From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

File carving

File carving

From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Start my 1-month free trial

File carving

- [Tutor] You probably already know that deleting a file using operating system commands doesn't truly remove that files data from your desk, it simply deletes the reference to the file leaving the data in unallocated disk space where it's subject to data recovery techniques. File carving techniques allow you to comb through that unallocated space of a hard disk image and recover files and other interesting data that might be present. File carving is a very useful forensic technique because it can pick up information that was stored on disk temporarily during a security incident. Let's take a look at a tool called bulk extractor. Bulk extractor is a file curving utility that is widely used among the security community. It can read disk images and capture interesting information for later analysis. I'm going to run bulk extractor with some arguments. First, I'm going to use the minus o option to select an output directory.…

Contents