On Mon, 2004-12-13 at 14:50 +0800, Nazri Ramliy wrote: > This is just an overview, the details are of course not as easy at it > sounds - you'll have to find/come up with a program/script to do a > scan thru the hard disk image and extract the pictures. jpeg/gif > files have headers somewhere at their beginning that you can use to > tell how many bytes made up the picture so the tool can extract that > amount of bytes plus the headers and save them into a new file (you > might not be able to retrieve their original file names, though). > Some perl junkie with enough interest could come up with the script, > (i'm not a perl junkie myself). > > Kind regards, > > Nazri Ramliy > > There's several already: The Sleuth Kit and Autopsy (a gui frontend for the Sleuth Kit) are available via apt-get. I've never actually used them though. Another one, which I have used, is foremost (http://foremost.sourceforge.net/). It's not brilliant but it works; it might work better if you understand how to configure it. (I should probably make sure I'm sending something to the list, not an individual, before sending it. Sorry. :-( ) -- -Benjamin Matthew A'Lee
Public Key: BEC9DC1A Termisoc Secretary: http://www.termisoc.org/ Home Page: http://benalee.co.uk/
signature.asc
Description: This is a digitally signed message part
