BTY: [linux_forensics] Preferred Carvers
- Back To You:
I had forwarded your request to an associate of mine who is an IT Department Chair at ITT Technical Institute here in the Cleveland area and he says, " I'd use 'scalpel' for this. It is used on the Deft Linux distribution. "
Since you basically ask for suggestions, I thought that I would pass this comment back to you, for what it is worth.
Systems Integrator/Security Specialist
--- On Mon, 3/18/13, Brian Carrier <carrier@...> wrote:
From: Brian Carrier <carrier@...>
Subject: [linux_forensics] Preferred Carvers
To: "firstname.lastname@example.org" <email@example.com>
Date: Monday, March 18, 2013, 9:19 PM
We're looking to incorporate carving into Autopsy 3. Obviously, we'd rather not build our own, but it's not looking good. For performance reasons, we want to link in the tool so that we can pass in the unallocated data instead of needing to write the unallocated data to disk and then back into memory again. We'll need to modify tools to do this, but licenses are a sticking point.
Scalpel and photorec are both GPL. That means that we can link them into an Apache licensed program. Foremost is public domain, but hasn't had a release in 4.5 years. Anything else that people suggest we look at?
[Non-text portions of this message have been removed]