From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
File carving
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
File carving
- [Tutor] You probably already know that deleting a file using operating system commands doesn't truly remove that files data from your desk, it simply deletes the reference to the file leaving the data in unallocated disk space where it's subject to data recovery techniques. File carving techniques allow you to comb through that unallocated space of a hard disk image and recover files and other interesting data that might be present. File carving is a very useful forensic technique because it can pick up information that was stored on disk temporarily during a security incident. Let's take a look at a tool called bulk extractor. Bulk extractor is a file curving utility that is widely used among the security community. It can read disk images and capture interesting information for later analysis. I'm going to run bulk extractor with some arguments. First, I'm going to use the minus o option to select an output directory.…
Contents
-
-
-
-
-
-
(Locked)
Conducting investigations3m 50s
-
(Locked)
Evidence types3m 28s
-
(Locked)
Introduction to forensics3m 21s
-
(Locked)
System and file forensics4m 26s
-
(Locked)
File carving3m 46s
-
(Locked)
Creating forensic images5m 30s
-
Digital forensics toolkit2m 25s
-
(Locked)
Operating system analysis6m 9s
-
(Locked)
Password forensics7m 16s
-
(Locked)
Network forensics4m 1s
-
(Locked)
Software forensics4m 25s
-
(Locked)
Mobile device forensics1m 10s
-
(Locked)
Embedded device forensics2m 30s
-
(Locked)
Chain of custody1m 50s
-
(Locked)
Ediscovery and evidence production3m 3s
-
(Locked)
Exploitation frameworks6m 4s
-
(Locked)
-