http://www.derkeiler.com/Mailing-Lists/Securiteam/2004-04/0046.html
FSTools - FileSystem Investigator
------------------------------------------------------------------------
SUMMARY
DETAILS
FileSystem Investigator is a platform independent file system viewer
and
data extraction tool. It allows the user to:
* View the contents of the target file system in a forensically safe
manner, bypassing the normal operating system mechanisms
* Extract files and whole directory trees of files from the source
file
system
Since it is written in platform-neutral Java, it can be used to
examine
file systems outside their native environment. For example, it can be
used
to view a Linux file system while running under Windows.
Supported Filesystems:
FileSystem Investigator is designed to be able to handle many different
file systems.
Currently ReiserFS version 3 and the Second Extended File System
(EXT2/EXT3) are supported.
How it works:
FileSystem Investigator directly accesses the source disk and processes
the data using it own built in file system drivers. This ensures that
it
is safe to use FileSystem Investigator for forensic investigations.
FileSystem Investigator will never write to the source media thus
important timestamps are preserved. FileSystem Investigator can also
read
disk-image files such as those created by dd. Files and whole directory
structures can be extracted easily from the source drive and stored for
further use or analysis. Due to limitations imposed by Java, special
files
such as device nodes, pipes, sockets and links, cannot be extracted.
ADDITIONAL INFORMATION
The information has been provided by <mailto:[email protected]>
wrossi.
The tool can be downloaded from: <http://www.rossi.com/>
http://www.rossi.com/
