Andy Bair is active in the field of digital forensics, and has a really good presentation on "File Carving". ---++ Presentation brochure Want to undelete some Linux disk files? Piece together fragments of a deleted file? Recover a Windows disk where both FATS are destroyed or missing? Extract files from a network capture? Andy Bair presents a new and effective approach to file carving that could be used to accomplish these tasks. Andy Bair (and teammates Klayton Monroe and Jay Smith) won the [[http://www.dfrws.org/2006/challenge/][2006 File Carving Challenge]]. The winners developed new tools and techniques which accurately extracted files from a 50MB disk image of containing JPEG, ZIP, HTML, Text, and Microsoft Office files. Andy's talk will explain the contest, contest data sample, methodology, and tools. There will be examples and a question-answer session. You might want to build a script to automate his method for your purposes (or entice him to do so). Get information on his team's methodology and more at: http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/. ---++ Past presentations Past presentations include: | *When* | *Where* | *Announcement* | *Notes* |\ | 20 Sep 2006 | MerriLUG |\ [[http://thread.gmane.org/gmane.org.user-groups.linux.gnhlug/6779][Announcement]] |\ [[http://thread.gmane.org/gmane.org.user-groups.linux.gnhlug/6835][Notes]] |\ | 8 Jan 2007 | SLUG | ??? | ??? |\ | 5 Mar 2007 | CentraLUG |\ [[http://mail.gnhlug.org/pipermail/gnhlug-announce/2007-March/000392.html][Announcement]] |\ [[http://thread.gmane.org/gmane.org.user-groups.linux.gnhlug/9305][Notes]] |
This topic: GNHLUG
>
DigitalForensicFileCarving
Topic revision: r2 - 2008-08-04 - BenScott
All content is Copyright © 1999-2025 by, and the property of, the contributing authors.
Questions, comments, or concerns?
Contact GNHLUG
.
All use of this site subject to our
Legal Notice
(includes Terms of Service).