Hello
Personaly i dont like EnCase, i consider it too expensive and too hard
to use if you just are interested in recover some data.
You can have a look at ForensicToolKit at
http://www.accessdata.com/common/pagedetail.aspx?PageCode=homepage
which is really cheaper than EnCase
or if you like to go the cheap way, you can use a Helix-Linux
( http://www.e-fense.com/helix/ ) which is a hybrid, means can be used
also from windows (but just certain tools).
There you have foremost, which you can greatly use to recover files.
Autopsy is mostly for analyse dead system, ie. having an image (like
dd) and analyze that one for particular datablocks, where it requires
some background to use it or gather some information.
Personaly i dont think that autopsy itself will restore any files,
foremost can do that.
--
Best regards,
Adam Pal
Tuesday, May 29, 2007, 10:59:30 PM, you wrote:
<==============Original message text===============
CM> LiveCD:
CM> http://www.remote-exploit.org/backtrack_download.html
CM> You'll probably have the best luck with: Autopsy
CM> Expensive forensics tool:
CM> http://www.guidancesoftware.com/products/ef_index.aspx
CM> -los
CM> On 5/29/07, Fabio Cerullo <fcerullo@gmail.com> wrote:
Hi All,
I am evaluating some tools for gathering evidence in Linux and Windows
distros.
In particular I am interested in recovering files/folders which have
been deleted "accidentally" from the PC.
I am aware there are some Live CD's with Linux installed that could
mount a drive and try to recover those files but don't know anyone in
particular.
Any help will be really appreciated.
Thank you very much.
Greetings,
Fabio
<===========End of original message text===========
smime.p7s
Description: S/MIME Cryptographic Signature
