Foremostįoremost is one of the popular data recovery tools. To know more, refer to thus paper on “The Evolution of File Carving”. Some important data recovery tools provided by BackTrack are described below. The tools then scan the provided forensic image to try and find the required data.ĭata recovery tools play an important role in most forensic investigations, because smart malicious users will always try to delete evidence of their unlawful acts. To recover such lost data, usually certain content/attributes related to the data (or files containing the data) are given as an input to data recovery tools. ![]() Since the associated metadata structures are overwritten in all these scenarios, data cannot be identified or extracted in the regular way, and hence is called lost. The extension has been changed for the file containing the data.File containing the data is embedded into another data file.Deletion/repartitioning of the partition containing the data.Corruption of the underlying filesystem.Deletion/corruption of the file/directory containing the data.Continuing from there, this article focuses on the BackTrack toolset used for the subsequent phases of digital forensic investigation - data recovery and data analysis for evidence.ĭata recovery (also called data carving) tools aim at recovering the data contained in a forensic image, which may have been lost due to one or more of the following reasons: ![]() We used a variety of image-acquiring tools, to acquire and preserve data on digital media that needed to be analysed forensically. ![]() In Part 1, we saw the digital forensics capabilities of the BackTrack Live Linux distribution, and focused on the first phase of digital forensic analysis, known as image acquisition.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |