September 24th, 2016, 11:34
Hello,
I'm trying to determine if any software products will allow me to recover thousands of files. Some malware somehow corrupted the files by keeping the filenames the same, but they show as zero bytes in size. If they were simply deleted, I could undelete them, but they do exist, so it doesn't seem like I can do that. I'm not sure what was done to the raw data on disk or which clusters were changed to make the file appear as zero bytes. The damaged happened over an 18 minute period, but due to the number of affected files, I don't think it overwrote all the raw data, because I don't think it would have had time.
Does anyone have any ideas on where I should start and how I might determine if the file contents can still be found on the disk?
I've run the disks through various programs and can look at the hex of the files, but I'm not sure how to file the file chains, etc. Many of the files are images and videos, but some are text files that I know the contents of (since they are standard configuration files) that I could use to verify if the data is still there.
If this is the wrong forum, please direct me to the correct one.
Thanks,
David
December 7th, 2017, 8:35
Hello,
It's strange that you did not get any help. I hope that you've successfully solved this problem since then !
Otherwise, this topic covered a similar case :
viewtopic.php?f=10&t=34957Apparently, running CHKDSK solved the problem in that particular case, but it should be used with great caution, as it's been said and repeated in that topic. Doing a full clone before proceeding is a wise safety measure.
I didn't quite understand what you meant when you wrote that you could “look at the hex of the files” using “various programs” (which ones ?), yet could not actually recover the files.
December 16th, 2017, 18:27
In windows, try shadow copies