Topic
Hex dump
About: Hex dump is a research topic. Over the lifetime, 2 publications have been published within this topic receiving 12 citations.
Papers
28 Jan 2007
TL;DR: This paper discusses data recovery from ReiserFS and ext3, two popular journaled file systems and describes a Java-based tool for analyzing ext3 file system journals and recovering data pertaining to overwritten and deleted files.
Abstract: Journaling is a relatively new feature of modern file systems that is not yet exploited by most digital forensic tools. A file system journal caches data to be written to the file system to ensure that it is not lost in the event of a power loss or system malfunction. Analysis of journal data can identify which files were overwritten recently. Indeed, under the right circumstances, analyzing a file system journal can reveal deleted files and previous versions of files without having to review the hex dump of a drive. This paper discusses data recovery from ReiserFS and ext3, two popular journaled file systems. It also describes a Java-based tool for analyzing ext3 file system journals and recovering data pertaining to overwritten and deleted files.
13 citations
Patent•
IBM1
TL;DR: In this paper, the first byte string has a first address from within the compressed file and each of the plurality of subdivisions is provided with an address range to indicate the addresses of byte strings contained therein.
Abstract: A computer implemented method of selectively accesses a set of subdivisions of a compressed file, wherein the compressed file is a hex dump file. A request to access a first data byte string is received. The first data byte string has a first address from within the compressed file. The compressed file comprises a plurality of subdivisions. Each of the plurality of subdivisions is provided with an address range to indicate the addresses of byte strings contained therein. The address range for each of the plurality of subdivisions is the file name for each of the plurality of subdivisions. A set of subdivisions from the plurality of subdivisions is identified that contains a first data byte string. The step of identifying the set of subdivisions comprises comparing the first address to the address range for the plurality of subdivisions. Only the set of subdivisions which contains the first data byte string is extracted.
2 citations
Performance Metrics
| Year | Papers |
|---|---|
| 2008 | 1 |
| 2007 | 1 |