±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 0
Overall: 27350
Visitors: 86

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Different approaches to examine a corrupted virus file?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Thu Nov 29, 2012 5:00 am

There are plenty of tools that can repair corrupted ZIP files. You may not be able to use the files that actually have corrupted parts in them, but at least you'll be able to extract them. Google has a good selection of such tools: www.google.com/search?...ss&ie=&oe=
_________________
Digital Evidence Extraction Software
belkasoft.com 

Belkasoft
Senior Member
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Thu Nov 29, 2012 5:34 am

Apart GUI tools the Infozip zip repair option often works, and dynamite and offset file zipper are also worth a shot.
These tools and a couple more ones are discussed/detailed in this seemingly unrelated thread:
reboot.pro/topic/12255...al-floppy/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Thu Nov 29, 2012 9:06 am

Hi guys thanks for the information. appreciated everyone who replied. Right now i am more concern about the different techniques/approaches to carry out my examination. Techniques like sheepdip and approaches like checking the header are things that i have done.

If anyone have more information to share, feel free to share here or give me a pm to know more about the problem i'm facing. thanks! Very Happy  

hellopanda
Newbie
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Thu Nov 29, 2012 9:59 am

- hellopanda
Right now i am more concern about the different techniques/approaches to carry out my examination. Techniques like sheepdip and approaches like checking the header are things that i have done.

If anyone have more information to share, feel free to share here or give me a pm to know more about the problem i'm facing. thanks! Very Happy

I don' t want to seem grumpier than usual, but WHAT kind of additional information do you expect? Shocked

You have EITHER a "virus affected" or a "corrupted on media" .zip file.

In BOTH cases the result you are experiencing is:
When i try to open the file, a message is displayed saying that the file is corrupted.


A few questions come immediately to mind:
  • Opening it with WHAT?
  • Under WHICH OS?
  • With WHICH specific tool setting or command line?
but they would be only useful to better understand if by any chance the issue is not an actual "serious" corruption of the file, but only the use of some "strange" or not fully tested softwares (as an example 7-zip in early versions had issues with some kinds of very slightly corrupted archives), see here for a reference:
reboot.pro/topic/2681-...entry21784

If the fact is that the file is actually corrupted, when a file is corrupted there are NO MORE than three possibilities (besides using a back up copy of it instead - but this was excluded):
  1. attempt fixing/recovery/repair the corrupted file
  2. attempt extracting from it whatever (partial) data (if any) is recoverable
  3. give up and do something better, like taking a walk outside
and some (good) advice was given to you for both possibilities #1 and #2 ....

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 2 of 2
Go to page Previous  1, 2