Forensics -> Forensic Carving Tools
fatback is a simple utility to recover deleted files from FAT16/32 partitions. It will recover files only from the latest partition, other words, it can't recover files after the drive has been formatted. It can be used in either automatic or manual mode. If used in auto mode, we have to specify an output directory.
Usage examples:
Auto mode, with specifing outut directory:
fatback -a /dev/sdb -o FatBackOut
Interactive mode, it's quite straightforward to use, if looking on the help:
fatback /dev/sdb
fatback> ls
fatback> help
It will also create a log file, about the restore in the directory where it was run from.
No comments:
Post a Comment