2
A few days ago, I decided to defragment and optimize my 2TB external Hard Disk using Auslogics Defragmenter. Now, a little background here. The partition that I defragmented was an 1.8TB partition encrypted by VeraCrypt, a fork of TrueCrypt. After the defragmentation was complete, I found that several files have been corrupted. The files in which I could detect the corruption were all compressed files, compressed using Windows 10's default compression. I opened the files up in WinHex, and I saw a curious thing: The end of all these corrupted files had a block of "DF DF DF" sequence. Here is the Screenshot of the problem. Please note that, though the picture shows it's an arc file, it was still compressed by Windows compression. The curious thing is that, even though the files had those DF chunks, a Binary Search of the mounted partition did not yield any such sequence.
Now I want to create a batch file that will:
- Create a list of compressed files on the disk
- Check for DF sequence at the end of binary content of each file
- Make a list of all affected files
I tried to solve this using Powershell script but was unsuccessful. I think approaching the problem in Linux platform would be much easier, but I have no idea how to do it. Any help or suggestion would be greatly appreciated.
Additional Note: Many have said that the Binary Search of the mounted partition was unsuccessful because of the fact that the partition is encrypted. That's wrong. I mounted the partition before the search. Hence, the search was not on RAW data of the HDD but the data of the unencrypted partition.
Additional Details: OS: Windows 10 Professional X64 / Ubuntu 14.04 x64 File System: NTFS
I can give you only guess. In Hex DF is the char 233, in some codepage (set) the letter
Ú
. It said few. If you see it in binary, the patternDF
=11011111
seems to be one of the patterns used to wipe securely the HDD. If something get wrong and that segment was overwritten for security reasons... Try nonetheless to understand how it works the defragment tool you used on an encrypted partition. Good Luck. – Hastur – 2016-07-29T20:57:59.127What I think is that PerfectDisk was already running on the background and, when I ran a second defragmenter, somehow there was a conflict between the two defragmenters, and the compressed files got the brunt of it. – Sabyasachi Mukherjee – 2016-07-29T22:04:08.390