File system investigator is a forensic filesystem viewer.
Version: 1.0.3FileSystem Investigator is a platform independent file system viewer and data extraction tool. It allows the user to:
Operating System: Linux
- View the contents of the target file system in a forensicly safe manner, bypassing the normal operating system mechanisms.
- Extract files and whole directory trees of files from the source filesystem.
Since it is written in platform-neutral Java, it can be used to examine filesystems outside their native environment. For example, it can be used to view a Linux filesystem while running under Windows.
FileSystem Investigator directly accesses the source disk and processes the data using it own built in filesystem drivers. This ensures that it is safe to use FileSystem Investigator for forensic investigations.
FileSystem Investigator will never write to the source media thus important timestamps are preserved. FileSystem Investigator can also read disk-image files such as those created by dd.
Files and whole directory structures can be extracted easily from the source drive and stored for further use or analysis. Due to limitations imposed by Java, special files such as device nodes, pipes, sockets and links, cannot be extracted.
· Java Runtime Environment version 1.4 or later.
Unpack the distribution. Run with the following command:
java -jar rossifstoolsui.jar