Andy Bair is active in the field of digital forensics, and has a really good presentation on "File Carving". He is scheduled to give this presentation at the Mon 5 Mar 2007 meeting of CentraLUG. ---++ Presentation brochure Want to undelete some Linux disk files? Piece together fragments of a deleted file? Recover a Windows disk where both FATS are destroyed or missing? Extract files from a network capture? Andy Bair presents a new and effective approach to file carving that could be used to accomplish these tasks. Andy Bair (and teammates Klayton Monroe and Jay Smith) won the [[http://www.dfrws.org/2006/challenge/][2006 File Carving Challenge]]. The winners developed new tools and techniques which accurately extracted files from a 50MB disk image of containing JPEG, ZIP, HTML, Text, and Microsoft Office files. Andy's talk will explain the contest, contest data sample, methodology, and tools. There will be examples and a question-answer session. You might want to build a script to automate his method for your purposes (or entice him to do so). Get information on his team's methodology and more at: http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/. ---++ Past presentations Past presentations include: | When | Where | Announcement | Notes | | 20 Sep 2006 | MerriLUG | \ [[http://permalink.gmane.org/gmane.org.user-groups.linux.gnhlug/6779][Announcement]] |\ [[http://permalink.gmane.org/gmane.org.user-groups.linux.gnhlug/6835][Notes]] |
This topic: GNHLUG
>
DigitalForensicFileCarving
Topic revision: r1 - 2007-01-01 - BenScott
All content is Copyright © 1999-2024 by, and the property of, the contributing authors.
Questions, comments, or concerns?
Contact GNHLUG
.
All use of this site subject to our
Legal Notice
(includes Terms of Service).