GitBook: [master] 5 pages modified

SUMMARY.md

@@ -425,7 +425,7 @@
 * [Volatility - CheatSheet](forensics/volatility-examples.md)
 * [Basic Forensics \(ESP\)](forensics/basic-forensics-esp/README.md)
   * [Partitions/File Systems/Carving](forensics/basic-forensics-esp/partitions-file-systems-carving/README.md)
-    * [File/Data Carving](forensics/basic-forensics-esp/partitions-file-systems-carving/file-extraction.md)
+    * [File/Data Carving Tools](forensics/basic-forensics-esp/partitions-file-systems-carving/file-data-carving-tools.md)
     * [NTFS](forensics/basic-forensics-esp/partitions-file-systems-carving/ntfs.md)
   * [Windows Forensics](forensics/basic-forensics-esp/windows-forensics/README.md)
     * [Interesting Windows Registry Keys](forensics/basic-forensics-esp/windows-forensics/interesting-windows-registry-keys.md)

forensics/basic-forensics-esp/partitions-file-systems-carving/README.md

@@ -160,23 +160,14 @@ Note that this technique **doesn't work to retrieve fragmented files**. If a fil
 
 There are several tools that you can use for file Carving indicating them the file-types you want search for 
 
-* \*\*\*\*[**PhotoRec**](https://www.cgsecurity.org/wiki/TestDisk_Download)\*\*\*\*
-* \*\*\*\*[**Binwalk**](https://github.com/ReFirmLabs/binwalk)\*\*\*\*
-* \*\*\*\*[**Foremost**](https://github.com/jonstewart/foremost)\*\*\*\*
-* \*\*\*\*[**Bulk Extractor**](https://github.com/simsong/bulk_extractor)\*\*\*\*
-
-**There are also other tools to find more specific file-types like:**
-
-* \*\*\*\*[**vss\_carver**](https://github.com/mnrkbys/vss_carver): Use it to search for delete Volume shadow Copies
+{% page-ref page="file-data-carving-tools.md" %}
 
 ### Data Stream **C**arving
 
 Data Stream Carving is similar to File Carving but i**nstead of looking for complete files, it looks for interesting fragments** of information.  
 For example, instead of looking for a complete file containing logged URLs, this technique will search for URLs.
 
-The following tools can be used to find specific interesting information inside a bulk of data:
-
-* \*\*\*\*[**Bulk Extractor**](https://github.com/simsong/bulk_extractor)\*\*\*\*
+{% page-ref page="file-data-carving-tools.md" %}
 
 ### Secure Deletion
 

forensics/basic-forensics-esp/partitions-file-systems-carving/file-data-carving-tools.md

@@ -1,4 +1,4 @@
-# File/Data Carving
+# File/Data Carving Tools
 
 ## Carving tools
 

forensics/basic-forensics-esp/windows-forensics/README.md

@@ -400,7 +400,7 @@ The Status and sub status information of the event s can indicate more details a
 
 ### Recovering Windows Events
 
-It's highly recommended to turn off the suspicious PC by **unplugging it** to maximize the probabilities of recovering the Windows Events. In case they were deleted, a tool that can be useful to try to recover them is [**Bulk\_extractor**](../partitions-file-systems-carving/file-extraction.md#bulk-extractor) indicating the **evtx** extension.
+It's highly recommended to turn off the suspicious PC by **unplugging it** to maximize the probabilities of recovering the Windows Events. In case they were deleted, a tool that can be useful to try to recover them is [**Bulk\_extractor**](../partitions-file-systems-carving/file-data-carving-tools.md#bulk-extractor) indicating the **evtx** extension.
 
 ## Identifying Common Attacks with Windows Events