RecuperaBit – Forensic File System Reconstruction & Recover Files

  • 1K
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1K
    Shares

RecuperaBit, is a open source software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS format.

It attempts reconstruction of the directory structure regardless of:

  • missing partition table
  • unknown partition boundaries
  • partially-overwritten metadata
  • quick format

The tool automatically determines the sectors from which partitions start. It does not modify the disk image, however it does read some parts of it multiple times through the execution. It should also work on real devices, such as /dev/sda but this is not advised.

Files can be saved with -s and overwrite the saved files with -w. RecuperaBit includes a small command line that allows the user to recover files and export the contents of a partition in CSV or body file format. The export directory can be specified by -o.

For more information about the reconstruction algorithms and the architecture used in RecuperaBit by reading my MSc thesis or checking out the slides.

 

Pypy:

RecuperaBit can be run with the standard cPython implementation, however speed can be increased by using it with the Pypy interpreter and JIT compiler:

pypy main.py /path/to/disk.img

 

Recovery of File Contents:

Files can be restored one at a time or recursively, starting from a directory. After the scanning process has completed, you can check the list of partitions that can be recovered by issuing the following command at the prompt:

recoverable

 

Download now: RecuperaBit

 

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply