Wụnye Scalpel (Ngwaọrụ mgbake faịlụ) iji weghachi faịlụ/ nchekwa ehichapụ na Linux
Ọtụtụ oge ọ na-eme na anyị na mberede ma ọ bụ site na ihie ụzọ pịa 'shift + hichapụ'na faịlụ. Site na ọdịdị mmadụ, ị nwere àgwà nke iji 'shift + Del' kama iji naanị 'Hichapụ' nhọrọ. Enwere m ihe omume a ụbọchị ole na ole gara aga. Anọ m na-arụ ọrụ ma chekwaa faịlụ ọrụ m na ndekọ ndekọ. Enwere ọtụtụ faịlụ ndị achọghị na ndekọ ahụ ma ọ dị mkpa ka ihichapụ ya kpamkpam. Ya mere, amalitere m ihichapụ ha otu otu. Mgbe m na-ehichapụ faịlụ ndị ahụ, pịara m 'shift delete' na mberede na otu faịlụ m dị mkpa. A ehichapụrụ faịlụ ahụ kpamkpam na ndekọ aha m. Anọ m na-eche ka m ga-esi nwetaghachi faịlụ ndị ehichapụrụ ma amaghị m ihe m ga-eme. Ọ fọrọ nke nta ka m nọrọ ọtụtụ oge iweghachi faịlụ ahụ mana enweghị chi.
Ịmara ntakịrị ihe ọmụma nka nka m maara gbasara otu faịlụ faịlụ na HDD si arụ ọrụ. Mgbe ihichapụ faịlụ na mberede, ọdịnaya nke faịlụ anaghị ehichapụ na kọmputa gị. A na-ewepụ ya na nchekwa nchekwa data na ị nweghị ike ịhụ faịlụ ahụ n'ime ndekọ aha, mana ọ ka dị n'ebe dị na draịvụ ike gị. N'ụzọ bụ isi, usoro ahụ nwere ndepụta ndepụta blocks na ngwaọrụ nchekwa ka nwere data. A naghị ehichapụ data ahụ na ngwaọrụ nchekwa ngọngọ ma ọ bụrụ na i jiri faịlụ ọhụrụ degharịa. N'echiche a, m wepụtara na faịlụ m ehichapụrụ ka nwere ike ịnọ n'ebe a na-edeghị aha nke diski ike. Agbanyeghị, a na-atụ aro ka ị bupụ ngwaọrụ ozugbo ị ghọtara na ehichapụla faịlụ ọ bụla dị mkpa. Unmount na-enyere gị aka igbochi faịlụ ndị egbochiri iji faịlụ ọhụrụ degharịa.
N'ọnọdụ a, achọghị m ịdefe data ahụ, yabụ na m họọrọ ịchọ na draịvụ ike na-ebulighị ya.
Dị ka ọ na-adịkarị na Windows, anyị na-enweta ọtụtụ ngwaọrụ ndị otu atọ iji weghachite data furu efu, mana na Linux naanị ole na ole. Agbanyeghị, m na-eji Ubuntu dị ka sistemụ arụmọrụ yana ọ siri ike ịchọta ngwa na-eweghachi faịlụ furu efu. N'oge nyocha m, amatara m banyere 'Scalpel'ngwaọrụ na-aga n'ime draịvụ ike dum wee nwetaghachi faịlụ furu efu. Ejiri m ngwá ọrụ Scalpel arụnyere ma nwetaghachi faịlụ m furu efu nke ọma. Ọ bụ ngwá ọrụ dị ịtụnanya m ga-ekwu.
Nke a nwekwara ike ime gị. Ya mere, echere m ịkọrọ gị ahụmahụ m. N'isiokwu a, m ga-egosi gị otu esi eweghachi faịlụ ndị ehichapụrụ site n'enyemaka nke ngwá ọrụ scalpel. Ya mere, ebe a ka anyị na-aga.
Kedu ihe bụ Ngwá Ọrụ Scalpel?
Scalpel bụ usoro mgbake faịlụ mepere emepe maka sistemụ arụmọrụ Linux na Mac. Ngwá ọrụ ahụ na-eleta ebe nchekwa nchekwa data ngọngọ wee chọpụta faịlụ ndị ehichapụrụ na ya wee nwetaghachi ha ozugbo. Ewezuga mgbake faịlụ ọ bakwara uru maka nyocha forensics dijitalụ.
Otu esi etinye Scalpel na Debian/Ubuntu na Linux Mint
Iji Wụnye Scalpel, mepee ọnụ site na ịme CTrl Alt T site na desktọpụ wee mee iwu na-esonụ.
$ sudo apt-get install scalpel
Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: scalpel 0 upgraded, 1 newly installed, 0 to remove and 390 not upgraded. Need to get 0 B/33.9 kB of archives. After this operation, 118 kB of additional disk space will be used. Selecting previously unselected package scalpel. (Reading database ... 151082 files and directories currently installed.) Unpacking scalpel (from .../scalpel_1.60-1build1_i386.deb) ... Processing triggers for man-db ... Setting up scalpel (1.60-1build1) ... [email :~$
Ịwụnye Scalpel na RHEL/CentOS na Fedora
Iji wụnye ngwa mgbake scalpel, ị ga-ebu ụzọ mee ka ebe nchekwa epel rụọ ọrụ. Ozugbo agbanyere ya, ị nwere ike ime 'yum' iji wụnye ya dịka egosiri.
# yum install scalpel
Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.01link.hk * epel: mirror.nus.edu.sg * epel-source: mirror.nus.edu.sg Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package scalpel.i686 0:2.0-1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================== Installing: scalpel i686 2.0-1.el6 epel 50 k Transaction Summary ========================================================================================================================================================== Install 1 Package(s) Total download size: 50 k Installed size: 108 k Is this ok [y/N]: y Downloading Packages: scalpel-2.0-1.el6.i686.rpm | 50 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : scalpel-2.0-1.el6.i686 1/1 Verifying : scalpel-2.0-1.el6.i686 1/1 Installed: scalpel.i686 0:2.0-1.el6 Complete!
Ozugbo etinyere scalpel ịkwesịrị ime ndezi ederede. Site na ndabara scpel utility nwere faịlụ nhazi ya na ndekọ '/ wdg' na ụzọ zuru ezu bụ /etc/scalpel/scalpel.conf ma ọ bụ /etc/scalpel.conf. Ị nwere ike ịhụ na a na-akọwapụta ihe niile (#). Ya mere, tupu na-agba ọsọ scalpel mkpa ka uncomment faịlụ format na ị chọrọ naghachi. Otú ọ dị uncomment dum faịlụ na-ewe oge na ga-emepụta a nnukwu ụgha results.
Ka ọmụmaatụ, achọrọ m iweghachite naanị faịlụ '.jpg', yabụ na-ekwupụtaghị ngalaba faịlụ '.jpg' maka faịlụ nhazi nke scalpel.
# GIF and JPG files (very common)
gif y 5000000 \x47\x49\x46\x38\x37\x61 \x00\x3b
gif y 5000000 \x47\x49\x46\x38\x39\x61 \x00\x3b
jpg y 200000000 \xff\xd8\xff\xe0\x00\x10 \xff\xd9Gaa na ọnụ ma pịnye syntax na-eso. '/ dev/sda1' bụ ebe ngwaọrụ si ebe ehichapụrụ faịlụ ahụ.
$ sudo scalpel /dev/sda1-o output
Mgbanwe '-o' na-egosi ndekọ mmepụta, ebe ịchọrọ iweghachi faịlụ gị ehichapụrụ. Gbaa mbọ hụ na ndekọ a tọgbọrọ chakoo tupu ịme iwu ọ bụla ma ọ bụghị ya ga-enye gị mperi. Nsonaazụ nke iwu dị n'elu bụ.
Scalpel version 1.60 Written by Golden G. Richard III, based on Foremost 0.69. Opening target "/dev/sda1" Image file pass 1/2. /dev/sda1: 6.1% |***** | 6.6 GB 39:16 ETA
Dị ka ị na-ahụ, scalpel na-arụ ọrụ ya ugbu a na ọ ga-ewe oge iji weghachite faịlụ ehichapụrụ dabere na oghere diski nke ị na-agbalị iṅomi na ọsọ nke igwe.
M ga-akwado gị niile ka ị nwee àgwà nke iji naanị ihichapụ kama Shift + Hichapụ. N'ihi na dị ka e kwuru mgbochi na-adị mma mgbe niile karịa ọgwụgwọ.