at about version 9, I think, when it was just a hex editor on steroids. It was able to work within very large data files > 4GB (big at the time), where other software couldn’t. I could create structure templates to view real numbers rather than just hex and it had some great searching capabilities. Winhex have grown up a lot and is now on version 16. Unfortunately it has been adopted by the forensic community which I think is more lucrative and therefore some of the feature are now targeted towards them rather than us data junkies and so some of the changes have be detrimental. However it is still by far one of my most used tools.
2. Textpad: A simple, easy to use, plain text editor that got some cool but easy to use features. Simple keystroke macro recording, block selection cut and pasting, long lines (good for chopping up long line of hex). Syntax higlighting, Has some great sorting and searching functionality and is fast when dealing with very large text files such as file listings.
3. Excel: What’s a spreadsheet application doing acting as a data recovery tool I hear you cry. Well, it’s great for a working out offsets, relationships between values and I’ve also used it for annotating hex dumps from time to time.
4. VMWare Workstation: I frequently have to run trial software, whether it’s backup software, database servers, email servers, other recovery tools etc. VMWare Workstation allows me to quickly configure a virtual environment in which I can operate. Although the software tends not to run as quick as if it was running on native hardware and there are limitation, the virtual machines are quick to boot, take up less storage can be isolated in their own virtual network, snapshotted, replicated and destroyed without having to leave the comfort of my desk.
5. Visual Studio C++: When working in a data recovery environment its absolutely essential to be able to develop your own tools. If you don’t then you’re relying on someone else’s knowledge and I’ve many times in the past found this to be incomplete or in some cases misguided and wrong. I work predominantly in a Windows environment and Visual Studio C++, in my opinion has an excellent IDE to allow me to construct small widgets and test application to larger more robust software. In C++ I can address the data how I want to with few restrictions.