1. Name: Kartikey Chaturvedi
Requirements:
This tool was created in UNIX environment using g++ compiler it can
also be used in windows using minGW compiler bundle from
http://www.codeblocks.org/downloads/26 . Different classes are defined
for Partition information, Volume information, Directory information and
deleted file information under header files where function declarations
are made. Cpp files are created where functions definitions are provided
and are implemented in the Toolmain cpp file which contains the main
method. Program reads from the image file supplied by the user stores the
binary information in an array and then read from it to perform the
features.
Features implemented:
The following are the features that are represented in this program:
The number of partitions on the disk .
The start sectorof the partition.
The file system type of the partition.
The size of the partition in sectors in MB.
2. The number of sectors per cluster.
The size of FAT area.
The size of RootDirectory.
The sectoraddress of cluster2.
The deleted file name.
The deleted file size.
The number of the first cluster in deleted file.
The contents of the deleted file.
Instructions for running the program :
The program contains different header, cpp and main file which needs to
be complied together in order to run the program. Follow the steps to run
the program:-
1. The 14116367.rar contains all the required files to run the
program.
2. Open command promptand move to the directory where the tool
files are stored.
3. 3. Folder contains a file name makefile1.txt open it copy the
command and paste it in the command prompt.
4. 4. It will create an executable file named “forensics.exe”. Type
forensics.exe in the command promptto run the program. It will
display the output.
C:UsersKartikeyDesktopDataForensicstool14116367>forens
ics.exe Sample_1.dd
Note:- Please make sure the image file is also in the
destinationfolder or the path enteredis correctorthe exe file
can be moved to the folder containing the image file.
Testing the program using (Sample_1.dd):
1- The sourcecode forensics.exe was created and implemented.
2- The makefile1 was used to create the exe file.
5. 3- The executed file in the in the folder was supplied by the
destination of the image file
4- The Sample_1.dd image file was used in 14116367 folder.
5- Program is implemented in a command promptby going to the
right path.(might need to run cmd promptas an administrator)
The output of Sample_1.dd:
Testing the program using (Test.001):
6. 1- The sourcecode forensics.exe was created and implemented.
2- The makefile1 was used to create the exe file.
3- The executed file in the in the folder was supplied by the
destination of the image file
4- The Test.001 image file was used in Dataforensicstool folder.
5- Program is implemented in a command promptby going to the
right path. (might need to run cmd prompt as an administrator)
The output of Test.001:
Drawback:
7. Format of information have to be changed to big_endian
format because it is given in little_endian format.
Contains many number of files but it makes it reusable to be
used in other codes as well.