Linux文件恢复工具和取证工具

available on Kali-2.0

文件恢复

extundelete

extundelete is a utility that can recover deleted files from an ext3 or ext4 partition       extundelete  uses  the  information  stored  in  the partition's journal to attempt to recover a file that has been       deleted from the partition.

photorec

PhotoRec  is  file data recovery software designed to recover lost files including video, documents and archives       from Hard Disks and CDRom and lost pictures (Photo Recovery) from  digital  camera  memory.  PhotoRec  ignores  the       filesystem and goes after the underlying data, so it'll work even if your media's filesystem is severely damaged or       formatted. 

取证

参考：
http://www.hetianlab.com/expc.do?w=exp_ass&ec=ECID9d6c0ca797abec2016100813263000001
计算机取证(Computer Forensics)在打击计算机和网络犯罪中作用十分关键，它的目的是要将犯罪者留在计算机中的“痕迹”作为有效的诉讼证据提供给法庭，以便将犯罪嫌疑人绳之以法。本实验主要介绍 Linux 环境下的磁盘取证和内存取证工具的使用包括包括 Ftkimage(Windows平台)、xmount、Volatility等。