[prev in list] [next in list] [prev in thread] [next in thread]
List: sleuthkit-users
Subject: Re: [sleuthkit-users] How to recover data from a harddisk using
From: Ron Mays <mays_ra () hammond ! org>
Date: 2010-09-07 16:01:22
Message-ID: 45E17F9307AAF24B888779D4870CCA3B7E3E25CEF8 () exchangesrv ! city ! local
[Download RAW message or body]
> Message: 6
> Date: Tue, 07 Sep 2010 14:46:57 +0200
> From: Joan Luc Lab?rda <laborde@crpp-bordeaux.cnrs.fr>
> Subject: [sleuthkit-users] How to recover data from a harddisk using
> SleuthKit ?
> To: sleuthkit-users@lists.sourceforge.net
> Message-ID: <4C863441.1090201@crpp-bordeaux.cnrs.fr>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi everybody.
>
> I want to try to recover NTFS data from a harddisk that cannot be accessed by \
> Windows anymore.
> I know proprietary software like "GetDataBack" that could do it but i'd prefer \
> using some open-source soft, i'm trying it with SleuthKit and AutoPSY >.
> Had someone do already that kind of operation?
Yes, it is possible to manually carve data via Sleuthkit and AutoPSY, but it can take \
a long time if you have a lot of data to recover. If you are looking recover \
specific file types, such as .jpg, then scalpel and foremost will make the process \
more 'automated'.
//SIGNED//
Ronald A Mays Jr, MSgt - CFCE
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText>>Message: 6<o:p></o:p></p>
<p class=MsoPlainText>>Date: Tue, 07 Sep 2010 14:46:57 +0200<o:p></o:p></p>
<p class=MsoPlainText>>From: Joan Luc Lab?rda
<laborde@crpp-bordeaux.cnrs.fr><o:p></o:p></p>
<p class=MsoPlainText>>Subject: [sleuthkit-users] How to recover data from a
harddisk using<o:p></o:p></p>
<p class=MsoPlainText>> SleuthKit ?<o:p></o:p></p>
<p class=MsoPlainText>>To: sleuthkit-users@lists.sourceforge.net<o:p></o:p></p>
<p class=MsoPlainText>>Message-ID:
<4C863441.1090201@crpp-bordeaux.cnrs.fr><o:p></o:p></p>
<p class=MsoPlainText>>Content-Type: text/plain; charset=ISO-8859-1;
format=flowed<o:p></o:p></p>
<p class=MsoPlainText>><o:p> </o:p></p>
<p class=MsoPlainText>>Hi everybody.<o:p></o:p></p>
<p class=MsoPlainText>><o:p> </o:p></p>
<p class=MsoPlainText>>I want to try to recover NTFS data from a harddisk
that cannot be accessed by Windows anymore.<o:p></o:p></p>
<p class=MsoPlainText>>I know proprietary software like
"GetDataBack" that could do it but i'd prefer using some open-source
soft, i'm trying it with SleuthKit and AutoPSY >.<o:p></o:p></p>
<p class=MsoPlainText>>Had someone do already that kind of \
operation?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Yes, it is possible to manually carve data via Sleuthkit and
AutoPSY, but it can take a long time if you have a lot of data to recover. If
you are looking recover specific file types, such as .jpg, then scalpel and
foremost will make the process more ‘automated’. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>//SIGNED//<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Ronald A Mays Jr, MSgt - CFCE<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>
[Attachment #4 (--===============8546142471933963048==)]
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic