Home
Latest images
Search
Register
Log inAnalyzing The Windows Recycle Bin INFO2 file
Page 1 of 1
Analyzing The Windows Recycle Bin INFO2 file
joetekno Thu Apr 23, 2009 2:58 am
Rifiuti can be used for the reconstruction of a suspect drives Recycle Bin. Analyzing the INFO2 file may allow you to find the deleted file(s) / folder(s) original location, size, and deleted time.
INSTALLATION
1. Download rifiuti, at the time of this writing it was found here: http://sourceforge.net/project/downloading.php?group_id=78332&filename=rifiuti_20040505_1.tar.gz
2. Save the file to your desktop
3. Double Click the rifiuti_20040505_1.tar.gz file to open it and drag the contents to the desktop
4. Open a terminal window
5. Become the root user (ie sudo su)
6. Maneuver to your CAINE users desktop. (ie cd /home/<username>/Desktop)
7. Maneuver into the rifiuti src directory. (ie cd rifiuti_20040505_1/src
8. Make the rifiuti source (ie "[root@linux /src]# make install")
NOTE: You may receive some warning messages. Ignore them...
9. Maneuver into the rifiuti bin directory. (ie cd ../bin)
10. Copy the rifiuti binary to the /sbin directory. (ie cp rifiuti /sbin/rifiuti
USAGE
If you have created an image file of the suspect hard drive you'll need to mount it to obtain the info2 file. (see Using CAINE and MMLS to mount an image of an NTFS drive). Either copy the info2 or create a symbolic link to the info2 file. Type the command as follows:
rifiuti INFO2 > info2.txt
INSTALLATION
1. Download rifiuti, at the time of this writing it was found here: http://sourceforge.net/project/downloading.php?group_id=78332&filename=rifiuti_20040505_1.tar.gz
2. Save the file to your desktop
3. Double Click the rifiuti_20040505_1.tar.gz file to open it and drag the contents to the desktop
4. Open a terminal window
5. Become the root user (ie sudo su)
6. Maneuver to your CAINE users desktop. (ie cd /home/<username>/Desktop)
7. Maneuver into the rifiuti src directory. (ie cd rifiuti_20040505_1/src
8. Make the rifiuti source (ie "[root@linux /src]# make install")
NOTE: You may receive some warning messages. Ignore them...
9. Maneuver into the rifiuti bin directory. (ie cd ../bin)
10. Copy the rifiuti binary to the /sbin directory. (ie cp rifiuti /sbin/rifiuti
USAGE
If you have created an image file of the suspect hard drive you'll need to mount it to obtain the info2 file. (see Using CAINE and MMLS to mount an image of an NTFS drive). Either copy the info2 or create a symbolic link to the info2 file. Type the command as follows:
rifiuti INFO2 > info2.txt
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Similar topics» CAINE 1.5 Installed and Rifiuti to analyze INFO2 files
» Analisi di un file doc
» SWAP file bug
» CAINE 1.5 Installed and .docx and .xls file conversion to .txt
» File browser CAJA as root
» Analisi di un file doc
» SWAP file bug
» CAINE 1.5 Installed and .docx and .xls file conversion to .txt
» File browser CAJA as root
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum