9 File Recovery and Data Carving Tools

Now that we’ve learned how to create forensic images of evidence, let’s look at the file recovery and data carving process, using specific tools in Kali Linux.

File carving retrieves data and files from unallocated space using specific characteristics such as the file structure and file headers, instead of traditional metadata created by, or associated with, filesystems. A simple way to think of file carving is to think of an ice sculpture. It starts off with a huge block of ice, which, when given to a skilled individual, can be chipped away into a piece of art. In the same way, DFIR investigators and analysts can create a forensic image using any of the tools mentioned in the previous chapter, and then ...

Get Digital Forensics with Kali Linux - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics with Kali Linux - Third Edition by Shiva V. N. Parasram

9

File Recovery and Data Carving Tools

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly