Re: [sleuthkit-users] Which tools to use?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Which tools to use?
|
From: Brian C. <ca...@sl...> - 2004-11-23 01:42:45
|
On Nov 19, 2004, at 3:43 PM, Benjamin J. Weiss wrote: .... > I'm guessing that the partition table's been wiped, and > possibly/probably > the file allocation table. > > I've yanked the drive out of the enclosure and am about to plug it > into my > desktop system running CentOS (a red-hat EL 3 re-compile distro). I've > purchased a 200GB SATA drive and put it my system. > > 1) I'm assuming that I'm going to have to make a disk-image of his > drive? > 2) Is there a way to get the files off of the drive or image? > 3) If so, what tools should I look at? Check out gpart/TestDisk to recover partitions (if any of the original file system data exists) and 'foremost' to recover file content of known file types. brian |
