cyber forensics recover files
/in Computer Science,CET 4860 /by bonniejecinta
Description
I have to recover files but i am having trouble getting the logical and physical size to be able to use dd for the recovery can i get some help?
I can paste the result of the command xxd 4860.sp24.a2.dd which is :
00002600: 4131 0074 0065 0073 0074 000f 00b1 6400 A1.t.e.s.t….d.
00002610: 6400 2e00 7400 7800 7400 0000 0000 ffff d…t.x.t…….
00002620: 3154 4553 5444 4420 5458 5420 008d b5a1 1TESTDD TXT ….
00002630: ce52 ce52 0000 b5a1 ce52 0300 2001 0000 .R.R…..R.. …
00002640: 4132 0075 0073 0065 0066 000f 005a 7500 A2.u.s.e.f…Zu.
00002650: 6c00 2e00 6400 6f00 6300 0000 7800 0000 l…d.o.c…x…
00002660: 3255 5345 4655 7e31 444f 4320 004d bba1 2USEFU~1DOC .M..
00002670: ce52 ce52 0000 bba1 ce52 0400 6533 0000 .R.R…..R..e3..
00002680: e533 0077 0069 006e 0075 000f 00fb 7000 .3.w.i.n.u….p.
00002690: 2e00 6a00 7000 6700 0000 0000 ffff ffff ..j.p.g………
000026a0: e557 494e 5550 2020 4a50 4720 0075 e0a1 .WINUP JPG .u..
000026b0: ce52 ce52 0000 e0a1 ce52 1e00 a800 0100 .R.R…..R……
000026c0: e534 0063 0079 0062 0065 000f 00a1 7200 .4.c.y.b.e….r.
000026d0: 2e00 7000 6400 6600 0000 0000 ffff ffff ..p.d.f………
000026e0: e543 5942 4552 2020 5044 4620 001a e8a1 .CYBER PDF ….
000026f0: ce52 ce52 0000 e8a1 ce52 9f00 eee7 0000 .R.R…..R……
00002700: e535 0066 006c 0073 006a 000f 0011 2e00 .5.f.l.s.j……
00002710: 7000 6e00 6700 0000 ffff 0000 ffff ffff p.n.g………..
00002720: e546 4c53 4a20 2020 504e 4720 007e eca1 .FLSJ PNG .~..
00002730: ce52 ce52 0000 eca1 ce52 1301 133e 0800 .R.R…..R…>..
00002740: 0000 0000 0000 0000 0000 0000 0000 0000 …..
can we at least do one I would like to learn more about this method to recover files. if I understand correctly, number 3 file is
00002680: e533 0077 0069 006e 0075 000f 00fb 7000 .3.w.i.n.u….p.
00002690: 2e00 6a00 7000 6700 0000 0000 ffff ffff ..j.p.g………
000026a0: e557 494e 5550 2020 4a50 4720 0075 e0a1 .WINUP JPG .u..
000026b0: ce52 ce52 0000 e0a1 ce52 1e00 a800 0100 .R.R…..R……
I would take a800 0100 to calculate the logical size and then swap them to 00a8 0001 which equals to 11610064?
About Us
We provide reliable and top-quality writing services with a great balance of affordability and professionalism with all types of academic papers.
Quick Links
We Accept
