Hi everyone, first post here, hope this is the right forum section for this sort of question, hope I've provided details usefully
I've got my teeth very firmly into a recovery from CryptoWall on Windows XP.
Now I need to, not just search/find, but copy, retaining folder structure, all the files that have not been affected.
I'm thinking things like:
- Are there file managers can do copy jobs retaining folder structure? Can Total Commander do that?
- Comparing headers of files to what they *should* be, given the file extension, could be a way to spot encrypted files
- Better be sure which filetypes have been affected first...
- Can *possibly* get my head round writing a script (in PHP though!) to show me all the file Exts that appear in the ListCWall log that just finished
- No idea about reading file headers though, particularly working in Windows
I've got some valuable stuff back (Outlook and Quickbooks), found and recovered some non-encrypted deleted files using R-Studio (seems very good, I might buy it).
I've avoided working on the original drive almost completely and I've got the WinXP install running in VBox (Windows 7 Pro 64bit host) so I feel I'm doing pretty well!
Next move is to scout around a bit with Shadow Explorer before seeing if System Restore helps...
It's a whole lotta fun but I'm stumped so far for a practical solution for collecting together the *good* files that are left.
What does everyone else do in this situation?
thanks Orange Blossom ;)
Edited by Patrck, 05 July 2015 - 03:16 PM.
Moved to general security. ~ OB