.nsf (lotus notes) mail file showing ...

Log Out | Topics | Search Moderators | Edit Profile

Author Message   Kapil Username: ithelpdesk Registered: N/A Posted on Saturday, Aug 23, 2008 - 9:59:    Dear stefan, Need help.......... Unfortunately our one user was taking backup of all data in other hdd & after copy the data he found his one archive file (Lotus notes) was missing & showing 0 bytes....what are the possibilities of recovery the archive file? We already try to recover the nsf file through recovery software but no success..... can we recover the file manually through MFT information & how? can u help me out from this issue?   Alfons Kramer Username: admin3 Registered: 4-2004 Posted on Monday, Aug 25, 2008 - 9:55:    For a realistic chance of a recovery of that particular file it is important to either take an image of the HD or not touching the HD until an recovery attempt. The best way is to retrieve the allocation info from the $LogFile. But this requires some intricate knowledge about the NTFS file system. Another strategy is to retrieve the file (or parts of that file in case of fragmentation) by file signature. The signature of a nsf-file is \x1A\x00\x00[\x03\x04]\x00\x00 . Also have a look at the system eventlog to check for possible I/O Errors responsible for the loss. Consider to look at the 'other hdd' as well.   IT Engr. Username: ithelpdesk Registered: 1-1997 Posted on Monday, Aug 25, 2008 - 20:46:    Thanx for your advise. But how to get the details for MFT information & if the data is fragmented then how can we recover it & what the information we need to recover this nsf file.   Stefan Fleischmann Username: admin Registered: 1-2001 Posted on Tuesday, Aug 26, 2008 - 7:00:    For that you would need intimate knowledge of the NTFS file system data structures, more precisely of the FILE records in the MFT.   IT Engr. Username: ithelpdesk Registered: 1-1997 Posted on Saturday, Aug 30, 2008 - 20:01:    Will you please tell me where can i get all the information on MFT or suggest me how to recover the nsf file manually? FYI i m live in india.   Alfons Kramer Username: admin3 Registered: 4-2004 Posted on Monday, Sep 1, 2008 - 10:22:    This is usually subject of our professional training courses. It cannot be tought by email. There is a book I can recommend: File System Forensic Analysis by Brian Carrier. Some material about the NTFS file system can be found in the Internet as well.