{"id":1184,"date":"2024-10-06T14:52:56","date_gmt":"2024-10-06T20:52:56","guid":{"rendered":"https:\/\/fallingstuff.net\/blog\/?p=1184"},"modified":"2025-10-24T04:06:45","modified_gmt":"2025-10-24T10:06:45","slug":"fallingstuff","status":"publish","type":"post","link":"https:\/\/fallingworks.com\/blog\/2024\/10\/06\/fallingstuff\/","title":{"rendered":"Tales of eBay – Part 1"},"content":{"rendered":"\n

I was recently in the market for a pair of 4 TB hard drives for a duo of USB enclosures that I had picked up a few years ago. So not wanting to spend retail prices I hoped onto eBay and grabbed up a pair for a deal. Few days later the drives arrived in the mail and found their way into the enclosures. So I plug the first drive into my desktop to format it …<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

… the drive is formatted and named. I was expecting to see a RAW drive, not a partitioned drive. Does that mean that I got a drive with data on it? Ugh…<\/em><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

So fire up 010 Hex Editor and lets take a look at the raw bits. The first page has data, which makes sense since there is a partition on the drive…<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Ugh … There IS something on this drive … <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Well … something is the word. Applying some digital forensics to the drive (because why gratuitous use of forensic tools), the tools show a structure that looks like a drive with data.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I could use some forensic type tools to carve whatever data might be on here, but I really want to try a new (to me) commercial tool and see if it can recover data from a formatted drive. So I fire up Disk Internals NTFS Recovery<\/a>, point it at the drive, and tell it to search for the popular files. Let me be clear at this point, this attempt is going to be sloppy, I am aiming to recover ANYTHING, just to get some practice with this tool.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

NTFS Recover seems to have found something? Does not look like anything too interesting, just an Outlook archive file. So, I tell the software to recover the file … <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Turns out … the recovered file IS an Outlook archive file. No way I am connected that to my outlook to see what is in it – I do not need to know, more over, I could care less what is in the file. I would like to ask WHY can I find anything on a 2nd hand drive … and now … are there more out there? <\/p>\n\n\n\n

Stay tuned, I start answering that question tomorrow. <\/p>\n","protected":false},"excerpt":{"rendered":"

I was recently in the market for a pair of 4 TB hard drives for a duo of USB enclosures that I had picked up a few years ago. So not wanting to spend retail prices I hoped onto eBay and grabbed up a pair for a deal. Few days later the drives arrived in … Continue reading Tales of eBay – Part 1<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bluesky_dont_syndicate":"","_bluesky_syndication_accounts":"","_bluesky_syndication_text":"","footnotes":"","_share_on_mastodon":"0"},"categories":[48,45],"tags":[],"class_list":["post-1184","post","type-post","status-publish","format-standard","hentry","category-data-recovery","category-privacy"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts\/1184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/comments?post=1184"}],"version-history":[{"count":3,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts\/1184\/revisions"}],"predecessor-version":[{"id":2693,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts\/1184\/revisions\/2693"}],"wp:attachment":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/media?parent=1184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/categories?post=1184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/tags?post=1184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}