Friday, November 2, 2007

Dumpster Diving with Ovie.....

On the Oct 15 Cyberspeak Podcast Ovie Carroll talked about Vista Recycle bin forensics. Based on Ovie's chat I have created a program that will read the $I files and create a simple report. The report consists of the $I file name, the actual filename with directory, the date/time the file was deleted and the file size. I have also added the functionality to copy the $R (actual data file that was deleted) to the actual name into a directory specified by you.

So what does the prorgam do? Once you fire up the gui you need to provide a filename for the database that is created that will store the data that is read. Provide a direcotry where the $I files are, if you want to copy the $R files to there original names then they need to be in the same directory. Optionally you need to provide an output directory where you want to write out the deleted files to with there actual names. Once that is done then press the buttons and watch it go to work. When you are ready to run the report you can either sort the data in ascending or descending order based on the deletion date and show the report in either excel or your favorite web browser.

If you want to see the gory details the code is provided. As always this script can be run on OS's other then Windows (the report piece will have to be modified some).

The programs can be found here. As always Questions/Comments/Improvements let me know.

1 comment:

Anonymous said...

Have you ever wondered why louis vuitton bags make so many of the same style of bags, just in different colors or material? I often wondered that same question until it hit me one day, while standing in the rain, clutching my louis handbags to my chest, like it was a baby. Designers know that some particular Damier Azur are not meant to be worn at particular times. You can never go wrong with owning more than one Damier Canvas .