CAINE 1.5 Installed and Rifiuti to analyze INFO2 files

Rifiuti can be used for the reconstruction of a suspect drives Recycle Bin. Analyzing the INFO2 file may allow you to find the deleted file(s) / folder(s) original location, size, and deleted time.

USAGE

Note that spaces below are exaggerated for readability.

Basic Usage Example: rifiuti INFO2

You could script analyzing multiple files like this...

#---BEGIN SCRIPT---
echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1”
read VOLUME

find $VOLUME -name INFO2 > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "rifiuti " >> pre
done

paste pre foundfiles post > RIFIUTI.sh
chmod 700 RIFIUTI.sh
./RIFIUTI.sh > INFO2Evidence.txt

less INFO2Evidence.txt
#---END SCRIPT---

joetekno wrote:Rifiuti can be used for the reconstruction of a suspect drives Recycle Bin. Analyzing the INFO2 file may allow you to find the deleted file(s) / folder(s) original location, size, and deleted time.

USAGE

Note that spaces below are exaggerated for readability.

Basic Usage Example: rifiuti INFO2

You could script analyzing multiple files like this...

#---BEGIN SCRIPT---
echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1”
read VOLUME

find $VOLUME -name INFO2 > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "rifiuti " >> pre
done

paste pre foundfiles post > RIFIUTI.sh
chmod 700 RIFIUTI.sh
./RIFIUTI.sh > INFO2Evidence.txt

less INFO2Evidence.txt
#---END SCRIPT---

Hello (again) ...
Let me get this straight ...
What is "Waste"? is a bash script?
is perhaps the one shown above between the lines
# --- BEGIN SCRIPT ---
to
# --- END SCRIPT ---
???
Thanks in advance and happy holidays.

Yes, the code between the lines is a bash shell script