poking around backtrack 4 pre-final, I was looking for data recovery tools, and one came highly recommended from #remote-exploit called autopsy, but... it didnt do specifically what I needed (at least I couldnt find this option if indeed it does exist?) = recovering a formated disk + overwritten MBR... here's the reason why I needed to do such a thing ;

the other day I ended up wiping my disk _entirely_ MBR and all, from an idiotic mistake during installation of a win7 VM... I wont get into the details, except to say that testdisk saved my butt!! big time, not only did it recovery my old boot sector, but it also recovered ALL 8x of my partitions that had gotten wiped... absolutely amazing! soo, I am here to plead it's case, and worth in your amazing backtrack distribution...

photorec is another tool which has its uses as well, and comes with/is a part of testdisk. btw, both apps are licensed by the GPL, and as it stands now testdisk and/or photorec already comes pre-installed on other liveCD distro's so I dont think there'd be any issue with combining it with BT4?! [besides, I think this would be the first tool of it's type/caliber on backtrack, if i am not mistaken?? + the disk size of the tool/s are pretty small tool]

I guess I should post exactly what testdisk can do ;;
TestDisk can
  • Fix partition table, recover deleted partition
  • Recover FAT32 boot sector from its backup
  • Rebuild FAT12/FAT16/FAT32 boot sector
  • Fix FAT tables
  • Rebuild NTFS boot sector
  • Recover NTFS boot sector from its backup
  • Fix MFT using MFT mirror
  • Locate ext2/ext3 Backup SuperBlock
  • Undelete files from FAT, NTFS and ext2 filesystem
  • Copy files from deleted FAT, NTFS and ext2/ext3 partitions.


TestDisk can run under
  • DOS (either real or in a Windows 9x DOS-box),
  • Windows (NT4, 2000, XP, 2003, Vista),
  • Linux,
  • FreeBSD, NetBSD, OpenBSD,
  • SunOS and
  • MacOS


TestDisk can find lost partitions for all of these file systems:
  • BeFS ( BeOS )
  • BSD disklabel ( FreeBSD/OpenBSD/NetBSD )
  • CramFS, Compressed File System
  • DOS/Windows FAT12, FAT16 and FAT32
  • Windows exFAT
  • HFS, HFS+ and HFSX, Hierarchical File System
  • JFS, IBM's Journaled File System
  • Linux ext2 and ext3
  • Linux LUKS encrypted partition
  • Linux RAID md 0.9/1.0/1.1/1.2
  • RAID 1: mirroring
  • RAID 4: striped array with parity device
  • RAID 5: striped array with distributed parity information
  • RAID 6: striped array with distributed dual redundancy information