Logo
RSS Feed

👈🏼 Back to
🔎 Investigation Tactics Techniques and Procedures

🩻 Data Recovery

Data Carving

Below are the techniques, tools and instructions regarding data recovery from various file systems and devices. Most of the below techniques apply to HDDs only. Those that are for SDDs or other flash memory devices will be specified in the last section.

🗄 File Systems

Backups

*Most OS and apps have some sort of time machine, backups if you will. *

Passwords Cracking

mem Such files as hiberfil.sys or a memory image can grepped for passwords. zip brew install john brew install hashcat brew install maczip # to create test 7z on macOS .