'Re: [sleuthkit-users] Is sleuthkit the quickest way to identify most recently deleted directories an'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sleuthkit-users
Subject:    Re: [sleuthkit-users] Is sleuthkit the quickest way to identify most recently deleted directories an
From:       T T <timl.jhu () gmail ! com>
Date:       2012-08-10 18:13:21
Message-ID: CALBH9K_ZNFUwN6v5aQTiZLicedDv_wpG+qM2Uqt5v_eVnAZkVw () mail ! gmail ! com
[Download RAW message or body]

The partition is NTFS. I mounted it under Ubuntu 12.04.

I am going to install  bulk_extractor 1.3. I wonder what the command
is for running bulk_extractor 1.3 on the partition to find out and
recover most recently deleted directories and files on the partition?


On Fri, Aug 10, 2012 at 2:06 PM, Simson Garfinkel <simsong@acm.org> wrote:
> What's the file system?
> Why don't you run bulk_extractor 1.3 on the disk? It cards MFT directory entries.
>
> On Aug 10, 2012, at 1:50 PM, T T <timl.jhu@gmail.com> wrote:
>
>> I have been running "sudo fls -f ntfs -d -r -p /dev/sda3 >
>> ~/deleted_files.txt" for several days on my 110GB 96%-used ntfs
>> partition. It hasn't finished running yet (don't know when it will),
>> and I cannot do anything that will writes data to the partition.
>>
>> Now I wonder if my usage of sleuthkit is the quickest way to identify
>> most recently deleted directories and files in my case?
>>
>> I know the answers may be deviated from sleuthkit. But really many
>> thanks for your information!
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic