Sunday, December 9, 2012

Backtrack Forensics: recoverjpeg & recovermov

recoverjpeg is a tool for recovering deleted jpeg files from a drive. It's very powerful, I managed to recover JPEG even after formatting and writing on the pendrive. It's pair is the recovermov tool, which can restore mov files.

The tools can be accessed from:

Forensics -> Forensic Carving Tools

or from the shell directly.


#locate the drive name:
fdisk -l

#recover jpegs:
recoverjpeg /dev/sdb

The tool has a few options, but works well with the defaults.


No comments: