Wiki

Clone wiki

hachoir / Forensics

Back to homepage

Forensic and data recovery

For files

  • hachoir-subfile
  • Photorec: File header and footer database, tools to sort file by content (eg. using EXIF metadata)
  • Scalpel: fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is a fork of Foremost.
    • Foremost: console program to recover files based on their headers, footers, and internal data structures
  • Magic Rescue: File header database, tools to recover file start (scripts using external program like gzip, mencoder, jpegtran, etc.)
  • anyfs-tools: UNIX-way toolset for recovering and converting filesystems for Linux OS
  • Autopsy Forensic Browser

For file systems

  • TestDisk (Christophe GRENIER): recover lost partitions and make non-booting disks bootable again
  • parted
  • EXT2/EXT3: ext3rminator (Mike Hommey)
  • EXT2/EXT3: giis (giis-get it i say)
  • ddrescue (Antonio Diaz): special version of dd (copy from a device to a file), specific to read damaged hard drives. Try also dd_rescue by Kurt Garloff.

For file and file systems

For memory

Forensics websites

See also

Updated