[Techtalk] Undelete utilities
Raven, corporate courtesan
raven at oneeyedcrow.net
Sat Feb 2 02:05:26 EST 2002
Heya --
Quoth Samantha Jo Moore (Fri, Feb 01, 2002 at 07:26:44PM -0800):
> I am in search of computer forensics tools for Linux. Does anybody
> know of any "undelete" utilities that work with ext2 file systems,
> similar to the "Norton Utilities for Windows"?
Yep. You want unrm and lazarus from The Coroner's Toolkit,
perhaps one of the coolest bunches of software that I've ever come
across. Tct is downloadable from its homepage at:
http://www.porcupine.org/forensics/tct.html
Be warned -- you will need about three times the disk space on
your forensics station of whatever you're undeleting, and this is a
really slow process. You may want to build a dedicated forensics
workstation with a large hard drive if you're going to be doing things
like this on a regular basis. But you can recover an amazing amount of
data this way.
Also, if you're into forensics, may I recommend the forensics
list at securityfocus.com as an excellent resource?
Cheers,
Raven
"I'm not good at running. But I can yell really loudly. That works too."
-- Paul, on pursuit
More information about the Techtalk
mailing list