Difference between pages "File Carving" and "Remnant Data"

Revision as of 19:35, 31 July 2007

Remnant data is data that can be recovered from magnetic media after new information has been written to that media. Although remnant data has been recovered from magnetic tapes and floppy disks, there is no credible report that has been published in the open literature that remnant data can be recovered from modern hard drives.

@@ Line 1: / Line 1: @@
-'''Carving''' is the practice of searching an input for files based on the input's content.  Most often the input is a [[disk image]], but it's possible (and sometimes practical) to carve individual files or [[physical memory]].
+Remnant data is data that can be recovered from magnetic media after new information has been written to that media. Although remnant data has been recovered from magnetic tapes and floppy disks, there is no credible report that has been published in the open literature that remnant data can be recovered from modern hard drives.
-=File Carving=
-Most file carvers operate by looking for file headers and/or footers, and then "carving out" the blocks between these two boundaries. [[Semantic Carving]] performs carving based on an analysis of the contents of the proposed files.
-File carving tools are listed on the [[Tools:Data_Recovery]] wiki page.
-Many carving programs have an option to only look at or near sector boundaries where headers are found. Searching the entire input can find files that have been embedded into other files, such as [[JPEG]]s being embedded into [[Microsoft]] [[DOC|Word documents]].
-DFRWS2006 featured a [http://www.dfrws.org/2006/challenge/index.html file carving challenge]. As a condition of entering the challenge, all tools and techniques developed to solve the challenge had to be open sourced.
-=Memory Carving=

Difference between pages "File Carving" and "Remnant Data"

Revision as of 19:35, 31 July 2007

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox