1
0
wiki/Personal/Blog/2020/数据恢复杂谈.html

60 lines
444 KiB
HTML
Raw Normal View History

2024-09-06 10:58:26 +08:00
<!DOCTYPE html>
<html lang="zh"><head><title>数据恢复杂谈</title><meta charset="utf-8"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com"/><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=IBM Plex Mono&amp;family=Noto Serif Simplified Chinese:wght@400;700&amp;family=Source Sans Pro:ital,wght@0,400;0,600;1,400;1,600&amp;display=swap"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta property="og:title" content="数据恢复杂谈"/><meta property="og:description" content="一次数据恢复经历,他帮助一位公务人员恢复了执法记录仪中的视频文件。文章介绍了数据恢复的基本常识,包括物理损坏和逻辑损坏,以及恢复方式。作者详细描述了文件修复的过程,包括使用数据恢复软件、视频修复工具等。最后,他提到了数据销毁的问题,强调了数据的重要性。."/><meta property="og:image" content="https://wiki.7wate.com/static/og-image.png"/><meta property="og:width" content="1200"/><meta property="og:height" content="675"/><link rel="icon" href="../../../static/icon.png"/><meta name="description" content="一次数据恢复经历,他帮助一位公务人员恢复了执法记录仪中的视频文件。文章介绍了数据恢复的基本常识,包括物理损坏和逻辑损坏,以及恢复方式。作者详细描述了文件修复的过程,包括使用数据恢复软件、视频修复工具等。最后,他提到了数据销毁的问题,强调了数据的重要性。."/><meta name="generator" content="Quartz"/><link href="../../../index.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.16.9/katex.min.css" rel="stylesheet" type="text/css" spa-preserve/><script src="../../../prescript.js" type="application/javascript" spa-preserve></script><script type="application/javascript" spa-preserve>const fetchData = fetch("../../../static/contentIndex.json").then(data => data.json())</script></head><body data-slug="Personal/Blog/2020/数据恢复杂谈"><div id="quartz-root" class="page"><div id="quartz-body"><div class="left sidebar"><h2 class="page-title"><a href="../../..">🪴 X·Eden</a></h2><div class="spacer mobile-only"></div><div class="search"><button class="search-button" id="search-button"><p>搜索</p><svg role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.9 19.7"><title>Search</title><g class="search-path" fill="none"><path stroke-linecap="square" d="M18.5 18.3l-5.4-5.4"></path><circle cx="8" cy="8" r="7"></circle></g></svg></button><div id="search-container"><div id="search-space"><input autocomplete="off" id="search-bar" name="search" type="text" aria-label="搜索些什么" placeholder="搜索些什么"/><div id="search-layout" data-preview="true"></div></div></div></div><button class="darkmode" id="darkmode"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="dayIcon" x="0px" y="0px" viewBox="0 0 35 35" style="enable-background:new 0 0 35 35" xml:space="preserve" aria-label="暗色模式"><title>暗色模式</title><path d="M6,17.5C6,16.672,5.328,16,4.5,16h-3C0.672,16,0,16.672,0,17.5 S0.672,19,1.5,19h3C5.328,19,6,18.328,6,17.5z M7.5,26c-0.414,0-0.789,0.168-1.061,0.439l-2,2C4.168,28.711,4,29.086,4,29.5 C4,30.328,4.671,31,5.5,31c0.414,0,0.789-0.168,1.06-0.44l2-2C8.832,28.289,9,27.914,9,27.5C9,26.672,8.329,26,7.5,26z M17.5,6 C18.329,6,19,5.328,19,4.5v-3C19,0.672,18.329,0,17.5,0S16,0.672,16,1.5v3C16,5.328,16.671,6,17.5,6z M27.5,9 c0.414,0,0.789-0.168,1.06-0.439l2-2C30.832,6.289,31,5.914,31,5.5C31,4.672,30.329,4,29.5,4c-0.414,0-0.789,0.168-1.061,0.44 l-2,2C26.168,6.711,26,7.086,26,7.5C26,8.328,26.671,9,27.5,9z M6.439,8.561C6.711,8.832,7.086,9,7.5,9C8.328,9,9,8.328,9,7.5 c0-0.414-0.168-0.789-0.439-1.061l-2-2C6.289,4.168,5.914,4,5.5,4C4.672,4,4,4.672,4,5.5c0,0.414,0.168,0.789,0.439,1.06 L6.439,8.561z M33.5,16h-3c-0.828,0-1.5,0.672-1.5,1.5s0.672,1.5,1.5,1.5h3c0.828,0,1.5-0.672,1.5-1.5S
<h2 id="数据恢复基本常识">数据恢复基本常识<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#数据恢复基本常识" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p>首先对于电子文件的损坏,无外乎以下两种损坏的方式。</p>
<h3 id="物理损毁">物理损毁<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#物理损毁" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p>就是指存储电子文件的物理硬件:磁带、磁盘、光盘等损毁,因为物理元件的损毁导致文件修复难度极大,所及基本上 99% 的物理损毁很难被修复,同时文件的价值也可能不值得我们去修复(物理损毁修复价格及其昂贵)。</p>
<h3 id="逻辑损坏">逻辑损坏<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#逻辑损坏" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p>逻辑损坏有很多种,常见的就是电子文件被删除,覆盖,格式化等。逻辑损坏修复的可能性较大,同时修复的价值相对物理损毁较低,所以大部分的逻辑损坏都是可以尝试修复的,这也是我觉得能恢复上述的原因。</p>
<h3 id="恢复方式">恢复方式<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#恢复方式" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p>大多逻辑损坏可以通过市面上常见的数据恢复软件修复,例如 DiskGenius 就一款专业级的数据恢复软件,同时也不乏其他好用的软件,需要各位自行体验了。</p>
<h2 id="文件修复过程">文件修复过程<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#文件修复过程" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<ol>
<li>执法记录仪是惠普的 DSJ 系列之一,拥有官方的桌面管理工具,通过阅读说明书发现连接记录仪需要禁用驱动程序签名强制,具体操作可以 Google。</li>
<li>连接执法记录仪,登录软件,进入 U 盘模式。</li>
<li>通过使用数据恢复软件,查找到近两年的视频文件。</li>
<li>恢复视频文件,发现视频文件无法打开。</li>
<li>猜测视频文件头可能损坏,使用视频修复工具修复。</li>
<li>文件修复成功,但视频错乱,只修复了部分帧数。</li>
</ol>
<p>首先在成功连接执法记录仪后,便先用了 DiskGenius但发现恢复的是一些无用文件。便找到了另外一款该软件成功恢复了视频文件的目录所以我觉得还是挺有希望的。26G 的视频恢复了一个多小时,但是恢复之后只有几个视频文件可以打开。</p>
<p>这个时候心凉了一半,觉得可能要出糗了。但是根据我多年的行业经验和直觉,我觉的还有救。使用十六进制编辑工具打开视频,果不其然有救。至于为什么有救,因为我之前逆向研究过 GIF 的文件格式,所以我猜测,文件头可能是损坏的,但是视频的部分帧数可能还没有被覆盖。但是现在去哪里找一个这样的工具,总不能现成写一个吧。</p>
<p>不过还真就找到了这样的一个工具Video Repair Tool通过它我成功的修复了部分未覆盖的视频帧数 。后来还是没能帮上忙,执法视频文件在 1 月 17 日,我只找回来到 1 月 31 日的部分视频文件。</p>
<h2 id="杂谈">杂谈<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#杂谈" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p>简单的描述了一下这次的文件恢复,其实我没有这项技能的。只是凭借多年的行业经验和直觉,我才揽下这个小 case 的。</p>
<p>后来 Google 了一下,看到了挺多对数据恢复和销毁的观点。这里我也简单谈一下自己的看法,欢迎各位交流。</p>
<p>对于销毁文件,因为电子文件是被人为的创造出来的,所以它不存在销毁的决无踪迹。但是你可以销毁它存在的记录,使其恢复的成本提高。为什么要这样说,因为毕竟猴子算法都存在可能性,所以任何文件都有被修复或创造范本的可能性存在。</p>
<p>但是如何提高文件的恢复成本,网上有很多种说法:全覆盖 35 次0 填充一次,扔进火堆哈哈。我认为在不损害物理硬件的前提下,理论上三次全覆盖擦写,找回的可能性就如同猴子算法的平均时间复杂度一样 O(n × n!)。</p>
<p>希望大家多了解一下相关的知识,务必不要让自己的文件损毁。我之前一块 2T 移动硬盘坏掉了给我心疼的,心疼着心疼着我还是没想起来里面到底存了啥哈哈哈。</p>
<blockquote>
<p>硬盘有价、数据无价!</p>
</blockquote></article><hr/><div class="page-footer"></div></div><div class="right sidebar"><div class="graph"><h3>关系图谱</h3><div class="graph-outer"><div id="graph-container" data-cfg="{&quot;drag&quot;:true,&quot;zoom&quot;:true,&quot;depth&quot;:1,&quot;scale&quot;:1.1,&quot;repelForce&quot;:0.5,&quot;centerForce&quot;:0.3,&quot;linkDistance&quot;:30,&quot;fontSize&quot;:0.6,&quot;opacityScale&quot;:1,&quot;showTags&quot;:true,&quot;removeTags&quot;:[],&quot;focusOnHover&quot;:false}"></div><button id="global-graph-icon" aria-label="Global Graph"><svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 55 55" fill="currentColor" xml:space="preserve"><path d="M49,0c-3.309,0-6,2.691-6,6c0,1.035,0.263,2.009,0.726,2.86l-9.829,9.829C32.542,17.634,30.846,17,29,17
s-3.542,0.634-4.898,1.688l-7.669-7.669C16.785,10.424,17,9.74,17,9c0-2.206-1.794-4-4-4S9,6.794,9,9s1.794,4,4,4
c0.74,0,1.424-0.215,2.019-0.567l7.669,7.669C21.634,21.458,21,23.154,21,25s0.634,3.542,1.688,4.897L10.024,42.562
C8.958,41.595,7.549,41,6,41c-3.309,0-6,2.691-6,6s2.691,6,6,6s6-2.691,6-6c0-1.035-0.263-2.009-0.726-2.86l12.829-12.829
c1.106,0.86,2.44,1.436,3.898,1.619v10.16c-2.833,0.478-5,2.942-5,5.91c0,3.309,2.691,6,6,6s6-2.691,6-6c0-2.967-2.167-5.431-5-5.91
v-10.16c1.458-0.183,2.792-0.759,3.898-1.619l7.669,7.669C41.215,39.576,41,40.26,41,41c0,2.206,1.794,4,4,4s4-1.794,4-4
s-1.794-4-4-4c-0.74,0-1.424,0.215-2.019,0.567l-7.669-7.669C36.366,28.542,37,26.846,37,25s-0.634-3.542-1.688-4.897l9.665-9.665
C46.042,11.405,47.451,12,49,12c3.309,0,6-2.691,6-6S52.309,0,49,0z M11,9c0-1.103,0.897-2,2-2s2,0.897,2,2s-0.897,2-2,2
S11,10.103,11,9z M6,51c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S8.206,51,6,51z M33,49c0,2.206-1.794,4-4,4s-4-1.794-4-4
s1.794-4,4-4S33,46.794,33,49z M29,31c-3.309,0-6-2.691-6-6s2.691-6,6-6s6,2.691,6,6S32.309,31,29,31z M47,41c0,1.103-0.897,2-2,2
s-2-0.897-2-2s0.897-2,2-2S47,39.897,47,41z M49,10c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S51.206,10,49,10z"></path></svg></button></div><div id="global-graph-outer"><div id="global-graph-container" data-cfg="{&quot;drag&quot;:true,&quot;zoom&quot;:true,&quot;depth&quot;:-1,&quot;scale&quot;:0.9,&quot;repelForce&quot;:0.5,&quot;centerForce&quot;:0.3,&quot;linkDistance&quot;:30,&quot;fontSize&quot;:0.6,&quot;opacityScale&quot;:1,&quot;showTags&quot;:true,&quot;removeTags&quot;:[],&quot;focusOnHover&quot;:true}"></div></div></div><div class="toc desktop-only"><button type="button" id="toc" class aria-controls="toc-content" aria-expanded="true"><h3>目录</h3><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="fold"><polyline points="6 9 12 15 18 9"></polyline></svg></button><div id="toc-content" class><ul class="overflow"><li class="depth-0"><a href="#数据恢复基本常识" data-for="数据恢复基本常识">数据恢复基本常识</a></li><li class="depth-1"><a href="#物理损毁" data-for="物理损毁">物理损毁</a></li><li class="depth-1"><a href="#逻辑损坏" data-for="逻辑损坏">逻辑损坏</a></li><li class="depth-1"><a href="#恢复方式" data-for="恢复方式">恢复方式</a></li><li class="depth-0"><a href="#文件修复过程" data-for="文件修复过程">文件修复过程</a></li><li class="depth-0"><a href="#杂谈" data-for="杂谈">杂谈</a></li></ul></div></div><div class="explorer mobile-only"><button type="button" id="explorer" data-behavior="collapse" data-collapsed="collapsed" data-savestate="true" data-tree="[{&quot;path&quot;:&quot;Personal&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2018&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2020&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2021&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2022&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2023&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2024&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/个人成长&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/医学健康&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/历史&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/哲学宗教&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/心理&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/政治军事&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/教育学习&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/文学&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/生活百科&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/社会文化&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/科学技术&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/经济理财&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/艺术&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/计算机&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W34&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W35&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W36&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W37&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Jour
</script><script type="module">
let mermaidImport = undefined
document.addEventListener('nav', async () => {
if (document.querySelector("code.mermaid")) {
mermaidImport ||= await import('https://cdnjs.cloudflare.com/ajax/libs/mermaid/10.7.0/mermaid.esm.min.mjs')
const mermaid = mermaidImport.default
const darkMode = document.documentElement.getAttribute('saved-theme') === 'dark'
mermaid.initialize({
startOnLoad: false,
securityLevel: 'loose',
theme: darkMode ? 'dark' : 'default'
})
await mermaid.run({
querySelector: '.mermaid'
})
}
});
</script><script src="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.16.9/contrib/copy-tex.min.js" type="application/javascript"></script><script src="../../../postscript.js" type="module"></script></html>