Entries filed under 'Hal Pomeranz'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    EXT3 File Recovery via Indirect Blocks

    By Hal Pomeranz

    Recovering complete file images from unallocated space on Linux systems can be a tricky problem. The EXT3 metadata structures-index nodes or inodes for short-are mostly zeroed out when they are deallocated. During this process, all of the inode's block pointers (that would normally be used to access the file data when the file was allocated) are lost. The original file contents will still exist in unallocated data blocks in the file system-at least until those blocks are reused-but there's no "map" to reconstruct those data blocks into the original file.

    Read more...