Member-only story
How to Carve files or Doing Digital forensics by hand
There are two kinds of people in this world those with automated forensics tools and those who carve files, this post is for the second kind. Digital forensics like other branches of forensics science relies of artefacts and the effects of those artefacts on an environment, hopefully the presence or absence of these artefacts help prove or determine an event occurred, I’ll explore this much more in further posts but for this post I will focus explicitly on File Carving.
So what is File Carving?
In layman’s terms File Carving is the process of taking “chunks” of data out of disk images, memory dumps, packet captures basically files or data in a raw state. In most cases the way this is done is by looking for recognisable signatures in file dumps which look like garbage to the untrained eye.
So why carve Files?
File carving can often be time consuming and tedious, however the basic concepts of file carving are important corner stones of data recovery and Computer Forensics, if you don’t know how to carve files I highly recommend you start now, even though it can be time consuming and tedious it’s an important skill to have and hopefully as this post will show not that hard either.
