[clug] PC Forensics / Fun
Michael Cohen
michael.cohen at netspeed.com.au
Tue Apr 3 14:27:59 GMT 2007
For those who are interested there is currently an official forensic recovery
challenge here:
http://www.dfrws.org/2007/challenge/index.html
Basically the challenge is a 300mb image with no file system. There are lots of
different file types and your task if you choose to accept it is to recover as
many files as possible off the image. The files are generally heavily
fragmented. This year you must produce a working tool to automatically recover
the files.
Running photorec against this image will not get you that far - photorec does
not handle fragmentation. Although its not too bad with mp3/mpgs because those
files can generally be chopped arbitrarily (players know how to resync to the
stream with little fuss).
The purpose of the challenge is to further the state of the art research in
this area - so if you feel up to it... The plus side is that lots of tools
should come of it too. There are about 3 months left. (Due july I think).
I am ashamed to admit that I have been addicted to this task for the last few
months :-D
Michael.
On Fri, Mar 30, 2007 at 09:53:41AM +1000, tridge at samba.org wrote:
> Matt,
>
> > So, has anyone had any experience playing with linux (or similar) and
> > recovering/analysing HDD's that have been 'wiped'?
> > Can anyone recommend/share experiences with programs (be it good or bad
> > results)?
>
> I can highly recommend 'photorec'. It is GPLd, and runs on both
> Windows and Linux. Despite the name, it recovers lots of file types,
> not just images.
>
> I used it last week to recover a relatives disk. They had
> re-partitioned and reinstalled Windows XP on a machine, then realised
> they had lost all their files by doing so. Photorec recovered nearly
> everything.
>
> It only works if the data is still there of course, so most useful
> when a filesystem has been formatted or is just so corrupt that normal
> recovery tools are useless.
>
> Cheers, Tridge
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
More information about the linux
mailing list