Can i "undelete" my files?

Recently i did a simple survey among my friends, asking them whether files/data deleted from the computer can be recovered? Most of them (including non-IT profession) knows that it is possible to recover deleted data. They claim that they got to know about it from the "Edison" incident.

But there are still one or two of them unaware that deleted data may still be recoverable (including a IT application analyst with many years of working experience). So i decided to write this post to share some of my knowledge on "file deletion/recovery" (known as Data remanence).

Most Computer system (Operating System, e.g Windows) do not actually remove the contents of a file when it is deleted. Instead, they simply remove the file's entry from the file system directory. The data of the file remains on the storage medium (harddisk, flashdrive, floppy or etc). The data will remain there until the operating system reuses the space for new data. Nowadays with very large harddisk in our system, the space may not even reuse.

Several questions were asked by them during the survey such as "How can we recover those deleted files ?", "Any recommended free tools ?" and "Any ways to delete the files permenantly ?". So below were my answers to those questions.

File Recovery Tools
There are many file recovery tools available in the Internet, some are free and others require license ($$$). I have found 2 Windows-based "freeware" tools (PC Inspector File Recovery and Recuva) to share with you all. PC Inspector File Recovery have better features and personally recommended for IT users, whereas Recuva will be more simple and user friendly.

CONVAR PC Inspector™ File Recovery 4.x - a data recovery program that supports the FAT 12/16/32 and NTFS file systems. Some "special" features -
> Finds partitions automatically, even if the boot sector or FAT has been erased or damaged
> Recovers files with the original time and date stamp
> Supports the saving of recovered files on network drives
> Recovers files, even when a header entry is no longer available

Piriform Recuva - a Windows utility to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. It will even bring back files that have been deleted by bugs, crashes and viruses!

Secure Deletion
To permenantly delete your data/files, you will need to do secure deletion (or data sanitization). I have talk about this in my previous posting "What is data sanitization? - on April 6 2008". Please refer to this posting to learn more about secure deletion and the tools that i recommended.

Related Posts:
- Edison Chan Sex Scandal. Lesson to be learned! - on February 17, 2008
- What is data sanitization? - on April 6 2008

W01f Quiz

Finally my first Trojan horse was born. I always wanted to write a simple Trojan to demostrate how vulnerable our PC can be. Nowadays, malware can easily compromise your system via Podslurping, Games/MP3 downloaded from Internet or a simple game (like this Torjan that i have written). Many people have the misconception that by having an updated Anti-Virus, it will protect them from all the malware.

This Trojan, W01f Quiz, is written in VBscript. I made used of some basic method from malware in this program such as
- Change of Registry
- Adding of "malicious" file in to system folder
- Set hidden file
- Trick victim with a game

It is basically written for educational purpose. To educate users to beware of programs (such as games, MP3) that were downloaded or passes around by friends. This Trojan is not malicious and will not cause any hurt to your system. You should try it and also pass around to your friends and colleagues. It consist of an interesting quiz game. You can help to educate your friends after they start to see the pop up. There is also a removal tool available for you to cleanly remove it.

Click at the file - W01fQuiz-0.1.zip to download the Trojan (MD5:047CE91054176C361A049E8495A63E96)

Trojan Removal and Protection
For those have been "infected" by my Trojan, you will see a "Trojan Alert" pop-up shown below.

If you see the above pop up, it means that your system is not properly secure. To protect your system against simple malware (like this one), do the following:
- Restrict Registry access
- Proper user access control (especially on the System folder)
- Properly harden your Windows (based on the common best practise such as Centre of Internet Security's Standards)

To properly remove this Trojan from your system, simply download the removal tool below. Please run this tool before you harden your system.

Click at the file - W01fQuiz_removal-0.1.zip to download the removal tool (MD5:5C18581BE8BE6ED79F696DDE9DF0B50E)

What is Web 2.0??

Many people like me have heard about Web 2.0 somewhere but not really know what it actually is? Is it a new web programming language or a version number of a program?
I got to know more about it after a recent seminar on Web security.

Web 2.0 is actual a concept that uses Internet technology and Web design to enhance creativity, information sharing and collaboration among users.
Web 2.0 technologies enable Web architectures greater access to data and functions. Web 2.0 applications should not be understood as a new technology, but a new use of old technologies.

Web 2.0 websites allow users to do more than just retrieve information. They can build on the interactive facilities of "Web 1.0" to provide "Network as platform" computing, allowing users to run software-applications entirely through a browser. Users can own the data on a Web 2.0 site and exercise control over that data. These sites may have an "Architecture of participation" that encourages users to add value to the application as they use it. This stands in contrast to very old traditional websites, the sort which limited visitors to viewing and whose content only the site's owner could modify. Web 2.0 sites often feature a rich, user-friendly interface.

Some misconception that Web 2.0 is AJAX because many Web 2.0 sites rely heavily on AJAX. But there are many technologies that supports Web 2.0, to list afew:
- AJAX (Asynchonous Javascript and XML)
- XML (eXtensible Markup Language)
- JSON (JavaScript Object Notation)
- SOAP (Simple Object Access Protocol)
- WSDL (Web Services Description Language)
- RSS/Atom feeds
- Flash, ActiveX

Web 2.0 have led to the development and evolution of web-based communities and hosted services, such as Google, Linkin, MySpace to name afew.

What The Bug ??

Microsoft has released a Security Advisory to address public reports of the Microsoft Windows Server Update Services (WSUS) failing to properly deploy updates within certain environments. Environments that rely on this service for updates may be unable to deploy updates to client systems, some of which may be security related.

This issue prevents the distribution of any updates deployed through Microsoft WSUS 3.0 or Microsoft WSUS 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment.

Currently there is not solution but Microsoft have provided a workaround that require manual removal of duplicate entry in catalog that causing the sync failure. For more details on this issue and the workaround steps, please refer to the Microsoft Security Advisory.

Related Report:
- Microsoft Security Advisory (954960), Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates