DFS101: 7.4 Data Recovery - The Sleuth Kit

Подписаться 41 тыс.

Просмотров 13 тыс.

50% 1

In this video, we show how to use The Sleuth Kit from the Linux Command Line to recover files (not just photos) from a target USB stick.
Get started digital forensic science! Digital forensic science lets us recover data and investigate digital devices.
bit.ly/2Ij9Ojc - 👍 Subscribe for weekly videos
❤️ Get early access and bonus content - / dfirscience
Links:
sleuthkit.org/s...
010001000100011001010011011000110110100101100101011011100110001101100101
Help make DFIR tutorials
👍 Subscribe → bit.ly/2Ij9Ojc
🛒 Shop → swag.dfir.science
❤️ Patreon → / dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFI...
🐦 Follow → / dfirscience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
Tools to help manage your RU-vid Channel: www.tubebuddy....
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing and will probably allow its use.

Опубликовано:

9 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 14

@andreasjanzen8823 2 года назад

Excellent introduction, exactly what I needed to get started with the Sleuth Kit. Starting from zero, well structured, easy to understand. Thank you!!

@negative-example Год назад

For me, IT security and forensics looks like one of top-skill areas of IT. Funny to see educating forensics video which explains, what is "ls" and "cat".

@marvelousekpenyong4343 4 месяца назад

Thank you for this course sir. I have a question please. All these disk images that were analysed using photorec, tsk_recover and sleuthkit. You didn't say how they were captured. Were they captured using the FTK imager or another software. Thank you. Hoping for your response.

@calebkulujili1395 3 месяца назад

How can you approach a scenario where yo have a linux OS in HDD/SDD then formatted with windows, but you need the files that were in the linux system

@andry8536 Год назад

Hello, very good video, helping a lot, starting from zero with Sletuth kit and Digital Forensics. I have a question, when determining the partition, in this case FAT32, is it a good practice to extrapolate that specific partition into a separate file? in such a way that is not necessary to specify each time the offset to move? Thank you

@saumyatyagi4214 3 года назад

what if the Disk is encrypted? Is there any s/w to decrypt the data

@adrpgt 3 года назад

in fls command, there is the -k parameter : "-k password: Decryption password for encrypted volumes"

@dulajperera63 7 месяцев назад

How to create a .dd image file

@user-dl6zl8su1f 2 года назад

I am absolutely zero in this sphere yet. i am not completely understand and comprehend this topics. Can you tell me what am i gonna start with? maybe python or what? Thanks for advanced

@DFIRScience 2 года назад

Python is a good if you are interested. Learning Linux or Windows command line is probably going to help the most.

@user-dl6zl8su1f 2 года назад

@@DFIRScience thanks a bunch

@mohammedbilal6226 3 года назад

Just to clarify, a 001 File is the same as a .dd file?

@DFIRScience 3 года назад

Usually, yes. Both are very often "RAW" disk images - no additional structure or compression, just like you would find on the original disk. That is likely, but you should always confirm before working with the image.