654 B
654 B
Information
Make sure to clone the harddrive before doing any forensic !!! Video ---> https://www.makeuseof.com/tag/2-methods-to-clone-your-linux-hard-drive/ & https://www.youtube.com/watch?v=cCNzl2x5Gdk
To retrieve information on a harddrive, there is 2 possibility
-
Retrievement of lost partition (Autopsy [Tool](Red Team/Others/Hardware/HardDrive/Tools))
- Trying to find the whole partition (Arboressence (tree) and file name))
-
File Carving (GHex (view) & Photorec (Find Docs) [Tool](Red Team/Others/Hardware/HardDrive/Tools))
- Scanning all the hexadecimal of the drive and search for documents (with finguer print)