Re: [sleuthkit-users] How to simply undelete files ?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] How to simply undelete files ?
|
From: youcef b. <ybi...@ya...> - 2006-01-25 00:11:02
|
Hi, I think the answer was already highlighted. Issue fls on your drive and then looking at the file of interest, pick their inode number from the report generatd by fls command and issue icat against them. regards youcef --- "te...@me..." <te...@me...> wrote: > Thanks very much for your answer. > > In my case I think that it's not mandatory to use > another computer, because the deleted files were > placed on the third > harddrive of my computer (/dev/hdd1), so I removed > it from fstab so it should not be mounted nor armed > after. > I've got enough space on other partitions on other > drives to copy the recovered files (about 700 Mb : > one CD) but not > enough to put the whole output from sorter which > could reach the size of the entire drive (10Go). > I just wanted to know if there was a script to > recover deleted files with no particular problems : > I just made rm on the > files then shutdown the computer, and didn't mounted > this partition since, I know the names of the files > and their > sizes, there are only 7 or 8 to recover. So for > someone used to it it should be trivial to get them > back no ? > > Fra...@ps... wrote: > > > > tech; > > > > my suggestion would be to download (on a different > computer) F.I.R.E. > > (it's got a copy of Sleuthkit and Autopsy and it's > linux. Burn the iso > > onto a CD, it's bootable. Insert a 1gig (at best) > thumb drive into the > > usbport before booting, boot the computer with the > deleted files using > > FIRE. dd the space which contains the files or > use the Autopsy browser > > to move the files to the thumb drive. I make it > sound simple but if > > you've used Autopsy this should be pretty simple. > Keep the FIRE CD > > handy as it's a great tool to use. > > > > Frank Kenisky IV, CISSP, CISA, CISM > > Information Technical Security Specialist > > (210) 301-6433 - (210) 887-6985 > > > > > > *"te...@me..." <te...@me...>* > > Sent by: > sle...@li... > > > > 01/24/2006 04:56 AM > > > > > > To > > sle...@li... > > cc > > > > Subject > > [sleuthkit-users] How to simply undelete files ? > > > > > > > > > > > > > > > > > > Hello everybody, > > I'm new to sleuthkit,and I've got a problem which > might seem very basic > > to most og you but I can't resolve it : > > I recently burned some files from my hard-disk to > a CD / RW, then I > > deleted these files from my hard-disk. > > When I tried to read the CD, there seems to be > nothing on it. > > I wasn't able to dd an image of the cd, so I can't > recover my files this > > way. > > Then I launched autopsy on my hard-disk. Using > File analysis, I can see > > all the deleted files, but now, I don't know how > > to recover them. I don't want to use the sorter > tool from autopsy > > because I don't have enough free space to copy all > the > > recovered files, only enough for the 700Mb of my > deleted files. > > I would like to know what is the simple procedure > to recover one by one > > a few files which seems I good state to recover > > (as the partition where I deleted files wasn't > mounted since the deletion). > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do > you grep through log files > > for problems? Stop! Download the new AJAX search > engine that makes > > searching your log files as easy as surfing the > web. DOWNLOAD SPLUNK! > > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > > _______________________________________________ > > sleuthkit-users mailing list > > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do > you grep through log files > for problems? Stop! Download the new AJAX search > engine that makes > searching your log files as easy as surfing the > web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com |
