Re: [sleuthkit-users] tsk_recover tool configuration
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] tsk_recover tool configuration
|
From: Ade <adr...@nt...> - 2013-09-04 19:28:46
|
Hi Umit Strictly speaking, tsk_recover is not a file carving tool (assuming one defines file carving as the searching and recovery of files based on file signature). It is a file undeletion tool - one that recovers files based on meta-data in the inode table/MFT/FAT. You can run tsk_recover then filter the recovered files based on file signature analysis and/or file extension analysis. AFAIK, tsk_recover doesn't look at the file headers, thus there is no way to customise it to search for file types in the way you can with scalpel/foremost. I think Brian is looking at integrating file carving tools, in the meantime have you looked at photorec? Ade On Wednesday 04 Sep 2013 12:20:13 Umit Karabiyik wrote: > Hello all, > > I am working on data carving. I found that it's easy to configure > scalpel/foremost to search for specific file type. However, man page for > tsk_recover doesn't mention any configuration file. It seems to me that > tsk_recover all type of files and no option can be specified by the user. Is > that correct? If not, how can I configure tsk_recover in order to carve out > specific type of files such as .txt files only. > > Thanks in advance, > Umit > > > > -- > View this message in context: > http://filesystems.996266.n3.nabble.com/tsk-recover-tool-configuration-tp81 > 56.html Sent from the sleuthkit-users mailing list archive at Nabble.com. > > ---------------------------------------------------------------------------- > -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
