selective file dumper

Post there if an important software is missing and has to be added
denis_1971
Posts: 1
Joined: 24 Feb 2008, 08:31
Contact:

selective file dumper

Postby denis_1971 » 24 Feb 2008, 08:33

I wish to suggest this new tool:

http://sfdumper.sourceforge.net/

SELECTIVE FILE DUMPER
By Nanni Bassetti - and Denis Frati



This is an useful computer forensics tool written in bash script for Linux systems.
By this tool it is possible:

1) choosing the partition to analyze from an image file raw (dd);
2) choosing the file type by extension you need to have;
3) extracting all referenced files by their extension;
4) extracting all the deleted files by their extension;
5) carving all the partitions chosen and, automatically, the script will
delete the duplicate files leaving only the carved files whose are not
into the referenced or delete set of files;
6) Executing a keyword search on all the retrived files;
7) reporting all with the investigator name, date and time.

It's fast and selective, you can have all the files of the filetype you choose with only one tool.

Example:
you have a raw image file disk.dd with 3 partitions, you can choose to have all the *.doc files referenced,
deleted and unallocated....all in very fast way.

Requirements:
Linux OS
Sleuthkit (http://www.sleuthkit.org)
Foremost (http://foremost.sourceforge.net)
Sha256deep
grep
awk
sed
dd
strings

USAGE:
chmod +x sfdumper.sh
./sfdumper.sh

web site: http://sfdumper.sourceforge.net/

best regardes

Denis

Return to “Software request”

Who is online

Users browsing this forum: No registered users and 5 guests