handbook/tools/Others/Hardware/HardDrive/Data-Retrievement.md


## Information

Make sure to clone the harddrive before doing any forensic !!!
	Video ---> https://www.makeuseof.com/tag/2-methods-to-clone-your-linux-hard-drive/ & https://www.youtube.com/watch?v=cCNzl2x5Gdk

To retrieve information on a harddrive, there is 2 possibility

- Retrievement of lost partition (Autopsy [Tool]([[Red Team/Others/Hardware/HardDrive/Tools]]))
	- Trying to find the whole partition (Arboressence (tree) and file name))

- File Carving (GHex (view) & Photorec (Find Docs) [Tool]([[Red Team/Others/Hardware/HardDrive/Tools]]))
	- Scanning all the hexadecimal of the drive and search for documents (with finguer print)
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Information`

			`Make sure to clone the harddrive before doing any forensic !!!`
			`Video ---> https://www.makeuseof.com/tag/2-methods-to-clone-your-linux-hard-drive/ & https://www.youtube.com/watch?v=cCNzl2x5Gdk`

			`To retrieve information on a harddrive, there is 2 possibility`

			`- Retrievement of lost partition (Autopsy [Tool]([[Red Team/Others/Hardware/HardDrive/Tools]]))`
			`- Trying to find the whole partition (Arboressence (tree) and file name))`

			`- File Carving (GHex (view) & Photorec (Find Docs) [Tool]([[Red Team/Others/Hardware/HardDrive/Tools]]))`
			`- Scanning all the hexadecimal of the drive and search for documents (with finguer print)`