[clug] PC Forensics / Fun

Paul Wayper paul.wayper at anu.edu.au
Fri Mar 30 00:11:10 GMT 2007


Matt Smith wrote:
> So, has anyone had any experience playing with linux (or similar) and
> recovering/analysing HDD's that have been 'wiped'?
> Can anyone recommend/share experiences with programs (be it good or
> bad results)?
I've not done this, but I did have the opportunity to use a thing called
photorec to try and get back some Eudora mail folders that it had
decided to delete without the user's permission.  It comes in a package
with testdisk on Fedora Core and is written by Christopher Grenier
(http://www.cgsecurity.com).  The interface seems to be written in
Curses and it takes a little getting used to, but photorec is designed
to scan a disk or partition, or image thereof, and find any file it can
recognise; flash drives that have been 'quick formatted' are a specialty.

HTH,

Paul


More information about the linux mailing list