| Author | Message | ||
     julio cesare Username: julio Registered: N/A |
Hi there! I have a partition table which seems to be fucked by an attempt to format to NTFS another partition on a disk. I open the disk with winhex and i can see the partition but it's marked as "lost" but i can enter it and browse directorys. I cant browse the partition under windows, nothing is found. So my question is, what exactly should i do to recover this partition marked as "lost" by winhex. I dont want to lose the data by doing wrong manip. Help is much apreciate from you part julio | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
In WinHex, you recover/copy all files that you need (select them, right-click, use Recover/Copy command in context menu, select a different drive as the output path). Then you can repartition/reformat as needed to get back to normal. | ||
| julio cesare Username: julio Registered: N/A |
Thanks a lot for answering me, i tryed this and it seems to works pretty well so far (not finished). I have just another small question about why there are with each file recovered another one called the same +_KAVICHS . I made some googling and found out that it's related to NTFS ADS. WinHex seems able to recover them as well, but why i see them as file under explorer now? They shouldnt be seen under explorer so far. Is there a way to automatically remove all theses files and is it safe to delete them all? Thanks a lot for answering me again, your program helped me. Jul | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
These are alternative data streams created by anti-virus programs of a certain manufacturer. I recommend omitting them from the recovery altogether in WinHex, e.g. by exploring recursively from the root directory, sorting by the Attributes column, selecting the ADS, and then hiding them (e.g. by pressing the Del key). Why you see ADS as files in your output folder: Because the general idea in WinHex and X-Ways Forensics as computer forensics tools is to make hidden data easily visible and accessible. Alternatively, you could conveniently delete the ADS in the output folder, using the Search functionality in the Windows Explorer (matching them by name) and the Del key. | ||
| julio cesare Username: julio Registered: N/A |
Ok thanks a lot Stefan for all these precious informations, i think i will just make a search on *KAVICHS with windows explorer and delete all these files. Good bye and thank you. Jul |