ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Selective file dumper" and "Multihashing"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: '''Selective File Dumper''' (SFDumper) is an open source free computer forensics useful tool written in Bash Script, by Nanni Bassetti and Denis Frati, for [[...)
 
(New page: '''Multihashing''' is the process of using two or more hashing algorithms together. The process is used in hash by Mares, fsum, hashdeep, and fciv.)
 
Line 1: Line 1:
'''Selective File Dumper''' (SFDumper) is an [[open source]] [[Free software|free]] [[computer forensics]] useful tool written in [[Bash]] Script, by Nanni Bassetti and Denis Frati, for [[Linux]] systems.
+
'''Multihashing''' is the process of using two or more [[hashing]] algorithms together. The process is used in [[hash]] by Mares, [[fsum]], [[hashdeep]], and [[fciv]].
 
+
The script is fast and selective and it can retrieve all the files of the file type chosen (eg. .doc or .jpg)., active, deleted and unallocated, in interactive way.
+
 
+
The [[Bash]] script '''SFDUMPER.SH''', can recover active, deleted and unallocated files automatically and then it can delete the carved files duplicates of the deleted and active files retrieved by the [[Sleuthkit]], thanks to the comparison of the [[SHA256]] [[hash]] codes of the carved files and the active and deleted files.
+
 
+
It's possible to recognize the renamed files by the data carving and it's possible to expand the [[Foremost]] configuration file inside the script, for adding new extensions.
+
 
+
Finally, it is possible to do a [[keywords]] search on the set of files extracted by the [[Sleuthkit]] and [[Foremost]].
+
 
+
The script can work on the partition chosen from an image file or directly from the device (eg. /dev/sdb).
+
 
+
 
+
== Actions ==
+
 
+
<blockquote>
+
1) Choosing the partition to analyze from an image file or a device;<br />
+
2) Choosing the file type by the extension you need to have;<br />
+
3) Extracting all referenced files by their extension;<br />
+
4) Extracting all the deleted files by their extension;<br />
+
5) Carving all the partitions chosen and, automatically, the script will<br />
+
    delete the duplicate files leaving only the carved files whose are not<br />
+
    into the referenced or delete set of files;<br />
+
6) Executing a keyword search on all the retrieved files;<br />
+
7) Reporting all with the investigator name, date and time.<br />
+
</blockquote>
+
 
+
 
+
== Requirements ==
+
 
+
<blockquote>
+
[[Linux OS]]<br />
+
[[Sleuthkit]]<br />
+
[[Foremost]] <br />
+
[[Sha256deep]]<br />
+
[[grep]]<br />
+
[[awk]]<br />
+
[[sed]]<br />
+
[[dd]]<br />
+
</blockquote>
+
 
+
== Requirements for the GUI version ==
+
 
+
[[Zenity]]
+
 
+
 
+
== Usage ==
+
 
+
sudo sh sfdumper.sh<br />
+
or<br />
+
chmod +x sfdumper.sh<br />
+
./sfdumper.sh <br />
+
 
+
 
+
== Official web site ==
+
 
+
http://sfdumper.sourceforge.net
+
 
+
 
+
== External links ==
+
 
+
http://freshmeat.net/projects/zenity
+
 
+
[[Category:Computer forensics]]
+
[[Category:Free security software]]
+
[[Category:Unix software]]
+

Revision as of 12:10, 17 March 2008

Multihashing is the process of using two or more hashing algorithms together. The process is used in hash by Mares, fsum, hashdeep, and fciv.