We have built FFRecovery, a new ransomware (or data corruption malware) defense tool that can support fine-grained data recovery after the malware attacks. The key idea of the tool is, to recover a file corrupted by the ransomware/malware, we can 1) restore its file system metadata via file system forensics, and 2) extract its file data via raw data extraction from the flash translation layer, and 3) assemble the corresponding file system metadata and the file data. The tool requires modifying the underlying flash storage firmware, and we have modified the open-sourced OpenNFM for this purpose.
Version: 0.99
Language: Python, C
Language: Linux, Windows
License: GNU GPL v3.
Archive Github repository