Digital Forensic: Data Carving

still keep the spirit
I will try to demonstrate how to carve a data, you can download the file here (to learn)
If the file is opened, an error occurs such as 
to be able to open these image files can then be done step by step as below





it will come out look like this



then do the following in: 
  • Find the beginning of the JPEG 
  • Find the end of the JPEG 
  • Calculate the size of the JPEG 
  • Cut from start to finish and output to a file  
Since we will be looking for a standard JPEG images in a piece of data, I will begin with the provision that the JPEG header that starts with a six-byte hex ffd8 offset to the string "JFIF". End of the JPEG standard is marked with ffd9 hex. We start from the beginning of the search for jpeg



The offset (in hex) for the beginning of this line of xxd output is 00052a0. and do the calculation with the command "bc"


we will start our search for the end of the file from that point with command xxd and grep but this target not ffd8, target is ffd9


do the calculation as the previous step
 

to know the distance from ffd9 ffd8 and do the as below

"bc" command is similar to a calculator and finally



carve.jpg          : output
skip                   : how far into the data chuck we begin cutting
bs (block size)  : the number of bytes we include as a block
count                :  the number of blocks we will be cutting.


open carve.jpg




Comments

Post a Comment

Popular posts from this blog

EXE file structure

Image
I 'll try to explain how a structure file extension .EXE. EXE is a common file extension indicates an executable file ( program) in the DOS , OpenVMS , Microsoft Windows , Symbian , and others. In addition to the executable program , many EXE files contain other components called resources, such as bitmaps and icons which the executable program to be able
Read more

Introduction Maltego

Image
What is maltego ? Maltego are tools for OSINT (Open Source Intelligence Gathering ) , so OSINT is a method of searching the information available to the public and then analyzed and used for certain purposes maltego also an open- source intelligence and forensics application . This allows for the mining and gathering information and presenting this information in a meaningful way .
Read more

Filesystem Structure

Image
For this time I will explain about a system file structure there are some that I will explain , among others, are : FAT16 FAT32 NTFS EXT2 EXT3 starting from the first , which is FAT16   FAT16 we start from the first FAT . What is FAT ? FAT File System that is used in Windows Operating System . FAT 's name comes from the use of tables that focus on areas where information is empty or may not be used . To limit the size of the table , the disk space allocated to files in hardware sector groups are adjacent , so-called developing cluster. When disk drive , the maximum number of clusters also
Read more