GNHLUG > DigitalForensicFileCarving
GNHLUG webs: Main | TWiki | Sandbox   Log In or Register

Changes | Index | Search | Go
Andy Bair is active in the field of digital forensics, and has a really good presentation on "File Carving".

Presentation brochure

Want to undelete some Linux disk files? Piece together fragments of a deleted file? Recover a Windows disk where both FATS are destroyed or missing? Extract files from a network capture? Andy Bair presents a new and effective approach to file carving that could be used to accomplish these tasks.

Andy Bair (and teammates Klayton Monroe and Jay Smith) won the 2006 File Carving Challenge. The winners developed new tools and techniques which accurately extracted files from a 50MB disk image of containing JPEG, ZIP, HTML, Text, and Microsoft Office files.

Andy's talk will explain the contest, contest data sample, methodology, and tools. There will be examples and a question-answer session. You might want to build a script to automate his method for your purposes (or entice him to do so).

Get information on his team's methodology and more at: http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/.

Past presentations

Past presentations include:

When Where Announcement Notes
20 Sep 2006 MerriLUG Announcement Notes
8 Jan 2007 SLUG ??? ???
5 Mar 2007 CentraLUG Announcement Notes
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions

All content is Copyright © 1999-2024 by, and the property of, the contributing authors.