A File's Life - File Deletion and Recovery
Ғылым және технология
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance.
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
13:12 - PhotoRec Demo
19:03 - Searching Recovered Data
🛠 Resources
PhotoRec:
www.cgsecurity.org/wiki/PhotoRec
Recycle Bin Forensics:
• Recycle Bin Forensics
Let's Talk About NTFS Index Attributes:
• Let's Talk About NTFS ...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Пікірлер: 5
Thanks for this! I did digital forensics as a subject for my IT course at uni last year and this tutorial would have been great. Thanks for the excellent content :)
Thanks for contributing. Ive been using your memory/windows forensics content to study for my eCTHP examination, hope I pass soon :)
@13Cubed
Жыл бұрын
Excellent - I wish you good luck with it!
Great Content. Love it
you are awesome. really very very very good info