lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon Sep 12 15:56:35 2005
From: kc2lto at gmail.com (Ragone_Andrew)
Subject: Forensic help?

> 
> I recently destroyed my file structure due to mistakenly writing a 
> partition table to the wrong hard disk drive on my machine while 
> installing an experimental version of OS X. The saving factor is that 
> the partition that may have formatted was only 20GB out of 200GB and 
> the rest was unallocated free space. I have installed a temporary 
> instance of WinXP to use data recovery software and recover the 
> majority of files from the drive (it is installed on the non-corrupted 
> drive). I ran a scan with R-Studio's awesome NTFS recovery tool and can 
> only find some of my recognized files here and there with system files 
> in between. The folders are present as something such as 
> $$$Folder1546$$ but there is absolutly no file system structure 
> present. (some is on different "found" under different cluster settings, 
> etc. using the IntelligiScan). Is there a way to reconstruct the file system 
> with another 
> utility using a data forensics linux livecd or other utility? I REALLY 
> need to get this data recovered and would like to learn how on my own 
> as first resort. 
>  I have used iRecover which restructed the file system almost perfectly 
> but it freezes during the recover (or seems to hang). Are there any other 
> choices out there? It seems none of the data was truely formatted ... 
>  -Andrew
>  
> 
> On 9/12/05, Red Leg <redleg18@...il.com> wrote: 
> > 
> > On 9/11/05 8:21 PM, "Paul Schmehl" <pauls@...allas.edu > wrote:
> > 
> > 
> > > Download the knoppix std distro and burn it to a cd. Use dcfldd for 
> > drive
> > > imaging and the forensics tools for recovery of erased files and the 
> > like.
> > >
> > 
> > Paul.
> > 
> > Does dcfldd allow me to mirror the disk in such a manner as to include 
> > deleted files? I can not swap drives. I need to obtain an image with 
> > which I
> > can "undelete" files that were conventionally erased.
> > 
> > Will dcfldd provide such an image?
> > 
> > 
> > Thanks!
> > 
> > 
> > _______________________________________________ 
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> > 
> 
> 
> 
> -- 
> ___________________ 
> -Andrew Ragone
> BCA ATCS 2006
> [ Project Moonwell ]
> Kc2LTO
> http://kc2lto.com 
> 



-- 
___________________
-Andrew Ragone
BCA ATCS 2006
[ Project Moonwell ]
Kc2LTO
http://kc2lto.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050912/9e88f2dc/attachment.html

Powered by blists - more mailing lists