I wish to suggest this new tool:
SELECTIVE FILE DUMPER
By Nanni Bassetti - and Denis Frati
This is an useful computer forensics tool written in bash script for Linux systems.
By this tool it is possible:
1) choosing the partition to analyze from an image file raw (dd);
2) choosing the file type by extension you need to have;
3) extracting all referenced files by their extension;
4) extracting all the deleted files by their extension;
5) carving all the partitions chosen and, automatically, the script will
delete the duplicate files leaving only the carved files whose are not
into the referenced or delete set of files;
6) Executing a keyword search on all the retrived files;
7) reporting all with the investigator name, date and time.
It's fast and selective, you can have all the files of the filetype you choose with only one tool.
you have a raw image file disk.dd with 3 partitions, you can choose to have all the *.doc files referenced,
deleted and unallocated....all in very fast way.
chmod +x sfdumper.sh
web site: http://sfdumper.sourceforge.net/
Post there if an important software is missing and has to be added
1 post • Page 1 of 1