Hard Disks and File Systems FileScavenger Lab

FacebookTwitterGoogle+LinkedInEmail
Description
Welcome to FileScavenger, a really neat tool for scanning for what files are on a drive, and all of its intimate details. For example, you’ll be able to determine the exact location of files, the last time they were accessed, who did it, the actual file size and its last modification date. [toggle_content title="Transcript"] Hey, Leo Dregier here. I want to show you a cool little video, um, but this is going to be a utility where we’re going to find stuff that [00:15] doesn’t exist, okay? We have a USB drive, nothing on it, right? So if we refresh it, didn't seem to be anything there. We look at the properties, okay? You can see some used space 31, but they always have something,’ so it’s not really like you can tell anything, um, so we just happened to find a drive with nothing on it, okay? So let’s go over here to FileScavenger. So we’re going to look for everything, you know? In the dropdown, you’ve got all sorts of stuff that you can select from if you want, like, Just Documents, you know, uh, they have a bunch of, uh, predefined, uh, saves here. You can go through those if you want, but it also takes any searches, like, if you want, you know, *.doc, you know – it’ll try to find all those and things like that. Well, since we don’t know what we’re looking for yet, let’s go ahead and select everything and let’s choose the drive that happens to be the F drive, and if I’m going to do a quick search, hey, “No file found.” Okay, scratch your head a little bit. Um. Well, let’s try to see if we find it in Long File Mode – nope, and it says, “Okay. Hey do you want to skip deleted files and folders?” Well, no, why would I want to skip those? I would want to see what was in those. So, okay, let’s go ahead and get those. Okay, now, we got something here; now we’ve got something to go around. Let’s see if we can find anything interesting. Uh, some master file table stuff, uh, components of a bit map it looks like, um, some, I do not know, looks like some language here. Uh, uh, right down here at the bottom, check this out. I’m hidden .txt, all right? I wonder what’s in there. Well, you can right click it and select Properties and actually see that it’s, you know, the file name of it, where it’s located, the master file table record number, and the actual place on the hard drive, the sector number in which it’s referenced, and the last access time. Okay, that’s pretty cool, right? So there is something on this drive, and you can see it, and you can get access to it right here, okay? Now I’m – when I stop the search, it says Abort Searching, okay, yes, okay? To display files in the Windows Explorer-like format, click on the Tree View button right here, okay? So that’s this button right up here. So it’s just a little prompt here, but it’ll allow you to basically come down here and start seeing what’s on the drive and where it actually is. So you can see right here, uh, I’m hidden. Caught! Found you! Can’t hide from me; I got you! And don’t forget to like and share on Facebook, LinkedIn, YouTube, and Twitter. I’m Leo Dregier. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel