±Your Account
Membership:
New Today: 0
New Yesterday: 4
Overall: 24209
Visitors: 37±Latest Webinar
±Latest Articles
· Android Forensics
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Conceptually is it "forensics" or "data recovery"?
Is it "real life" or a "test/exam/exercise"?
In any case the info you provide is lacking any meaningful detail. things like size of the device, filesystem used, OS under which the files were supposedly written to the stick, what actually was performed to "delete" them, the actual type and size of files, as an example are all data needed to suggest a course of action.
This may be of use as a general reference:
homepage.ntlworld.com....itany.html
please be aware of the risk of slipping on a chocolate covered banana
:
homepage.ntlworld.com....anana.html
jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. -
File recovery in x-ways
File recovery in x-ways
Posted: Thu Nov 22, 2012 10:40 am
Hi,
I am very new to this area so any help would be greatly appreciated. I have been given a raw image of a usb key and asked to retrieve user files. So far using x-ways file recovery I have found 12 - 3 actual files and 9 headers. The problem is that I dont know what to do next. I need to find information on the 9 headers but dont know where to start. In my case report in xways the offsets and content of the other 3 files were retrieved but nothing on the missing 9 headers. Any hints or tips would be great.
Thanks
I am very new to this area so any help would be greatly appreciated. I have been given a raw image of a usb key and asked to retrieve user files. So far using x-ways file recovery I have found 12 - 3 actual files and 9 headers. The problem is that I dont know what to do next. I need to find information on the 9 headers but dont know where to start. In my case report in xways the offsets and content of the other 3 files were retrieved but nothing on the missing 9 headers. Any hints or tips would be great.
Thanks
-
lorrie - Newbie
Re: File recovery in x-ways
Posted: Thu Nov 22, 2012 1:14 pm
Homework?
What have you discovered from your research about the structure of "headers" or wider structure of the FAT FS?
What have you discovered from your research about the structure of "headers" or wider structure of the FAT FS?
-
Fab4 - Senior Member
Re: File recovery in x-ways
Posted: Thu Nov 22, 2012 6:38 pm
It's all about "Refine volume snapshot." Read the X-Ways help/manual about what options to select here. This is where the carving occurs.
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com
-
TuckerHST - Senior Member
Re: File recovery in x-ways
Posted: Fri Nov 23, 2012 2:30 am
What Tucker said. Xways is a very powerful and flexible tool, however not the easiest tool to just pick up and figure out what to do.
The user manual is very detailed, but again not written with a novice user in mind, but persevere and you will find the answers you need.
The user manual is very detailed, but again not written with a novice user in mind, but persevere and you will find the answers you need.
-
Adam10541 - Senior Member
Re: File recovery in x-ways
Posted: Fri Nov 23, 2012 5:17 am
- lorrieI have been given a raw image of a usb key and asked to retrieve user files.
Conceptually is it "forensics" or "data recovery"?
Is it "real life" or a "test/exam/exercise"?
In any case the info you provide is lacking any meaningful detail. things like size of the device, filesystem used, OS under which the files were supposedly written to the stick, what actually was performed to "delete" them, the actual type and size of files, as an example are all data needed to suggest a course of action.
This may be of use as a general reference:
homepage.ntlworld.com....itany.html
please be aware of the risk of slipping on a chocolate covered banana
:homepage.ntlworld.com....anana.html
jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. -
-
jaclaz - Senior Member
Re: File recovery in x-ways
Posted: Mon Nov 26, 2012 4:43 am
You may want to consider other data recovery tools that might be easier to use than x-ways. E.g. this one www.diskinternals.com/...-recovery/ or this one www.the-undelete.com/w...covery.php or any other tool that can work with drive images in addition to physical devices. Then you will need to perform a full scan of the image (PowerSearch, SmartScan and other names for the same procedure, which works similar to file carving).
_________________
Digital Evidence Extraction Software
belkasoft.com
_________________
Digital Evidence Extraction Software
belkasoft.com
-
Belkasoft - Senior Member