|
|
| Line 1: |
Line 1: |
| − | {{Infobox_Software |
| + | '''Multihashing''' is the process of using two or more [[hashing]] algorithms together. The process is used in [[Hash (Maresware)|hash]] by Mares, [[fsum]], [[hashdeep]], and [[fciv]]. |
| − | name = SFDumper |
| + | |
| − | maintainer = Nanni Bassetti, Denis Frati |
| + | |
| − | os = {{Linux}} |
| + | |
| − | genre = {{Analysis}} |
| + | |
| − | license = Artistic License, {{GPL}}, {{Public Domain}} |
| + | |
| − | website = [http://sfdumper.sourceforge.net/ sfdumper.sourceforge.net] |
| + | |
| − | }}
| + | |
| − | | + | |
| − | '''Selective File Dumper''' (SFDumper) is a tool written in [[Bash]] Script for [[Linux]] systems. | + | |
| − | | + | |
| − | It's fast and selective, it can retrieve all the files of the file type you choose with only one tool referenced, deleted and unallocated in very fast way.
| + | |
| − | | + | |
| − | The [[Bash]] script '''SFDUMPER.SH''' can recover active, deleted and unallocated files automatically and then it can delete the carved duplicate files of the deleted and active files retrieved by the [[Sleuthkit]], thanks to the comparison of the [[SHA256]] [[hash]] codes.
| + | |
| − | | + | |
| − | It's possible to recognize the renamed files by the data carving and it's possible to expand the [[Foremost]] configuration file inside the script, for adding new extensions.
| + | |
| − | | + | |
| − | Finally, it is possible to do a [[keywords]] search on the set of files extracted by the [[Sleuthkit]] and [[Foremost]].
| + | |
| − | | + | |
| − | The script can work on the partition chosen from an image file or directly from the device (eg. /dev/sdb).
| + | |
| − | | + | |
| − | == Actions ==
| + | |
| − | | + | |
| − | <blockquote>
| + | |
| − | 1) Choosing the partition to analyze from an image file or a device;<br />
| + | |
| − | 2) Choosing the file type by the extension you need to have;<br />
| + | |
| − | 3) Extracting all referenced files by their extension;<br />
| + | |
| − | 4) Extracting all the deleted files by their extension;<br />
| + | |
| − | 5) Carving all the partitions chosen and, automatically, the script will<br />
| + | |
| − | delete the duplicate files leaving only the carved files whose are not<br />
| + | |
| − | into the referenced or delete set of files;<br />
| + | |
| − | 6) Executing a keyword search on all the retrieved files;<br />
| + | |
| − | 7) Reporting all with the investigator name, date and time.<br />
| + | |
| − | </blockquote>
| + | |
| − | | + | |
| − | == Requirements ==
| + | |
| − | | + | |
| − | * [[Linux]]
| + | |
| − | * [[Sleuthkit]]
| + | |
| − | * [[Foremost]]
| + | |
| − | * [[md5deep]] (sha256deep)
| + | |
| − | * [[grep]]
| + | |
| − | * [[awk]]
| + | |
| − | * [[sed]]
| + | |
| − | * [[dd]]
| + | |
| − | | + | |
| − | == Requirements for the GUI version ==
| + | |
| − | | + | |
| − | * [[Zenity]]
| + | |
| − | | + | |
| − | == Usage ==
| + | |
| − | | + | |
| − | ''sudo sh sfdumper.sh''
| + | |
| − | | + | |
| − | or
| + | |
| − | | + | |
| − | ''chmod +x sfdumper.sh''
| + | |
| − | | + | |
| − | ''./sfdumper.sh''
| + | |
| − | | + | |
| − | == Official web site ==
| + | |
| − | | + | |
| − | * http://sfdumper.sourceforge.net
| + | |
| − | | + | |
| − | == External links ==
| + | |
| − | | + | |
| − | * http://freshmeat.net/projects/zenity
| + | |
| − | | + | |
| − | [[Category:Linux]]
| + | |
