Analyzing The Windows Recycle Bin INFO2 file

View previous topic View next topic Go down

Analyzing The Windows Recycle Bin INFO2 file

Post  joetekno on Thu Apr 23, 2009 2:58 am

Rifiuti can be used for the reconstruction of a suspect drives Recycle Bin. Analyzing the INFO2 file may allow you to find the deleted file(s) / folder(s) original location, size, and deleted time.

INSTALLATION

1. Download rifiuti, at the time of this writing it was found here: http://sourceforge.net/project/downloading.php?group_id=78332&filename=rifiuti_20040505_1.tar.gz

2. Save the file to your desktop

3. Double Click the rifiuti_20040505_1.tar.gz file to open it and drag the contents to the desktop

4. Open a terminal window

5. Become the root user (ie sudo su)

6. Maneuver to your CAINE users desktop. (ie cd /home/<username>/Desktop)

7. Maneuver into the rifiuti src directory. (ie cd rifiuti_20040505_1/src

8. Make the rifiuti source (ie "[root@linux /src]# make install")

NOTE: You may receive some warning messages. Ignore them...

9. Maneuver into the rifiuti bin directory. (ie cd ../bin)

10. Copy the rifiuti binary to the /sbin directory. (ie cp rifiuti /sbin/rifiuti


USAGE

If you have created an image file of the suspect hard drive you'll need to mount it to obtain the info2 file. (see Using CAINE and MMLS to mount an image of an NTFS drive). Either copy the info2 or create a symbolic link to the info2 file. Type the command as follows:

rifiuti INFO2 > info2.txt
avatar
joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum