DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
giis (gET iT i sAY) is a file recovery tool for Ext2/Ext3 filesystems. Once installed, current files and newly created files can be recovered. It allows users to recover all deleted files, recover files owned by a specific user, dump data from old file locations, and recover files of a specific type, such as text or PNG. A forensic analyzer is also provided to assist users during recovery.
SystemRescueCd is a Linux system available from a bootable CDROM that provides an easy way to perform administrative tasks on your computer, such as creating and editing the partitions of the hard disk or backing up data. It contains a lot of system utilities (such as parted, partimage, and fstools), and basic programs (such as editors, midnight commander, and network tools). It also includes GParted, a Partition Magic clone that makes editing partitions easy with its graphical user interface. This CDROM aims to be very easy to use and accessible to everybody, and it also provides advanced personalization features.
fsarchiver is a system tool that allows you to save the contents of a filesystem to a compressed archive file. The filesystem can be restored on a partition that has a different size, and it can be restored on a different filesystem. Unlike tar/dar, fsarchiver also creates the filesystem when it extracts the data to partitions. Everything is checksummed in the archive in order to protect the data. If the archive is corrupt, you just lose the current file, not the whole archive.
Hot Copy creates an instant point-in-time snapshot of any block device while the system is running without interrupting applications or requiring the use of LVM. As block level changes are made to the real device, hot copy makes a backup copy of the changed block. The changed blocks are efficiently stored in unused space on your hard disk. These stored changed blocks maintain a point-in-time snapshot and space is only needed when you make changes to the real device. You can even write to your snapshots.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.
GRUB for DOS is a rebuild of the GNU GRUB boot manager for DOS, and can be run under real mode DOS. It also has many new features. It can be booted through BOOT.INI of Windows (grldr) and kexec of Linux (grub.exe). It can directly boot NTLDR (WindowsNT/2K/XP), IO.SYS (Windows9x/Me) and KERNEL.SYS (FreeDOS). The disk emulation feature is another enhancement over GNU GRUB, and can be used to run legacy DOS/Windows9x systems with floppy or hard disk images.