Difference between pages "Data Compass" and "Executable"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Related links)
 
(DBG, PDB)
 
Line 1: Line 1:
== Overview ==
+
{{expand}}
Data Compass is a hardware and software data recovery tool produced by [[SalvationDATA]].
+
  
According to our pioneer [[3+1 Data Recovery]] process, the stage following the drive restoration will be data recovery using Data Compass.
+
An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.
  
After bringing the failed drive back to life, as a data recovery professional, you know now you need to recover the damaged file system by using file system recovery software; and maybe you know also you need to do a disk imaging in order to work from an accurate, stable hard drive image.
+
There are multiple families of executable files:
 +
* Scripts; e.g. shell scripts, batch scripts (.bat)
 +
* DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
 +
* ELF
 +
* Mach-O
  
Unfortunately, traditional disk imaging tools and methods are designed for and work on good HDDs only, not the patient HDDs that are unstable or inaccessible because of media defects and instable head, which are common challenges of Stage 2 in practice. Even more, with those traditional imaging tools, the time involved and the ordinary user-level repeated-read access to the media bring a risk of damaging the disk and head, making data lost irretrievable.
+
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable]
  
But now there's a better way: The disk probing equipment included in the Data Compass suite bypassing the disk-level problems such as multiple bad sectors, damaged surfaces, malfunctioning head assembly, or corrupted servo info, In the meantime you can use the default software or any other defined software you have been familiar with (R-studio, Winhex, any) to perform file recovery. Through the Data Compass, problem drives will become intact hard drives and ready for file recovery attempts..
+
=== MZ, PE/COFF ===
 +
* [http://en.wikipedia.org/wiki/Portable_Executable Wikipedia: Portable Executable]
 +
* [http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx Microsoft PE and COFF Specification]
 +
* [https://googledrive.com/host/0B3fBvzttpiiSd1dKQVU0WGVESlU/Executable%20(EXE)%20file%20format.pdf MZ, PE-COFF executable file format (EXE)], by the [[libexe|libexe project]], October 2011
 +
* [http://seclists.org/fulldisclosure/2013/Oct/157 The Internal of Reloc .text], Full Disclosure Mailing list, October 21, 2013
  
== What can Data Compass do? ==
+
=== DBG, PDB ===
 +
* [http://en.wikipedia.org/wiki/Program_database Wikipedia: Program database]
 +
* [http://www.debuginfo.com/articles/debuginfomatch.html Matching Debug Information], by debuginfo.com
 +
* [http://support.microsoft.com/kb/121366 Description of the .PDB files and of the .DBG files], by [[Microsoft]]
 +
* [http://msdn.microsoft.com/en-us/library/ff553493(v=vs.85).aspx Public and Private Symbols], by [[Microsoft]]
 +
* [http://msdn.microsoft.com/en-us/library/windows/desktop/ms679293(v=vs.85).aspx DbgHelp Structures], by [[Microsoft]]
 +
* [http://web.archive.org/web/20070915060650/http://www.x86.org/ftp/manuals/tools/sym.pdf Internet Archive: Microsoft Symbol and Type Information], by [[Microsoft]]
 +
* [https://code.google.com/p/pdbparse/wiki/StreamDescriptions Stream Descriptions], [https://code.google.com/p/pdbparse/ pdbparse project]
 +
* [https://code.google.com/p/google-breakpad/source/browse/trunk/src/google_breakpad/common/minidump_format.h minidump_format.h]
 +
* [http://moyix.blogspot.ch/2007/10/types-stream.html The Types Stream], by [[Brendan Dolan-Gavitt]], October 4, 2007
  
 +
=== Mach-O ===
 +
* [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O]
  
Data recovery from physically damaged HDDs is what Data Compass designed for.
+
== Tools ==
  
' Data recovery from HDDs with severe multiple BAD sectors, which appear because of platter surface scratch or malfunction or instability of the magnetic head assembly (MHA).
+
=== MZ, PE/COFF ===
 +
* [https://code.google.com/p/pefile/ pefile], multi-platform Python module to read and work with Portable Executable (aka PE) files
  
' Data recovery from HDDs that start to produce "clicking" sounds, which may be caused by corruption of sector servo labels or a MHA malfunction. If some heads or surfaces are damaged it is possible (before installation of MHA replacement) to create a copy of data using the remaining good surfaces or drive heads.
+
=== PDB ===
 
+
* [https://code.google.com/p/pdbparse/ pdbparse], Open-source parser for Microsoft debug symbols (PDB files)
' Availability of tools for logical analysis of FAT and NTFS file systems in the software complex allows data recovery in cases, when a drive is functional and only logical data structure is corrupted.
+
 
+
'When used with malfunctioning drives, Data Compass complex often allows selective extraction of data necessary to your customers without reading all data from a drive ("recover data by file" without creating a complete disk image) saving a lot of time. In some cases, when drive malfunctions cause constant self-damage (like scratches on disks or instable MHA) these are the only means to accomplish this task. With the ShadowDisk technology adopted, users need not to worry about the drive degradation problem.
+
 
+
== Related links ==
+
 
+
[http://www.salvationdata.com Official Webiste]
+
 
+
[http://www.salvationdata.com/downloads/pdf/grow-your-business-with-dc.pdf Data Sheet of Data Compass]
+
 
+
[http://www.salvationdata.com/data-recovery-equipment/data-compass.htm Customer Reviewer]
+
 
+
[http://www.salvationdata.com/blog/category/data-compass-case-studies Case Studies]
+

Revision as of 06:42, 2 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.

There are multiple families of executable files:

  • Scripts; e.g. shell scripts, batch scripts (.bat)
  • DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
  • ELF
  • Mach-O

External Links

MZ, PE/COFF

DBG, PDB

Mach-O

Tools

MZ, PE/COFF

  • pefile, multi-platform Python module to read and work with Portable Executable (aka PE) files

PDB

  • pdbparse, Open-source parser for Microsoft debug symbols (PDB files)