|
|
| Line 1: |
Line 1: |
| − | == Image Analysis ==
| + | *Amazing stories of data recovery. |
| − | ; [[SurfRecon LE rapid image analysis tool]] by SurfRecon, Inc.
| + | Daily updated real data recovery case studies, data recovery experiences and special data recovery tricks. |
| − | : http://www.surfrecon.com
| + | |
| | | | |
| − | == Open Source Tools ==
| + | '[http://www.datarecoverystory.com/ Just find some tutorial for data recovery] |
| | | | |
| − | ; [[file]]
| + | * [http://blocksandfiles.com/article/5056 May 6, 2008 - Kroll recovers over 90% of the data from a 400MB hard drive that was on Shuttle Columbia when it burned up on reentry into Earth's atmosphere.] |
| − | : The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
| + | |
| − | | + | |
| − | ; [[ldd]]
| + | |
| − | : List dynamic dependencies of executable files.
| + | |
| − | | + | |
| − | ; [[truss]]
| + | |
| − | : Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
| + | |
| − | : http://docs.sun.com/app/docs/doc/819-2239/truss-1?l=en&a=view&q=truss
| + | |
| − | | + | |
| − | ; [[ltrace]]
| + | |
| − | : Library call tracer.
| + | |
| − | : http://linux.die.net/man/1/ltrace
| + | |
| − | | + | |
| − | ; [[strace]]
| + | |
| − | : System Call Tracer.
| + | |
| − | : http://sourceforge.net/projects/strace/
| + | |
| − | | + | |
| − | ; [[xtrace]]
| + | |
| − | : eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more.
| + | |
| − | : http://sourceforge.net/projects/xtrace/
| + | |
| − | | + | |
| − | ; [[ktrace]]
| + | |
| − | : Enables kernel process tracing on OpenBSD.
| + | |
| − | : http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
| + | |
| − | | + | |
| − | ; [[Valgrind]]
| + | |
| − | : Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired.
| + | |
| − | : http://valgrind.org/
| + | |
| − | | + | |
| − | ; [[DTrace]]
| + | |
| − | : Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs.
| + | |
| − | : http://www.sun.com/bigadmin/content/dtrace/
| + | |
| − | | + | |
| − | ; [[strings]]
| + | |
| − | : Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
| + | |
| − | | + | |
| − | ; The [[Open Computer Forensics Architecture]]
| + | |
| − | : http://ocfa.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[Rifiuti]] (not GPL)
| + | |
| − | : Examines the INFO2 file in the Recycle Bin.
| + | |
| − | : http://www.foundstone.com/us/resources/proddesc/rifiuti.htm
| + | |
| − | | + | |
| − | ; [[Pasco]] (not GPL)
| + | |
| − | : Parses ''index.dat'' files.
| + | |
| − | : http://www.foundstone.com/us/resources/proddesc/pasco.htm
| + | |
| − | | + | |
| − | ; [[Galleta]] (not GPL)
| + | |
| − | : Parses cookie files.
| + | |
| − | : http://www.foundstone.com/us/resources/proddesc/galleta.htm
| + | |
| − | | + | |
| − | ; dumpster_dive.pl
| + | |
| − | : MS Windows Recycle Bin INFO2 parser
| + | |
| − | : http://jafat.sourceforge.net/files.html
| + | |
| − | | + | |
| − | ; cookie_cruncher.pl
| + | |
| − | : MS IE cookie file parser
| + | |
| − | : http://jafat.sourceforge.net/files.html
| + | |
| − | | + | |
| − | ; [[yim2text]]
| + | |
| − | : Extracts the 'encrypted' info in Yahoo Instant Messenger log files.
| + | |
| − | : http://www.1vs0.com/tools.html
| + | |
| − | | + | |
| − | ; [[Hachoir]]
| + | |
| − | : Determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
| + | |
| − | | + | |
| − | ; [[Cygwin]]
| + | |
| − | : http://www.cygwin.com/
| + | |
| − | : Linux like environment for Windows.
| + | |
| − | | + | |
| − | ; [[UnxUtils]]
| + | |
| − | : http://unxutils.sourceforge.net/
| + | |
| − | : Common unix utilities compiled for a Windows environment.
| + | |
| − | | + | |
| − | ; [[GnuWin32]]
| + | |
| − | : http://gnuwin32.sourceforge.net/
| + | |
| − | : Common GNU utilities compiled for a Windows Environment.
| + | |
| − | | + | |
| − | ; [[SUA]]
| + | |
| − | : http://www.microsoft.com/windowsserver2003/R2/unixcomponents/webinstall.mspx
| + | |
| − | : Microsoft Subsystem for UNIX-based Applications.
| + | |
| − | | + | |
| − | == File Sharing Analysis Tools ==
| + | |
| − | ; [[P2PMarshal|P2P Marshal]]
| + | |
| − | : Tools to discover and analyze peer-to-peer files for Windows.
| + | |
| − | | + | |
| − | == [[NDA]] and [[scoped distribution]] tools ==
| + | |
Daily updated real data recovery case studies, data recovery experiences and special data recovery tricks.
