Forensic Data Recovery in Linux - tsk_recover

Author: Cybercrime Technologies
142 View
12m 13s Lenght
1 Rating

In this video we will use tsk_recover to carve a physical disk image of a suspect drive stored on our forensic workstation. tsk_recover is a command-line tool for recovering various types of data for forensic purposes. The Sleuthkit (tsk_recover): http://www.sleuthkit.org/sleuthkit/

Comments

1. tsk_recover -i raw -e image.dd /evidence
   
   cannot determine file system type (sector offset : 0) Files Recovered: 0
   I am losing my patience with this, can't get most commands to work, most manuals are too advanced for me and I can't make sense of the examples they are using, I fallowed yours it seemed straightforward enough but I still couldn't make it work, do you know where can I get a complete beginner tutorial or something similar?