Most of this area is included for those who have lost data accidentally or because back-up didn’t work. Even in extreme cases of virus infection or an intruder tampering, it maybe possible to retrieve the lost data saving fortunes in time and costs occurred though the recreation of it.

This alone is definitely worth having a possible back up plan for getting the files off the drive even if it does need reloaded. However the world of Computer Forensics is more than that. What if you needed proof that an employee was abusing network use policies or need to get data from a drive without corrupting it by starting it under another system that may write to the disk before you have a chance to recover the information? One benefit of using Plan-B is that it doesn't attempt to mount hard drives when it's started, it doesn't even use a swap file or swap disk. While running Plan-B you may choose to image the drive or burn files to a cdrom.

Autopsy
Stepping though the looking glass.

Designed to be a graphical interface to the command line digital forensic analysis tools in The Sleuth Kit, when used together, provide many of the same features as commercial digital forensics tools for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS).

During one of the testing phases, Plan-B was actually used to recover an web server. The operator started the failed system with Plan-B. Then mounted the hard drive under the /var/www/html directory, added the proper path in Apache’s configuration file for document root as /var/www/html/Inetpub/wwwroot/.

Finally, started Apache and the site was operational until that night when it could be restored from tape backup. Down time was a minimal 15 minutes as opposed to the 2 hours it would’ve taken to restore the system during production hours.

For more information, about Computer Forensics or Data Recovery, see the links above or browse though the links in the Reference section.