Description: Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them. It looks at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or partition. As long as the file data is there, it will find it.
It works on any file system, but on very fragmented file systems it can only recover the first chunk of each file. Practical experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon.
source : http://www.itu.dk/~jobr/magicrescue/
this video is a simple demo of forensics tool magicrescue. following are the options.
Usage: magicrescue [-I FILE] [-M MODE] [-O [+-=][0x]OFFSET] [-b BLOCKSIZE]
-d OUTPUT_DIR -r RECIPE1 [-r RECIPE2 [...]] DEVICE1 [DEVICE2 [...]]
-b Only consider files starting at a multiple of BLOCKSIZE.
-d Mandatory. Output directory for found files.
-r Mandatory. Recipe name, file or directory.
-I Read input file names from this file ("-" for stdin)
-M Produce machine-readable output to stdout.
-O Resume from specified offset (hex or decimal) in the first device.
Tags: Forensics , Magicrescue ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
it is very good option for recovering a corrupted drive or partition. It works on any file system, but sometime it is not able to recover all the data .
thanks for video
Ya Exactly, we can see the recovered data but almost 50% data will corrupted :|