[aklug] Re: Data recovery

From: Jon Bradley <weatchu@gmail.com>
Date: Mon Mar 10 2014 - 12:00:55 AKDT

This reminds me of binwalk..

https://github.com/devttys0/binwalk

It mostly looks for executable files in firmware, but same kind of concept.
(\ /)
( . .) Jon's website is here:
c(")(") http://www.securityrabbit.com

On Fri, Mar 7, 2014 at 3:05 PM, Damien Hull <dhull@section9.us> wrote:
> I might as well carve it out by hand. In this case I think I'll just call
> the data gone. A good backup beats data carving by a mile any way. Assuming
> you have one.
>
>
> --
> Damien Hull
> Network Engineer
> CCNP
>
> From: Shane Spencer <shane@bogomip.com>
> Date: Fri, 7 Mar 2014 14:50:01 -0900
> To: admin <dhull@section9.us>
> Cc: Josh Rhoades <kaiden11@gmail.com>, "Jenkinson, John"
> <John.Jenkinson@alyeska-pipeline.com>, "aklug@aklug.org" <aklug@aklug.org>
>
> Subject: Re: [aklug] Re: Data recovery
>
> If you have access to a drive and can discover the block size of the
> filesystem you should be able to write a script that matches the start
> information of a block to magic headers and then reads things that can then
> later be verified. Things like the song length. If you really needed to
> get it recovered like that it's possible.
>
>
> On Fri, Mar 7, 2014 at 8:14 AM, Damien Hull <dhull@section9.us> wrote:
>>
>> Thanks for the explanation. I thought there might be something going on
>> with the file format. Just never new what that was. So, no "undelete" for
>> MP3's.
>>
>>
>> --
>> Damien Hull
>> Network Engineer
>> CCNP
>>
>> From: Josh Rhoades <kaiden11@gmail.com>
>> Date: Thu, 6 Mar 2014 16:30:16 -0900
>> To: "Jenkinson, John" <John.Jenkinson@alyeska-pipeline.com>
>> Cc: admin <dhull@section9.us>, "aklug@aklug.org" <aklug@aklug.org>
>> Subject: Re: [aklug] Re: Data recovery
>>
>> Seconded on the foremost.
>>
>> A terrible experience a few years ago demonstrated MP3s pose a problem for
>> data carving: the format has "frames," such that two MP3 files can, in
>> theory, be concatenated, and be considered a single file without having to
>> re-encode.
>>
>> The result was that a recovery process that was looking for start/end
>> patterns in the drive blocks, though mostly successful, ended up with half
>> of the songs in a music collection starting with one song and ending with
>> another. My friend wasn't super thrilled.
>>
>>
>>
>>
>>
>> On Thu, Mar 6, 2014 at 4:25 PM, Jenkinson, John
>> <John.Jenkinson@alyeska-pipeline.com> wrote:
>>>
>>> Foremost is one I use
>>>
>>>
>>>
>>> From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
>>> Damien Hull
>>> Sent: Thursday, March 06, 2014 4:14 PM
>>> To: aklug@aklug.org
>>> Subject: [EXTERNAL]: [aklug] Data recovery
>>>
>>>
>>>
>>> The recent back and forth about "undelete" made me think about data
>>> recovery tools. There are several applications that automate the data
>>> carving process. I think they look at file headers and footers. Is there
>>> one that recovers MP3's?
>>>
>>>
>>>
>>> It's been a while, but last time I checked I couldn't find one.
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Damien Hull
>>>
>>> Network Engineer
>>>
>>> CCNP
>>
>>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Mar 10 12:01:19 2014

This archive was generated by hypermail 2.1.8 : Mon Mar 10 2014 - 12:01:19 AKDT