File recovery and data extraction using automated data recovery tools : a balanced approach using Windows and Linux when working with an unknown disk image and filesystem / by Richard Carbone.: D68-6/161-2009E-PDF

This memorandum is the direct result of the analysis of an unknown disk containing unknown data, files and filesystem. The disk was brought to an analysis team at DRDC Valcartier by an agency that desired to ascertain the research centre’s capabilities for extracting and recovering unknown forensic data from an unknown disk and, if possible, automate the process. However, a thorough analysis using various Windows and Linux-based automated data and file recovery tools has led the author to determine that automated tools, regardless of the underlying system, are not yet up to this specific challenge. In addition, the author is of the opinion that fully automated disk recovery tools will never be entirely successful. Instead, the author has determined that a manual approach to data and file extraction will be necessary in order to recover any meaningful data or files from this disk’s unknown filesystem. However, this memorandum will only examine the automated approach used by the various Windows and Linux tools. An additional follow-up study will specifically examine the required manual approach necessary for data recovery from an unknown disk using data pattern matching techniques and sector-by-sector analysis using known file signatures.

Permanent link to this Catalogue record:
publications.gc.ca/pub?id=9.821336&sl=0

• MARC XML format
• MARC HTML format

Request alternate formats