Logo
Rapier: A Data Carver PDF Print E-mail
Written by Keven Murphy   
Saturday, 29 November 2008 09:28

Rapier is a forensics data carver written for Linux. To simply put what it does is, it looks for file headers and footers. Once it identifies the file it will recover it.

Features

  • Look for keywords/headers that span sector/cluster boundaries
  • Headers and Foots can be 100 characters long
  • Single pass
  • Currently identifies the following file types:
    • Index.dat
    • Registry Files
      • Note: It cannot recover the whole file at this time. Registry files are file systems in themselves. It will read in the first block (4096 bytes) then look at the starting of the next block. Provided each block contains a "hbin" in the beginning, Rapier will continue to recover the registry file. Whether it recovers the whole file or not, it will still locate the beginning of the file so that it could be recovered by hand.
  • Log file with where the files were found.
  • It will run on either i386 or AMD64-bit Linux platforms.

Screenshots

Screen shot of Rapier Working

Screen Shot of Rapier finished

Requirements

  • Ncurses

How to use

  1. Rapier requires a image to review. You can either give it a dd image, device (/dev/hda1 for example), unallocated space, or slack space.
  2. Adjust the rapier.conf file to what you are looking for.
  3. Run Rapier: ./rapier -v -c rapier.config -f image_file.unallocated.dd -b 4096 -l rapier.log

License

Citadel Systems, L.L.C. grants Licensee a non-exclusive and non-transferable license to use the Product. Licensee may not use the product for commercial purposes beyond an initial thirty (30) day evaluation period without the purchase of a commercial license from Citadel Systems, L.L.C. Commercial purposes include any activity engaged in for the purpose of directly generating revenue or in support of activity that generates revenue. This license does not entitle Licensee to receive from Citadel Systems, L.L.C. hard-copy documentation, technical support, telephone assistance, or enhancements or updates to the Product.

Feedback: Please by all means contact us, if you find a bug or have feature requests.

Download (By downloading this you agree to the license above):

Rapier_02alpha.tar.gz

Rapier_01alpha.tar.gz

Sign up for the data carver mailling list.

 

 

 
Last Updated on Sunday, 11 January 2009 19:52
 
Copyright © 2008 Citadel Systems, L.L.C. All Rights Reserved.