On Fri, Jun 14, 2013 at 1:13 PM, green <greenfreedo...@gmail.com> wrote:
> To Ro wrote at 2013-06-14 06:02 -0500: > > At this point I have to wait about two weeks before I can afford > > getting a 2TB drive where I could dump the recovered parts and try to > > resuscitate it. Is there any site that would have information about > > forensics? The best way to prepare is by learning the fundamentals, since > > anyway I have two weeks of waiting time. > > Because I prefer to "learn as I go", I (personally) would in this case > immediately start working with the NTFS filesystem. If you *always* > mount it read-only, do not feel that a drive failure is imminent, and > trust the NTFS drivers, then this should be completely safe. If you > can get even a small portion (at the beginning) of the tar.gz, you > could (I suppose) use gzcat and then see some of the tar contents on > stdout. Perhaps you could even find a way to re-compress it to 4.7GB > chunks, and then burn those to DVD or something. Or… > <http://qntm.org/transit> > I started testing one of the recovered files, with a binary file editor can se a long sequence of zeros at the very beginning of it, took some precautions, and here is what I see ls -lh total 5.8G -r-------- 1 xyz xyz 5.8G Jun 14 17:52 inode_17000 tried gunzip, djview, tar -x, mplayer, etc, thinking of the possible files that I had of that size. Nothing comes up. By the way, did bcrypt disappear from wheezy? Any ideas what else could be done?
