ADVERTISEMENT

Recovering deleted files: digital forensics for the everyday person

I believe the everyday person should know how to recover deleted files or messages. That way, you don’t have to hire someone or say goodbye to important or sentimental data.

Digital forensics

Image by Cybernews.

Jesse William McGraw
Jesse William McGraw Contributor
Nov 3, 2024 Updated: 13 June 2025 3 min read
jurgita Ernestas Naprys Jesse William McGraw Niamh Ancell BW
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.

Extracting hidden secrets with Autopsy

Autopsy
ADVERTISEMENT
  • Cross-platform: meaning compatibility with Windows, Linux, and OS X.
  • Artifact extraction: allows exhumation of history, cached images and videos, metadata, documents, call logs, messages from various apps, cookies, web bookmarks, downloads, etc.
  • File carving: allows recovery of fragmented or deleted files by identifying file headers and footers, regardless of whether directory entries are missing.
  • Timeline analysis: provides a timeline feature for visualizing file creation, access, and timestamps when a file was modified. This is a vital feature when trying to understand the chronological sequence of events, especially in cases involving cheating spouses.
  • Metadata extraction: functions within the app can extract metadata from files, yielding useful information such as creation dates, modification timestamps, and user history.
  • Team collaboration: allows multi-users for simultaneous case collaboration.
  • Generate custom reports: Autopsy can generate customized, detailed reports in HTML, PDF, and Excel format based on the needed criteria.
  • Hashing and signature matching: used for checking file integrity and identifying known files by comparing them against hash databases, which can help flag malicious files or modified apps.
  • Examining network activity: by analyzing network logs from firewalls or intrusion detection systems (IDS) can allow users to perform intrusion detection by identifying suspicious TCP/IP connections or data exfiltration attempts.
Hash set

Android and iOS data recovery

  • Create the disk image: the best, free way for users who want to create a logical backup of an Android device is simply to download ADB (Android Debug Bridge) on your computer. This is included in SDK Platform tools. Download the latest build and unzip the archive.
  • Enable Developer Options on Android: to do this, go to Settings> About Phone and tap on the Build number seven times in order to enable Developer Options. For Samsung users, Settings> About Phone> Software information> Build Number.
Settings for forensics
  • Connect the Android device using a USB cable: ensure that it’s recognized by your computer.
  • Check device connectivity: by navigating to the unzipped folder, right-clicking anywhere in the folder (in Windows), and then clicking on ‘Open in Terminal.’
  • Enter the command ./adb devices: to list the device’s serial number.
  • Create a logical backup: or mirror image by typing ./adb backup -all -f backup.ab
  • Open the backup with Autopsy: by selecting the Data Source Type> Disk Image or VM File. You will be prompted to browse to the backup file you just created using adb and the rest is history.
Data source

Simpler mobile forensics for the layperson

ADVERTISEMENT