[GNHLUG] CentraLUG,
November 6th: Andy Bair and Digital Forensic File Carving Techniques
Ben Scott
dragonhawk at gmail.com
Mon Oct 23 11:11:43 EDT 2006
On 10/23/06, Ted Roche <tedroche at comcast.net> wrote:
> On Oct 23, 2006, at 9:41 AM, Ed Lawson wrote:
> > What is file carving? Slicing out files of interest?
>
> Exactly right! In many investigations a computer forensics person
> might get a portion of a hard drive where some information (partition
> tables, allocation tables) has been overwritten or destroyed, and
> needs to attempt to extract files from what remains.
I saw Andy's presentation in Nashua, and I was impressed. His team
had great success at the task, more than I would have thought
possible. They used a variety of techniques, some of them fairly
esoteric, but he still did a good job of making it understandable to
someone with only a generalist background.
If you're a gear-head like me, you'll definitely find the
presentation interesting.
-- Ben
More information about the gnhlug-discuss
mailing list