Deleted File Recovery Through SSH

Nicholas Leippe nick at byu.edu
Tue Feb 15 13:29:54 MST 2005


On Monday 14 February 2005 02:37 pm, Davis, Lawrence wrote:
> Hello All,
>
>  How would I go about recovering deleted files through ssh? What
> tools can I upload to do this for me? I have no physical access to the
> server, so everything is done through ssh and scp. I'm not sure what cmd
> was executed to delete the files as it appears the server was hacked.
>

/usr/portage/apps-forensics/ has:
aide
air
autopsy
chkrootkit
examiner
foremost
galleta
memdump
pasco
regviewer
rifiuti
rkhunter
sleuthkit
tct

I know some of them can be used remotely, and a few were designed for that.
As for recovering files, you may need to grab an image of the drive before
anything else is written and scan it.

Freshmeat may be helpful as well.

-- 
Respectfully,

Nicholas Leippe
Sales Team Automation, LLC
1335 West 1650 North, Suite C
Springville, UT  84663 +1 801.853.4090
http://www.salesteamautomation.com



More information about the PLUG mailing list