Forensics with Kali Linux - Recovering deleted files-
In this post I will be talking a bit about how a forensic analysis is carried out using OS Kali Linux. I will show you how we can recover a deleted file on a USB device, as well as the steps that should be followed when making a forensic analysis. I am not an expert in this area, but I was looking for information and studying the basic steps that should be done in order to make a good analysis, either for our personal use or to present it in a case at court. I was looking for information about some tools that are usually used for these practices which are already installed in Kali Linux and thus this post was written.
Well once we start, the first thing we will do is find the path of our USB drive with the following command.
> fdisk -l
As we can see in the image it shows us our HDD and below that we can see our device which is in /dev/sdb. Once we have the route, the first thing we do is create a hash of the usb memory, a hash is a mathematical algorithm that transforms any arbitrary block of data into a new series of characters with a fixed length. Regardless of the length of the input data, the output hash value will always have the same length. Given that a hash is never repeated this will serve as evidence that the device or the data it had were not altered or overwritten. The command that we use to create the hash will be the following.
> sha1sum /dev/sdb > /root/Desktop/usb-Copy.sha1
To create the copy of the usb drive we will use the dd command which has several usage options.
> dd if=/dev/sdb of=/root/Desktop/usb-copy.dd conv=noerror,sync
In this command we can see that with if= you specify the path of the device that we want to clone, then with of= we indicate the path where it is going to be saved with the name that we want to give it and the extension .dd. Then with conv= we convert the file based on the list of symbols separated by comma and finally noerror so that it allows to continue running the process based on reading errors.
Once we have the copy of our device we are going to create a hash of the copy and then compare it with the physical device we created in the beginning.
> sha1sum /root/Desktop/usb-copy.dd
When we already have the hash we must make sure that both are equal. Now we use the mmls command, a tool which shows us the splits of the partitions in a system volume. As we will see in the image we have 3 tables, the first would be the particle table, the second the disk buffer and finally the FAT16 partition with which we are going to work. As we can see in the image, the table starts at 129, with that number we will be working.
Now let's use the fls command to list files and directory names, as well as show us the names of files that were recently deleted.
> fls -o 129 usb-Copy.dd
As we see in the image, the first thing it shows us is a file which tells us with r/r that it was recently deleted. We can also see on the left some numbers which perform a follow-up of the location of each file, such as the last time it was edited or the date the file was created. What we will do is try to recover this file with the tool tsk_recover.
> tsk_recover -o 129 usb-Copy.dd /root/Desktop
Once we run this command we will see that it recovers the file that was deleted as well as other additional files.
Well, this is the end of this post, I hope it has been helpful and interesting. I plan on making more posts about this topic in the near future.
Thanks for your hard work
ResponderBorrarHow to update Kali Linux
Nice Article:APK
ResponderBorrarRecovery Tool
Retrieve Lost Data
Making ISO images using Diskdigger
Disg Deeper
I was impressed with your article. Actually i was tried of trying various softwares of retriving my lost files. After reading and trying this, I would like to share to my friends too. Furthermore click here
ResponderBorrarData recovery
Recover deleted data from sd card
LINUX RECOVERY
micro sd file recovery
micro sd card data recovery
Cannot determine partition type
ResponderBorrarI was looking for something like this.I found it quite interesting, hopefully, you will keep posting such blogs likeData Recovery .Keep sharing.Thank you
ResponderBorrarHello all
ResponderBorraram looking few years that some guys comes into the market
they called themselves hacker, carder or spammer they rip the
peoples with different ways and it’s a badly impact to real hacker
now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
Anyone want to make deal with me any type am available but first
I‘ll show the proof that am real then make a deal like
Available Services
..Wire Bank Transfer all over the world
..Western Union Transfer all over the world
..Credit Cards (USA, UK, AUS, CAN, NZ)
..School Grade upgrade / remove Records
..Spamming Tool
..keyloggers / rats
..Social Media recovery
.. Teaching Hacking / spamming / carding (1/2 hours course)
discount for re-seller
Contact: 24/7
fixitrogers@gmail.com
Nice Article,
ResponderBorrarThe Android users are increasing daily and I hope this recovery tool may help the smartphone users which are suffering from data loss and media files deletion from them.
I would like to recommend you the android data lost users to use Digital Photo Recovery Software to get easily and in just a few steps they will get back their all lost data from LeMax, Realme, Samsung, Blu Dash, Xiaomi, Huawei, ZTE, Lenovo, Motorola, Oppo, OnePlus, and much more mobile phones also.
Thanks...
If your Windows PC has beenn infected with harmful trojan, malware, spyware, ransomware, browser hijacker etc then you should make use of Automatic Removal Tool. It supports lots of advanced features and user-friendly interface. So, download the tool now.
ResponderBorrarRead more information: http://www.pcprotection-tips.com/
If you have lost your important photos or videos from SD card, Smartphone, Digital camera, pen drives, camcorders etc then you are advised to make use of Digital Photo Recovery Software. So, check the working efficiency of the tool by downloading its trial version.
ResponderBorrarRead more information: http://www.digitalphotos-recovery.com/
This post is very useful and it helps me. Thanks.
ResponderBorrarThe Android users are increasing daily and I hope this recovery tool may help the smartphone users which are suffering from data loss and media files deletion from them.
I would like to recommend you the android data lost users to use Android Data Recovery Software to get easily and in just a few steps they will get back their all lost data from LeMax, Realme, Samsung, Blu Dash, Xiaomi, Huawei, ZTE, Lenovo, Motorola, Oppo, OnePlus, and much more mobile phones also.
Thanks for sharing Active Directory Recovery Tool tips. for more info i rfer cion systems Active Directory Recovery Tool in USA.
ResponderBorrarHi,
ResponderBorrarThanks for sharing your blog. It was very nice. Fast Data Recovery is one of the most recommended malware data recovery service provider with 24*7 support with guarantee to recover from all types of virus. We have a dedicated team working around the clock in decrypting, analyzing and preventing your data. For more information feel free to contact us anytime.
The deleted or lost data files from your local system or any other external devices can be efficiently restored with the help of Stillbon Photo Recovery Software. It restores almost all types of files format and photos without losing a bit of information. Photo Recovery Software supports all the Windows OS. It has a simple and intutive GUI interface that offers a hassle-free platform to restore the formatted and lost data. It enabes users to preview all the recoverbale files well before the actual recovery process.
ResponderBorrarCheck for more info at:- Windows Photo Recovery Software
Hello W0rld
ResponderBorrarI’m offering Hacking / carding short courses that you can learn in 1 hour to 2 hours.
You don't need to spend a lot of money on so-called fake hackers and fake products,
fake services money transfer, credit score and loans. Hack anything your own via
Android / IOS no need hi-speed computer nor required any IT special skills. Course
are available in Video and text formate also guide privately on localhost with practice.
courses are mentioned :
* Android / IOS hacking
* Cybersecurity landscape
* Network cybersecurity attacks – management and
monitoring
* Malware and advanced persistent threats
* Bank Account Hacking
* Credit card hacking
* Social Media Accounts
* Password stealing
* Carding course online / Offline including VPS / RDP
* Credit Card checker + Balance inquiry
Beside courses I’m sharing with new and upcoming leaks
In hacking world.
Contact info:
DsLeakS@gmail.com
TESTIMONY ON HOW I GOT MY LOAN FROM A GENUINE FINANCE COMPANY LAST WEEK. Email for immediate response: drbenjaminfinance@gmail.com
ResponderBorrarI am Mrs,Leores J Miguel by name, I live in United State Of America, who have been a scam victim to so many fake lenders online between November last year till July this year but i thank my creator so much that he has finally smiled on me by directing me to this new lender who put a smile on my face this year 2020 and he did not scam me and also by not deceiving or lying to me and my friends but however this lending firm is BENJAMIN LOAN INVESTMENTS FINANCE (drbenjaminfinance@gmail.com) gave me 2% loan which amount is $900,000.00 united states dollars after my agreement to their company terms and conditions and one significant thing i love about this loan company is that they are fast and unique. {Dr.Benjamin Scarlet Owen} can also help you with a legit loan offer. He Has also helped some other colleagues of mine. If you need a genuine loan without cost/stress he his the right loan lender to wipe away your financial problems and crisis today. BENJAMIN LOAN INVESTMENTS FINANCE holds all of the information about how to obtain money quickly and painlessly via Call/Text: +1(415)630-7138 Email: drbenjaminfinance@gmail.com
When it comes to financial crisis and loan then BENJAMIN LOAN INVESTMENTS FINANCE is the place to go please just tell him I Mrs. Leores Miguel direct you Good Luck....
I was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting (smithhackingcompanyltd@gmail.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with$50,000,000.00 so i requested for one & paid the delivery fee to obtain the card, after 24 hours later, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via: smithhackingcompanyltd@gmail.com or WhatsApp +1(360)6370612
ResponderBorrarIt feels good by passing and being ahead of my class mate.. I failed so many times in my exams and the shame was way to much for me to handle even to my parent I could not stand the shame anymore with my bad grades until I was referred to a very reliable hacker I call this hacker my god on earth, this hacker is way to good at his job starting from the school website, this hacker broke into my school website and changed my poor grades directly from there without leaving any trace behind trust me am the happiest person on earth because with this hacker am never failing any more and also this hacker is affordable, verifiedprohackers@gmail.com I am very happy thank you once again.
ResponderBorrarI was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting (smithhackingcompanyltd@gmail.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with$50,000,000.00 so i requested for one & paid the delivery fee to obtain the card, after 24 hours later, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via: smithhackingcompanyltd@gmail.com or WhatsApp +1(360)6370612
ResponderBorrarthe Dark Web and Empire Market Linking Company is one of the most reliable sources for these types of services because they operate in a completely transparent and ethical business environment. Read more about my website: dark web sites
ResponderBorrarI found this blog post searching for something related to social media. Your story is sad, although is very well written. Linux Data Recovery
ResponderBorrarbinance güvenilir mi
ResponderBorrarinstagram takipçi satın al
takipçi satın al
instagram takipçi satın al
shiba coin hangi borsada
shiba coin hangi borsada
tiktok jeton hilesi
is binance safe
is binance safe
You have very nice photo and beautiful home.Mobile Prices Bangladesh
ResponderBorrarths us ibenen Best University for Teacher Education in Uttarakhand
ResponderBorrarthisis one of the good Best University for Agriculture in Roorkee
ResponderBorrarNation_Hackers is a globally well-established group of international Hackers & Spammers.
ResponderBorrarWe tend to confirm by all suggests that necessary that our shoppers get the most
effective of services on A PAYMENT. Instead of send cash and trust a criminal to meet
your deal. You'll get wonderful client service. That's a 100 percent guarantee.
Be careful of people accused of some crimes, like Ponzis. You have been dragged through
the grimy door to become a sadist or another kind of victim. We are always looking for
a way to communicate directly with you. It would always be a Victory for you here. No
doubt, Nation_Hackers offer matchless services that are unparalleled.
Contact:
Telegram : @Nation_Hackers
ICQ : 1003488698
* USA SSN leads / SSN FULLZ Fresh
* CC With CVV (vbv & non-vbv)
* USA I.D Photos Front & Back
* Other I.D Templates
* High Credit Score Fullz
* Bank Logins
* Paypal Logins
* Netflix Logins
* American Express Login
* UAE Bank Logins
* Disney Plus Logins
* HBO max Logins
* VPN Logins
* Bianance Logins
* Coinbase Logins
* Blockchain Logins
* TOOLS
* TUTORIALS
* Ethical Hacking (Tools/Tutorials)
* Bitcoin Hacking
* Kali Linux
* RATS
* Keylogger
* Bitcoin Flasher
* SQL Injector
* SMTP Linux Root
* Shell Scripting
* SMS Sender
* Email Blaster
* Server I.P's & Proxies
* Viruses
* VPN
* Email Combo
* SQL Injector
* CARDING
* Penetration Testing
* SMTP Mailer
* PHP Mailer
* Trojen V
Contact:
Telegram : @Nation_Hackers
ICQ : 1003488698
We are always looking for a way to communicate directly with you.
It would always be a Victory for you here. No doubt,
with none cheap doubts, it's no news that Nation_Hackers supply one amongst the best services.
minecraft premium
ResponderBorraryurtdışı kargo
en son çıkan perde modelleri
nft nasıl alınır
uc satın al
lisans satın al
özel ambulans
en son çıkan perde modelleri