We know that when a file is deleted from a computer it is not really deleted. For example, Windows OS utilizes a repository for deleted files called the Recycle Bin, which allows a user to retrieve a document he accidentally deleted. In order to restore this file in this manner, certain information must be stored in records so that the original information about the file may be restored, such as the file name. The file containing this information is called INFO2 and resides in the Recycle bin directory.
But when the Recycle Bin is emptied, the INFO2 file is cleansed and the previously recycled file information will not exist there anymore. So, for a computer crime investigation reconstruction of this INFO2 file is required. Rifiuti, the Italian word meaning "trash", is an open source tool that allows reconstructing INFO2 file and shows us the details of previously erased data.
Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.
Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS, Linux, and BSD
More information and Download
Related Forensic program
No comments:
Post a Comment