| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8949117e050912075655e98c38@mail.gmail.com> Date: Mon Sep 12 15:56:35 2005 From: kc2lto at gmail.com (Ragone_Andrew) Subject: Forensic help? > > I recently destroyed my file structure due to mistakenly writing a > partition table to the wrong hard disk drive on my machine while > installing an experimental version of OS X. The saving factor is that > the partition that may have formatted was only 20GB out of 200GB and > the rest was unallocated free space. I have installed a temporary > instance of WinXP to use data recovery software and recover the > majority of files from the drive (it is installed on the non-corrupted > drive). I ran a scan with R-Studio's awesome NTFS recovery tool and can > only find some of my recognized files here and there with system files > in between. The folders are present as something such as > $$$Folder1546$$ but there is absolutly no file system structure > present. (some is on different "found" under different cluster settings, > etc. using the IntelligiScan). Is there a way to reconstruct the file system > with another > utility using a data forensics linux livecd or other utility? I REALLY > need to get this data recovered and would like to learn how on my own > as first resort. > I have used iRecover which restructed the file system almost perfectly > but it freezes during the recover (or seems to hang). Are there any other > choices out there? It seems none of the data was truely formatted ... > -Andrew > > > On 9/12/05, Red Leg <redleg18@...il.com> wrote: > > > > On 9/11/05 8:21 PM, "Paul Schmehl" <pauls@...allas.edu > wrote: > > > > > > > Download the knoppix std distro and burn it to a cd. Use dcfldd for > > drive > > > imaging and the forensics tools for recovery of erased files and the > > like. > > > > > > > Paul. > > > > Does dcfldd allow me to mirror the disk in such a manner as to include > > deleted files? I can not swap drives. I need to obtain an image with > > which I > > can "undelete" files that were conventionally erased. > > > > Will dcfldd provide such an image? > > > > > > Thanks! > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > ___________________ > -Andrew Ragone > BCA ATCS 2006 > [ Project Moonwell ] > Kc2LTO > http://kc2lto.com > -- ___________________ -Andrew Ragone BCA ATCS 2006 [ Project Moonwell ] Kc2LTO http://kc2lto.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050912/9e88f2dc/attachment.html
Powered by blists - more mailing lists