[ale] OT: Data recovery from CD-ROM?

Bob Toxen transam at verysecurelinux.com
Mon Feb 20 11:38:37 EST 2006 

To recover, use dd to copy the raw device (such as /dev/cdrom or /dev/hdc)
to an ordinary disk file, such as /root/mycd.  Then run fsck or even fsdb
on it to fix the damage.  Then mount /root/mycd via the loopback device
(see the book "Real World Linux Security, 2nd ed" for how to do that).
Enjoy.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

On Sun, Feb 19, 2006 at 08:48:51PM -0500, Michael B. Trausch wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Pat Regan wrote:
> > 
> > What kind of physical damage?  If it is just a scratch it can probably
> > be buffed out.
> > 
> 
> Oh, if only.  :)  The CD not only has lots of cosmetic damage on the
> bottom causing it to probably throw the laser all over the place, but
> some actual chunks of the recorded (burned) data layer are missing,
> which makes the filesystem on the disc unreadable since the filesystem
> itself really isn't intact anymore.
> 
> The foremost(1) program looks promising.  It's recovered a good bit of
> the data from the disc, completely intact, much to my surprise.
> However, the really important data that we're looking for out of it has
> yet to be found.  This means one of two things:  It wasn't there, is no
> longer there, or foremost(1) needs a bit more help with it.  I'm leaning
> towards the latter of the options, with the middle one coming in at a
> really close second.  The problem is that I am not seeing foremost be
> able to detect Microsoft Word and other file formats outside of really
> popular, really open ones, with any accuracy.
> 
> I did some (manual) analysis of Microsoft Word files, and have come to
> the conclusion that the patterns included with foremost(1) are not well
> suited for finding Microsoft Office files.  This is based on ~500 files
> I have that were written in either probable version of Microsoft Office
> that saved the data on the CD in the first place.  *sigh*
> 
> So I'm hacking together (rather, attempting to hack together) a program
> that can do some batch analysis and confirm my conclusions.  If that can
> find me a more stable pattern to feed to foremost and net me the files
> back, Erica will be very, very happy (and had better provide me with
> dinners for a long, LONG time...)  :)
> 
> 	Thanks,
> 	Mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFD+SAD0kE/IBnFmjARAt5mAJ0X7VcNziYslOfhKCgWI5e5xvqJcwCfZiAm
> KN5C6F2MxRZhHEds71zVteY=
> =mw/p
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list