Main Page

From FilesHunter

Revision as of 13:08, 25 July 2013 by Muriel (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

FilesHunter

Analyze files to get their real format. Ideal to retrieve hidden and corrupted files.

Contents

[edit] Overview

Analyze files and guess their true content's format. Extract hidden files from corrupted ones. Easily extensible by adding new plug-ins for new formats. Handles documents, videos, images, music, executables...

FilesHunter has been created to retrieve files after recovering corrupted file systems.

[edit] Concept

FilesHunter analyzes a file by decoding segments out of it. For example if 1 file contains a JPG image followed by an AVI video, some random data and ending with an incomplete DOC document (a case that can happen when dealing with damaged file systems), FileHunter will report 4 segments:

  1. Segment JPG
  2. Segment AVI
  3. Segment unknown
  4. Segment DOC truncated

It will then be able to extract each segment in a separate file.

To achieve this, FilesHunter tries to analyze the data deeply. It will not stop by a simple MagicNumber identifying a file format, as those MagicNumbers are usually found in many places in corrupted files.

[edit] Install

gem install fileshunter

For Windows users: you will need to first have the Ruby DevKit installed for the installation to succeed, as there is a C extension to be compiled.

[edit] Usage

FilesHunter can be used as a standalone executable, or as a library to be embedded in your project.

[edit] Command-line tool

FilesHunter comes with the fileshunt executable tool.

> fileshunt --help
fileshunt [--help] [--debug] [--extract] [--extractdir <DirectoryName>] [--log] [--blocksize <BlockSizeInBytes>] <FileName1> <FileName2> ...
        --extract                    Extract found segments as extra files next to the analyzed ones (named from the original file name and __EXTRACT__ suffixes).
        --log                        Log found segments in various log files (named fileshunt*.log).
        --extractdir <DirectoryName> <DirectoryName>: Directory name to extract to.
                                     Specify the directory where extracted files are written. If none specified, they will be written next to original files.
        --blocksize <BlockSizeInBytes>
                                     <BlockSizeInBytes>: Size of blocks to read at once from disk. Default = 134217728.
                                     Specify the block size when reading from files
        --help                       Display help
        --debug                      Activate debug logs

[edit] Library

If you prefer embedding FilesHunter in another program, you can use its API directly this way.

# Require library
require 'fileshunter'
 
# Get an instance of SegmentsAnalyzer
segments_analyzer = FilesHunter::get_segments_analyzer
 
# Use it to analyze all segments from a file.
# Returns an Array of Segment.
segments = segments_analyzer.get_segments('my_file_name')
 
# Display the segments
segments.each do |segment|
  puts "[ #{segment.begin_offset} - #{segment.end_offset} ] - Found a segment of extensions #{segment.extensions}"
end

[edit] API

Its API can be seen directly in its generated documentation here. In particular the following are interesting for developers:

[edit] Contact

Want to contribute? Have any questions? Contact Muriel!

Personal tools