Carving tools help you recover deleted files
If the filesystem is not completely destroyed, tools that evaluate the filesystem provide an important alternative to tools such as Foremost and Scalpel. The PhotoRec  recovery tool was developed by Christophe Grenier to rescue photos from corrupt Flash memory. PhotoRec will also work if the partition table is damaged.
Once PhotoRec has identified the filesystem, it extracts an enormous variety of file types. In addition to photo files, PhotoRec also restores EXE or ZIP files.
All told, the tool supports more than 180 file types. The program is controlled by means of a practical text menu, which reduces the danger of user errors. Unfortunately, PhotoRec cannot current analyze RAM dumps or swap files.
File carvers help forensic investigators extract deleted files. Foremost and Scalpel ignore the filesystem and can even restore data from RAM dumps and swap files. Their speed is quite amazing.
If the filesystem still exists, a tool such as PhotoRec is also useful for finding lost files.
- The Coroner's Toolkit: http://www.porcupine.org/forensics/tct.html
- The Sleuth Kit: http://www.sleuthkit.org
- Foremost: http://foremost.sf.net
- Scalpel: http://www.digitalforensicssolutions.com/Scalpel/
- PhotoRec: http://www.cgsecurity.org/wiki/PhotoRec
- FTimes: http://ftimes.sourceforge.net/FTimes/
- Foremost on the Forensics Wiki: http://www.forensicswiki.org/wiki/Foremost
- OCFA, The carve path zero-storage library and filesystem: http://ocfa.sourceforge.net/libcarvpath/
- DFRWS carving challenge: http://www.dfrws.org/2006/challenge/
Buy this article as PDF
MSBuild is now just another GitHub project as Redmond continues its path to the light.
New rules emphasize collegiality in coding.
Upstart lands in the dust bin as a new era begins for Linux.
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.