Recovering file attributes from snapshot

Michael ODonnell michael.odonnell at comcast.net
Tue Jul 3 14:55:02 EDT 2007 


Andy Bair wrote:
> FTimes can do what you want.

It can apparently do only half of what I want, the gathering-
file-attribute-info-beforehand part.  But what I need is to be
able to use that "before" snapshot to actually restore the old
attributes.  None of the (admittedly useful sounding) tools in
that FTimes suite claims to do that second part:

>ftimes          system baselining and evidence collection tool.
>                The primary purpose of FTimes is to gather and/or develop
>                topographical information and attributes about specified
>                directories and files in a manner conducive to intrusion
>                and forensic analysis.
>
>ftimes-cmp2dbi  preprocesses FTimes compare data for MySQL DB import.
>
>ftimes-crv2dbi  preprocesses FTimes carve data for MySQL DB import.
>
>ftimes-crv2raw  carves arbitrary blocks of data and assembles them into
>                raw files.
>
>ftimes-dig2ctx  extracts context around matched dig strings.
>
>ftimes-dig2dbi  preprocesses FTimes dig data for MySQL DB import.
>
>ftimes-map2dbi  preprocesses FTimes map data for MySQL DB import.
>
>ftimes-map2mac  creates MAC/MACH timelines using FTimes map data.
>
>hashdig-bash    bashes one HashDig database against another.
>
>hashdig-bind    binds resolved hashes to filenames.
>
>hashdig-dump    enumerates a HashDig database.
>
>hashdig-filter  filters filenames by directory type.
>
>hashdig-harvest harvests hashes from one or more files.
>
>hashdig-make    creates or updates a HashDig database.
>
>hashdig-stat    produces statistics on HashDig files and databases.
>
>hashdig-weed    deleted hashes from a HashDig database.
>
>hipdig          digs for hosts, IPs, passwords, and more...
>
>tarmap          utility for mapping the files in a tar archive without
>                having to unpack and write them to disk first.
>
>hashdig-harvest-sunsolve
>                harvests hashes from a directory of sunsolve output.
>
>hashdig-resolve-sunsolve
>                resolves hashes against Sun's Solaris Fingerprint
>                Database.


> If you need more help, please give me a shout.

OK...   "Hey!  Andy!"

More information about the gnhlug-discuss mailing list