从磁盘转储中提取jpeg [英] Extracting jpegs from a disk dump
问题描述
我从一个无法正确加载(要求重新格式化)的人那里得到了16GB的存储卡。我正在尝试删除jpeg。
I've got a 16GB memory card off someone that won't load properly (asks to be reformatted). I'm trying to get jpegs off it.
我已经运行 dd 将内容转储到文件中,效果出色。该文件将无法装载并被读取,因此其内容在某种程度上已损坏。
I've run dd to dump the contents to a file, which worked splendidly. The file won't mount and be read, so the contents are corrupt in someway.
在十六进制编辑器中打开转储会显示那里有数据,并且通过寻找jpeg(FFD8和FFD9)的开头和结尾的标记,我已经能够手动提取前3个jpeg。
Opening the dump in a hex editor shows that there is data on there, and by looking for the markers for the start and end of a jpeg (FFD8 and FFD9), I've been able to manually extract the first 3 jpegs.
编写一些代码以流式处理文件,查找偏移量并转储文件,是否有任何现有方法可以做到这一点?我用简单的Google搜索找不到任何东西,但不想解决必须解决过很多次的问题。
Before I go and write some code to stream the file, find the offsets and dump the files, is there any existing way to do this? I can't find anything with a simple google search, but don't want to solve a problem which must have been solved many times before.
有人知道吗一些软件或一个不错的库(Python会很不错,尽管我会熟悉该语言,尽管会做任何事情),它们可以轻松地提取jpeg,还是我最好自己编写代码?
Does anyone know of either some software or a decent library (Python would be nice as I'm familiar with the language, though anything would do) that will easily let me extract the jpegs, or am I better off just writing the code myself?
推荐答案
您想要计算机取证雕刻工具。
You want a computer forensics carving tool.
有两个明显的选择问题。第一个是开源 photorec 。第二个是商业工具 Adroit Photo Forensics 。我已经多次使用这两种工具。 Adroit将恢复碎片化的文件,并且可以更好地消除误报,但这是很昂贵的。最好使用photorec。
There are two obvious choices for this problem. The first is the open source photorec. The second is the commercial tool Adroit Photo Forensics. I've used both tools on many occasions. Adroit will recover files that are fragmented and does a better job eliminating false positives, but it is pricy. In all likelihood you'll be fine with photorec.
这篇关于从磁盘转储中提取jpeg的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
