DATA FORENSIC RECOVERY
(ACRONIS BACKUP & RECOVERY 11.5)
Acronis backup & Recovery is a software which is been used in forensics for several activities such as
- Disk backing up (bit to bit image)
- File backing up ( disk, server, Microsoft SQL database )
- Conversion to virtual machine
- Cloning disks
- Converting disks
- Formatting and deleting volumes
- Changing a disk partitioning style between MBR and GPT
- Changing a disk label
Acronis is a graphical user interface, user friendly tool developed for Windows and Unix Operating systems. For anyone wants to try, can use 30 day trial version and further paid license version.
Let’s get in to work….
- first have to connect three external devices with the laptop or the PC.
- One drivers which has the backup data image. (A)
- Driver where the recovery should store. (B)
- Acronis driver . (C)
I used DVD booted with Acronis, so I used external DVD driver .
2. After the set up, go to BIOS menu at the start of windows and change the Boot Order to Acronis driver.
Key for the BIOS is different for each the device. F11,F12 or ESC are the commonly used keys. Google if these keys does not work.
3. After a black screen with “starting Acronis” will display something as “Image 1".
- click on “Manage this machine locally”
4. As we already have the backup images, select “Recovery ” mode.
5. Brows data where the backup located in external drive (Driver A). (As in Image 3, Image 4)
6. If you followed above steps, it will appear backup contents with the data path (as in “Image 5”)
- Tick all the MBRs and Basic storage points.
7. Now set up the “Where to recover” which is where the recover image should stored. (Driver B)
It is important to configure all sufficient power and disk space that needs to run Virtual image without any issues might occurring.
8. Select “Save the virtual machine as a set of files” to recover image in .vmdk format.
You can use any selection as needed.
Setting up RAM capacity. (As in Image 7)
Brows the location for Drive B. (As in Image 8)
9. If Above steps been done, It will show all your configured specs for the Virtual Image. (As in Image 9)
10. Finally press OK. Then it will start recovering the image.
Roughly it may take 2–3 hours to recover successfully.
History will indicate result succeeded when the process has been finished.(As in image 10)
NOTE. make sure to re-check the recovered image is in .vmdk format. If not image cannot be opened in Virtual Machine.
Thank you.
