file recovery of drafts, etc. after virus
Posted: 30 Jul 2014, 15:52
Hello,
I am attempting to help a user hit by an encrypting ransom virus. The backup drive was inserted while the virus was active and those files were also encrypted or corrupted. I wonder if I might be able to use photorec to recover deleted copies or drafts of some of the files that were encrypted. The virus has been removed.
The documentation emphasizes damaged drives. Running photorec does not do anything to the drive that you are searching, correct (the scanned drive remains just as it was)? It merely scans for file headers and copies what it finds to the specified directory?
If so, do you also have suggested procedures for dealing with any virus files that may be recovered with the rest?
Thanks for your help,
E
I am attempting to help a user hit by an encrypting ransom virus. The backup drive was inserted while the virus was active and those files were also encrypted or corrupted. I wonder if I might be able to use photorec to recover deleted copies or drafts of some of the files that were encrypted. The virus has been removed.
The documentation emphasizes damaged drives. Running photorec does not do anything to the drive that you are searching, correct (the scanned drive remains just as it was)? It merely scans for file headers and copies what it finds to the specified directory?
If so, do you also have suggested procedures for dealing with any virus files that may be recovered with the rest?
Thanks for your help,
E