Security

OTU - Forensic Analysis Report

date
Apr 8, 2023
slug
data-recovery-forensics
author
status
Public
tags
Docs
Projects
Forensics
summary
A forensics analysis report that was created to display the different use cases and strengths of different data deletion options, and data recovery tools.
type
Post
thumbnail
https://www.easeus.com/images/en/data-recovery/drw-pro/supported-data-loss-cases.png
category
Security
updatedAt
Apr 18, 2023 11:02 PM

INFR 4690: IT Forensics Final Project: Data Recovery Case Study

Instructor: Dr. Amirali Salehi-Abari
Matthew Fernandes
Jordan Grodzinski
Shriji Shah
Ontario Tech University
April 2023

Table of Contents

INFR 4690: IT Forensics Final Project: Data Recovery Case StudyTable of ContentsAbstractIndividual Reports and FindingsCase 1 – Matthew – Basic File DeletionData Recovery ToolsAutopsy:#### Wondershare’s Recoverit:Stellar Data Recovery:Basic File Deletion Case CreationResults/ Strengths and WeaknessesCase 2 – Shriji – Disk FormattingIntroduction to Disk FormattingData Recovery ToolsWindows File RecoveryDisk DrillDisk Format Case CreationCase 3 – Jordan – Disk WipeIntroduction to Disk WipingDisk Wipe Case CreationData Recovery ToolsDisk Drill Data RecoveryTestDisk Data RecoveryRecuvaHands-On Experience and AnalysisCase 1 – Basic File Deletion – Group FindingsAutopsy Results (Matthew)TestDisk Results (Jordan)Disk Drill Results (Shriji)Case 2 – Disk Formatting – Group FindingsAutopsy Results (Matthew)TestDisk Results (Jordan)Disk Drill Results (Shriji)Case 3 – Disk Wipe – Group FindingsAutopsy Results (Matthew)TestDisk Results (Jordan)Disk Drill Results (Shriji)Conclusion and Final AnalysisBibliography

Abstract

We were tasked with comparing the effectiveness of different data wiping techniques to determine which one is the most effective. To achieve this goal, we began by conducting independent research on a wide range of data recovery technologies, evaluating them under various security and usability metrics. Our primary objective was to gain a thorough understanding of each technology's strengths and weaknesses and its practical applications in different scenarios.
Once we had completed our independent reviews, we met as a group to discuss our findings and come to a consensus review of the studied tools. We examined the tools' performance under various criteria, including their ease of use, data recovery success, and security features. This group review process allowed us to gain a comprehensive understanding of each technology's capabilities and limitations, which would prove invaluable in the hands-on experience component of the project.
For the hands-on experience, we each designed an IT Forensic case and challenged our team members to solve the case using one of the studied tools. The cases were designed to cover a range of scenarios, from accidental file deletion to intentional data wiping by a malicious actor. We executed the different data wiping techniques on a secondary device provided by one of the team members, and then attempted to recover the data using applications such as Autopsy.
After completing the hands-on experience, we jointly wrote a report on our group review and recommendations, supported by the cases that we had designed and solved. Our report outlines the strengths and weaknesses of each data removal method and provides recommendations for their practical applications. We believe that our project's findings will be a valuable resource for professionals in the fields of cybersecurity, data protection, and forensics, helping them to make informed decisions about the most appropriate data removal methods for their specific needs.

Individual Reports and Findings

In this section of the project, each team member will provide an in-depth analysis of their assigned data removal method, including the tools used to execute the method, and the creation and execution of their hands-on case study. This section is crucial in providing an individual assessment of the efficacy of the different data wiping techniques studied in the project.
Each team member will describe their assigned data removal method in detail, including an explanation of the specific data wiping technique used, its intended purpose, and its practical applications. They will also provide an overview of the data recovery tools used in their analysis, highlighting their strengths and limitations.
Furthermore, each team member will describe the process of creating their hands-on case study, including the scenario chosen, the tools used to execute the data removal method, and the challenges they encountered. They will also detail the steps taken to recover the data, the tools used, and the outcome of their recovery attempt.

Case 1 – Matthew – Basic File Deletion

When looking at what tools we need for our I.T Forensics final project it’s first important to know what we require our tool to do. Since this is a class project, the first restriction ideally is the tool needs to be free. This tool’s purpose is to recover deleted and altered data on an external storage device, such as a hard drive or USB.  Knowing that the software or technique needs to be free and needs to have the ability to recover data, I did some research and came up with the following. I used [8] as my primary form of research, besides testing the different software.

Data Recovery Tools

Autopsy:

notion image
The first and clear choice that came to mind was Autopsy. Autopsy is a software we have used in labs, and it has worked extremely well. The program meets the requirements of being free and has shown to be very efficient in recovering deleted files and information, plus more.  When comparing it to the other software I’ve tried, I would say the major pro of Autopsy is how in-depth the software is. Most of the other software couldn’t look at metadata or generate reports, so the detail is fantastic in Autopsy. The only con I would say is that it’s very slow in making cases and scanning compared to the other options.

#### Wondershare’s Recoverit:

 
notion image
Wondershare’s Recoverit tool was easily one of the best-rated free tools I’ve found online. The tool is very quick at scanning with a very easy user interface that makes it easy to navigate storage devices and recover data efficiently. The software doesn’t have many of the tools Autopsy has. There are no details on the files such as metadata and without buying the pro version I cannot recover the file, although I can see it. It may just be good enough for our project since we can see whether it can recover the file or not, which is all we need. The application does also have file types for emails and other attributes, which other applications did not have. I would say Autopsy is still a much better tool to use despite its pros.

Stellar Data Recovery:

notion image
Stellar Data Recovery was another top-rated tool for I.T. forensic data recovery.  The software has very similar pros as Wondershare’s Recoverit as it is again very fast and has a very good GUI making it extremely user-friendly. Yet again, we can see the files but cannot recover files without purchase, which should be okay for this project. It is again very limited when it comes to what it can do and cannot make reports or look at metadata like Autopsy, which makes it not preferred in comparison. Another con is that the software can only be used for 1 GB of data. I still believe it is better than Wondershare’s Recoverit because although we cannot recover the data, we can preview its content, making it much more useful for the project in the sense of proving the file is recoverable.

Basic File Deletion Case Creation

notion image
Basic file deletion is exactly as it sounds. Using our external drives, I used a USB, I first created a file then simply right-clicked and pressed delete. This is a method used by many users and many people who don’t have a tech background, they believe once a file is deleted and the trash bin is emptied the file is permanently gone, but how true is this?

Results/ Strengths and Weaknesses

For the results, basic file deletion was recovered by every method. Yet, this does not mean that file deletion is an obsolete method of file deletion. Going over the pros and cons of file deletion, the following can be said. The main con of file deletion is that it is extremely easy to recover a file. Although this con exists, file deletion has two major pros. Firstly it is very fast to do, deleting files takes two seconds, all you need to do is highlight your files right click and press delete. The second pro is that this deletion method is very simple, making it very user-friendly as almost everyone who uses a computer can do this.
Taking the pros and cons into account, in what scenario would it be recommended to use this method? The scenario in which the user should use this method must meet the following criteria. Firstly, the sensitivity of the file must be very low to the person or organization. This means that the user or organization must not have important information on the deleted data. Ultimately, the person or organization does not care if the file is ever recovered in the future. Secondly, the organization or person must want to get the task done in a fast manner. With this being considered, it is acceptable to use basic file deletion for the following reasons. To quickly clean up space on a device, to remove information that isn’t sensitive to an asset, and to give a small barricade to those who are not tech efficient enough to recover the files, etc. This method should be used in very basic scenarios and should not be used to try and permanently delete important or personal data.

Case 2 – Shriji – Disk Formatting

Introduction to Disk Formatting

If you're unfamiliar with the term, disk formatting is a crucial process that sets up a storage device like a hard drive or USB flash drive for use. To make sure that the device can store data and the operating system can access it, the storage space is divided into logical sections, and a file system is created.
Now, let's dive into the two main types of disk formatting: quick format and full format. A quick format gets rid of the file system and directory structure on the disk, but doesn't check for bad sectors or perform a surface scan of the disk. It's a speedy process that's usually done when you want to erase data and start fresh on a device that's already been formatted before.
On the other hand, a full format is a more thorough process that wipes the disk and checks for bad sectors and performs a surface scan. It takes a bit more time, but it's recommended for new disks or disks that have had issues in the past. By identifying and marking bad sectors, the operating system can avoid writing data to those areas, preventing data loss and disk errors.
To summarize, disk formatting is the process of preparing a storage device for use. There are two main types of formatting: quick format and full format. A quick format erases the file system and directory structure on the disk, while a full format performs a more thorough erasure and checks for bad sectors and performs a surface scan of the disk. So, make sure to choose the right type of formatting depending on your needs and the condition of your device.

Data Recovery Tools

As my perspective and scenario assessment for this research was to see what the easiest way for someone to recover data would be. I decided one of the most popular of GUI data recovery tools for the task, which were Windows File Recovery and  Disk Drill.

Windows File Recovery

Windows File Recovery is a command-line tool developed by Microsoft that enables users to recover lost or deleted files from local storage devices, including internal and external hard drives, USB drives, and memory cards. The tool is designed to be used on Windows 10 and later versions of the operating system.
Windows File Recovery supports three different recovery modes: default mode, segment mode, and signature mode. Default mode uses the Master File Table (MFT) to locate lost files, segment mode searches for specific file types within a specified location, and signature mode searches for specific file types across the entire storage device.
The tool supports a variety of file types, including JPEG, PDF, PNG, MPEG, and MP3, among others. It also supports different file systems, including NTFS, FAT, and exFAT.
Windows File Recovery can be accessed via the command prompt or Windows PowerShell. To use the tool, users need to have administrative privileges and follow the instructions provided by the tool's documentation.
notion image
Strengths:
  • Supports different file types and file systems, making it versatile in terms of file recovery.
  • Offers three different recovery modes, allowing users to recover lost files in a variety of scenarios.
  • Its usage of the command-line interface provides advanced users with greater control and flexibility in using the tool.
  • It comes with built-in documentation, making it easier for users to understand and use the tool effectively.
  • Developed and maintained by Microsoft, providing a sense of reliability and trustworthiness.
Weaknesses:
  • Command-line interface can be challenging for users who are not familiar with using the command prompt or PowerShell.
  • It does not have a graphical user interface, which may be less intuitive for some users.
  • Only available on Windows 10 and later versions of the operating system, limiting its availability to older versions of Windows.
  • Recovery success may vary depending on the extent of file damage or corruption.
  • Cannot recover files that have been overwritten by other data.

Disk Drill

Disk Drill is a powerful data recovery tool designed to help users recover lost or deleted data from a variety of storage devices. It is a popular choice for individuals and businesses alike, due to its ease of use, advanced scanning algorithms, and additional features.
One of the key features of Disk Drill is its ability to recover data from a wide range of storage devices, including hard drives, USB drives, memory cards, and more. This makes it a versatile tool that can be used to recover data from a variety of devices, which can be especially useful in situations where data loss has occurred due to accidental deletion, formatting, virus attacks, or other issues.
To use Disk Drill, users simply need to download and install the software on their computer. Once installed, they can launch the program and select the storage device that they wish to scan for recoverable data. The program will then begin scanning the device, searching for deleted or lost files.
Disk Drill uses advanced scanning algorithms to search for recoverable data, including Quick Scan and Deep Scan. Quick Scan is a fast and efficient scanning method that is ideal for recovering recently deleted files, while Deep Scan is a more thorough scanning method that is designed to recover data that has been lost for a longer period of time, or in more complex data loss situations.
In addition to its data recovery capabilities, Disk Drill also offers several additional features that can help users protect their data and keep their storage devices in good condition. For example, the software includes a feature called Recovery Vault, which provides an extra layer of protection by keeping a backup copy of deleted files. This can help users to recover files more quickly and easily if they are accidentally deleted in the future.
Disk Drill also includes a disk health monitoring feature, which can help users to identify potential issues with their storage devices before they become more serious. This feature provides detailed information about the health of the device, including its temperature, read and write speed, and other important metrics. This can help users to identify potential problems early on, and take steps to address them before they lead to data loss.
Another useful feature of Disk Drill is its duplicate file finder, which can help users to identify and delete duplicate files that are taking up unnecessary space on their storage devices. This can help to free up space on the device, and improve its overall performance.
In conclusion, Disk Drill is a powerful data recovery tool that offers a wide range of features designed to help users recover lost or deleted data, protect their data, and keep their storage devices in good condition. Its advanced scanning algorithms, additional features, and ease of use make it a popular choice for individuals and businesses alike. While no data recovery tool can guarantee a 100% recovery rate, Disk Drill offers a reliable and effective solution for recovering lost or deleted data in a variety of data loss situations.
Strengths:
  • It supports various file systems such as NTFS, FAT, exFAT, HFS+ and APFS, making it versatile in terms of file recovery.
  • Offers various recovery methods and techniques, including Quick and Deep Scans, Lost Partition Search, and Scan for Lost HFS+ Partition, among others.
  • It has a user-friendly graphical user interface, making it easy to use even for non-technical users.
  • Can preview recoverable files before actually recovering them, allowing users to select only the files they need.
  • Available on multiple platforms, including Windows and macOS, making it accessible to a wider range of users.
  • Offers additional features, such as backup image creation, duplicate file finder, and data protection capabilities.
Weaknesses:
  • The free version has limitations, including a maximum recovery size of 500MB and the inability to save scan results.
  • Recovery speed can be slow, particularly for deep scans or large storage devices.
  • Certain features, such as the ability to recover lost partitions, are only available in the paid version.
  • Some users have reported issues with false positive recoveries, where the tool recovers files that were not actually lost or deleted.
  • The recovery success rate may vary depending on the extent of file damage or corruption.

Disk Format Case Creation

To format my device, I repurposed an old USB drive. I simply plugged it into my computer's USB port and opened File Explorer. From there, I located the drive and right-clicked on it to bring up the formatting options, utilizing Windows' built-in reformatting features.
notion image
Since this project focuses on data recovery, I decided to format the way that most casual users would – with speed and simplicity in mind. Therefore, I chose the default option of a quick format, which is what most casual users tend to prefer.

Case 3 – Jordan – Disk Wipe

Introduction to Disk Wiping

Overwriting data or data wiping is the process of writing new data overtop of existing data and replacing it in the storage device. The data that is written to the storage device is done so according to a set pattern. Some of these patterns will be discussed later during a discussion on the popular data wiping utility Disk Wipe. In order to guarantee security, it is advisable to perform the overwrite process several times; one often must balance time and security, so discretion must be used when determining the exact number of wipes required. Once the overwrite has been performed it can be verified by checking for the chosen pattern in the data. Overwriting is often an effective way of destroying data, but like anything else it also has certain drawbacks. There are two main drawbacks with overwriting, the time it can require, and it is not completely effective on damaged drives. Depending on a few factors such as, the size of the volume and the number of overwrites required the process can take a long time to complete. As mentioned prior, the process can be ineffective on drives with physical damage and/or bad sectors. The overwrite can not be performed on these areas leaving the data vulnerable in that case. Next the Disk Wipe utility and the erasure patterns it can utilize will be discussed.
Disk wipe is a portable freeware application for Windows systems. It is being highlighted as being freeware it is a very popular option for both individuals and organizations. For this reason, it will be highlighted in a case study later on in the paper. In addition to being free Disk Wipe works on portable memory devices and supports a variety of data overwriting algorithms such as:
  • Depart of Defence (DoD 5220.22-M)
  • GOST R 50739.95
  • Gutmann
  • HMG IS5
  • Random Data
  • Write Zero
Many of these algorithms are designed for older storage devices, so they will often write random data to newer devices, since some of the patterns are no longer supported. Therefore, it is important to consider the amount of passes each algorithm performs and how sensitive the data on the device is. Random Data and Write Zero are implemented in Disk Wipe to only perform a single pass. They are sufficient for quickly removing data from a storage device that did not contain any confidential information. The Russian GOST algorithm is another quick wiping method, however GOST performs a second pass. HMG IS5 seems to be a good balanced option for data destruction. Disk Wipe implements HMG IS5 Enhanced which performs 3 passes. It is rated as a slow algorithm; however, it also includes verification in the third pass. The algorithm typically works by writing a 0 on the first pass, followed by a 1 on the second pass, and on the third pass it writes a random character and then performs verification of the write. Disk Wipe features 2 implementations of DoD 5220.22-M, one that performs 3 passes, E, and one that performs 7 passes, ECE. DoD shares problems with another algorithm Guttman, which performs 35 passes. Those 3 are the slowest algorithms available in Disk Wipe. They also are designed for old style storage devices and will often perform randomized data writing, instead of following the implemented patterns. After assessing the various algorithms, HMG IS5 was chosen for a case study on data overwriting. This is because it seems to be a balanced option when compared to the other algorithms. It reaches an equilibrium point between security and time, as well as featuring write verification on the final pass.

Disk Wipe Case Creation

Before moving onto the case study, how to use Disk Wipe will be briefly explained.
Operating Disk Wipe is a simple matter; it is a portable application meaning it is ready to use as soon as it is downloaded. From there simply select the storage device and press ‘Wipe Disk’.
notion image
Then a pop-up window will appear and prompt the user to select the file system the device is using. Once the file system is chosen, the user sets the erasure pattern used by Disk Wipe.
notion image
notion image
After completing these configuration steps, the user will be prompted to enter ‘ERASE ALL’ into a dialog box. Upon entering this and clicking finish, the overwrite process will begin.
notion image
Now that the overwriting and the usage of Disk Wipe has been detailed, there will be a case study based on the previous material.

Data Recovery Tools

Disk Drill Data Recovery

notion image
Disk Drill is a data recovery tool with a variety of features. It has a free version that is limited in that it only allows for 500 MB of data recovery. However, the free version does feature Recovery Vault, which is an extension of recycle bin. It keeps a backup reference to the location of deleted files for easy recovery. It has another layer of data loss prevention known as Guaranteed Recovery, a function which keeps a copy of each file that was put in a specific folder, such as the Recycle Bin folder. The pro and enterprise versions of Disk Drill also feature support for all current recovery methods and unlimited recovery. All versions of Disk Drill allow for the creation of image files that can allow the user to perform a cold analysis, preventing the corruption of the data in the volume. It is a powerful and versatile software. Disk Drill can be suitable for this project if the case studies do not feature a large volume of data that needs to be recovered. If a large amount of data needs to be recovered, Disk Drill will be ruled out, as the ~$130 price of the pro version makes it unfeasible for a school project.

TestDisk Data Recovery

notion image
TestDisk is a freeware command-line application for performing partition recoveries. It can recover partitions, boot sectors, and file tables. It also supports numerous file systems and operating systems. The file systems and partition types it can work with are FAT, FAT12, FAT16, FAT32, NTFS, MFT, ext2, ext3, ext4, and exFAT. The operating systems it can run on are DOS, Windows XP+, Windows Server 2003+, Linux distributions, BSD distributions, SunOS, and MacOS X. This is not even an exhaustive list of everything it is compatible with there are many more. TestDisk is a powerful and versatile tool supporting a large variety of modern and legacy systems. It is a very useful tool for forensic analysis, as it can be used to attempt to recover partitions on almost any device. It also has a bootable version in case recovery of the primary partition or the boot sector is required. In addition to TestDisk the download comes along with PhotoRec, a program with a similar interface, which is used for file carving. It is included in case a partition cannot be recovered normally.

Recuva

notion image
Recuva is a freemium file recovery software, it is free software which can have its functionality improved with the purchase of a commercial license. It supports a variety of storage devices HDDs/SSDs, flash drives, memory cards, mobile devices with integrated storage such as mp3 players, and other storage devices that utilize a FAT or NTFS file system. Recuva’s free version allows for unlimited data recovery, unlike Disk Drill. It is available in both portable and installable formats. It also features a deep scan that allows it to search for hidden files. It also has a built-in overwrite function to allow for permanent deletion of files. Recuva provides the basic functionality needed in a free file recovery tool. However, it is limited to file recovery. Recuva cannot perform partition recovery and would be limited in its forensic capabilities. It could be part of a toolkit, but it would not be an all-in-one tool for data recovery.

Hands-On Experience and Analysis

The Hands-On Experience and Analysis section of this project is a crucial component that provides an opportunity for team members to apply their knowledge and understanding of different data wiping techniques and recovery tools in a real-world scenario. In this section, each team member will attempt to use whatever methods to recover deleted data that was done in the individual reports section.
Our group did come up with a consensus for each tool used and decided that we would use the following tools for each person.
  • Matt – Autopsy
  • Jordan – TestDisk
  • Shriji – Disk Drill

Case 1 – Basic File Deletion – Group Findings

Autopsy Results (Matthew)

notion image
Complete Recovery Success

TestDisk Results (Jordan)

notion image
notion image
notion image
The recovered files.
Complete Recovery Success

Disk Drill Results (Shriji)

notion image
Complete Recovery Success

Case 2 – Disk Formatting – Group Findings

Autopsy Results (Matthew)

notion image
Complete Recovery Success

TestDisk Results (Jordan)

Photorec was used for this case, it is included with the download for TestDisk and performs file carving.
notion image
notion image
notion image
The recovered directory and the targeted file.
Complete Recovery Success

Disk Drill Results (Shriji)

notion image
Complete Recovery Success

Case 3 – Disk Wipe – Group Findings

Autopsy Results (Matthew)

notion image
Recovery Results Unsuccessful.

TestDisk Results (Jordan)

notion image
TestDisk recovered nothing $diskwipe is a hidden directory containing nothing.
notion image
File carving using Photorec was unsuccessful as well.
Recovery Results Unsuccessful.

Disk Drill Results (Shriji)

notion image
Recovery Results Unsuccessful.

Conclusion and Final Analysis

In conclusion, our team conducted a series of tests using different data recovery and wiping tools to analyze the effectiveness of each. We tested each tool on three different cases: basic file deletion, disk formatting, and disk wiping.
For the basic file deletion and disk formatting cases, all three tools were successful in recovering the deleted files. However, when it came to disk wiping, of the eslected programs we ran, none succeeeded in data recovery.
These results suggest that TestDisk may be the most effective tool for data recovery in situations where a disk has been formatted but not wiped. However, none of the tools were able to recover data from a wiped disk. It is important to note that data recovery tools should not be solely relied upon for the complete and secure deletion of data. Data should be properly wiped using specialized software or hardware designed for that purpose.
After conducting hands-on testing with three different data recovery tools, Autopsy, TestDisk, and Disk Drill, we came to the conclusion that each tool has its own unique strengths and limitations. Autopsy proved to be the most effective in recovering data from a basic file deletion, while TestDisk was successful in recovering data from a formatted disk. However, when it came to a wiped disk, none of the tools were able to recover any data.
Overall, it is important to consider the specific situation when selecting a data recovery tool. Autopsy is a good choice for general file recovery, while TestDisk is more effective for partition recovery. Disk Drill, while limited in its forensic capabilities, provides a basic and user-friendly tool for file recovery.
It is indispensable to have a diverse toolkit of data recovery tools to ensure the best possible chance of success in any given scenario.

Bibliography

[1]. BasisTech. (n.d.). Autopsy Version (4.20.0). https://www.autopsy.com/. Retrieved April 8, 2023, from https://www.autopsy.com/.
[2]. Cgsecurity. (n.d.). PhotoRecVersion (7.1). https://www.cgsecurity.org/. Retrieved April 8, 2023, from https://www.cgsecurity.org/wiki/PhotoRec.
[3]. Cgsecurity. (n.d.). TestDiskVersion (7.1). https://www.cgsecurity.org/. Retrieved April 8, 2023, from https://www.cgsecurity.org/wiki/TestDisk.
[4]. CleverFiles. (n.d.). Disk Drill. https://www.cleverfiles.com/. computer software. Retrieved April 8, 2023, from https://www.cleverfiles.com/data-recovery-software.html.
[6]. Disk Wipe. (n.d.). Version (1.7). https://www.diskwipe.org/. Retrieved April 8, 2023, from https://www.diskwipe.org/.
[6]. Microsoft . (n.d.). Microsoft. Microsoft Support. Retrieved April 8, 2023, from https://support.microsoft.com/en-us/windows/recover-lost-files-on-windows-10-61f5b28a-f5b8-3cc2-0f8e-a63cb4e1d4c4
[7]. Piriform Software. (n.d.). RecuvaVersion (1.53.2083). https://www.ccleaner.com/. Retrieved April 8, 2023, from https://www.ccleaner.com/recuva.
[8]. Stellar. (n.d.). Stellar Data RecoveryVersion (11.0). https://www.stellarinfo.com/. Retrieved April 8, 2023, from https://www.stellarinfo.com/.
[9]. Wondershare. (n.d.). Free Windows 10 Data Recovery Software. https://recoverit.wondershare.com/. Retrieved April 8, 2023, from https://recoverit.wondershare.com/free-data-recovery/free-windows-10-data-recovery-software.html
[10]. Wondershare. (n.d.). Recoverit Data Recovery. https://recoverit.wondershare.com/. computer software. Retrieved April 8, 2023, from https://recoverit.wondershare.com/