User:Laurier Rochon/bbb/hhd forensics: Difference between revisions
(Created page with "== Tools to do data carving (open-source) == - foremost - scalpel http://moddr.net/wiki/doku.php?id=data_carving_workshop (infos) http://www.moddr.net/wp-content/datacarving_c...") |
No edit summary |
||
| Line 6: | Line 6: | ||
http://moddr.net/wiki/doku.php?id=data_carving_workshop (infos) | http://moddr.net/wiki/doku.php?id=data_carving_workshop (infos) | ||
- Install foremost | - Install foremost | ||
Revision as of 22:04, 11 November 2010
Tools to do data carving (open-source)
- foremost - scalpel
http://moddr.net/wiki/doku.php?id=data_carving_workshop (infos)
- Install foremost - Check dmesg for info on the newly connected drive (dmesg | tail to get only recent logs) - Cat /proc/partitions (sdbs' is the one we want - not 'sda', that's our own drive) - sudo foremost -v -T -o /tmp/report -i /dev/sdb5 (replace sdb5 with drive...) - install gqview to view broken files
Pipe the contents of HD to mplayer
cat /proc/partitions (see all your HD partitions)