[sleuthkit-users] Which tools to use?
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Which tools to use?
|
From: Benjamin J. W. <ben...@bi...> - 2004-11-19 20:43:36
|
All, I'm hoping that somebody can point me in the direction of the appropriate tools to learn to resolve a problem I've got. A friend of mine has a Seagate 160GB USB drive that he's put a *bunch* of stuff on. Apparently he hooked it up to a Mac, and said that it went nuts, at which time he yanked the cable. He says that he thinks that it was originally set up as a single NTFS partition, but now it looks to me like a 32GB FAT32 partition with no files. I'm guessing that the partition table's been wiped, and possibly/probably the file allocation table. I've yanked the drive out of the enclosure and am about to plug it into my desktop system running CentOS (a red-hat EL 3 re-compile distro). I've purchased a 200GB SATA drive and put it my system. 1) I'm assuming that I'm going to have to make a disk-image of his drive? 2) Is there a way to get the files off of the drive or image? 3) If so, what tools should I look at? Thanks much! Ben Weiss |
