PhotoRec produced several large .gpg files
Posted: 22 Jul 2015, 01:03
I've recovered a disk image from an otherwise healthy drive, which seems to not have a partition table any more. See this post on my efforts to recover the partition table using testdisk:
http://forum.cgsecurity.org/phpBB3/part ... t5214.html
Are these files evidence of something like CryptoLocker? Are they actually gpg ecrypted files, the file utility shows:
file *.gpg
f128093110.gpg: data
f184042821.gpg: data
f188446262.gpg: data
f238766711.gpg: DOS executable (COM)
f259167392.gpg: data
f270716979.gpg: DOS executable (COM)
f39858524.gpg: DOS executable (COM)
f93701561.gpg: data
Thanks.
PS: I'm using PhotoRec 6.13, Data Recovery Utility, November 2011
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
Version: 6.13
Compiler: GCC 4.6
Compilation date: 2012-01-17T14:04:23
ext2fs lib: 1.42.5, ntfs lib: 10:0:0, ewf lib: none, libjpeg: 80
OS: Linux, kernel 3.16.0-0.bpo.4-amd64 (#1 SMP Debian 3.16.7-ckt11-1~bpo70+1 (2015-06-08)) x86_64
http://forum.cgsecurity.org/phpBB3/part ... t5214.html
Are these files evidence of something like CryptoLocker? Are they actually gpg ecrypted files, the file utility shows:
file *.gpg
f128093110.gpg: data
f184042821.gpg: data
f188446262.gpg: data
f238766711.gpg: DOS executable (COM)
f259167392.gpg: data
f270716979.gpg: DOS executable (COM)
f39858524.gpg: DOS executable (COM)
f93701561.gpg: data
Thanks.
PS: I'm using PhotoRec 6.13, Data Recovery Utility, November 2011
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
Version: 6.13
Compiler: GCC 4.6
Compilation date: 2012-01-17T14:04:23
ext2fs lib: 1.42.5, ntfs lib: 10:0:0, ewf lib: none, libjpeg: 80
OS: Linux, kernel 3.16.0-0.bpo.4-amd64 (#1 SMP Debian 3.16.7-ckt11-1~bpo70+1 (2015-06-08)) x86_64