cgsecurity
diff --git a/‎after_using_photorec.rst
+18-8 b/‎after_using_photorec.rst
+18-8
diff --git a/‎bootable.rst
+13-13 b/‎bootable.rst
+13-13
diff --git a/‎compilation.rst
+3-3 b/‎compilation.rst
+3-3
diff --git a/‎compilation_env.rst
+3-4 b/‎compilation_env.rst
+3-4
diff --git a/‎conf.py
+1-1 b/‎conf.py
+1-1
diff --git a/‎crosscompilation_env.rst
+11-5 b/‎crosscompilation_env.rst
+11-5
diff --git a/‎ddrescue.rst
+11-11 b/‎ddrescue.rst
+11-11
diff --git a/‎dfrws2006.rst
+1-1 b/‎dfrws2006.rst
+1-1
diff --git a/‎dftt_fat16_undelete.rst
+2-2 b/‎dftt_fat16_undelete.rst
+2-2
diff --git a/‎dftt_ntfs_undelete.rst
+2-2 b/‎dftt_ntfs_undelete.rst
+2-2
diff --git a/‎forensics.rst
+3-3 b/‎forensics.rst
+3-3
@@ -1,6 +1,6 @@
 After using PhotoRec
 ====================
-Usually PhotoRec and QPhotorec recover a lot of files but without the original filenames, it may be hard to locate the files you are interested in.
+Usually PhotoRec and QPhotoRec recover a lot of files but without the original filenames, it may be hard to locate the files you are interested in.
 
 Sorting the files by extension
 ******************************
@@ -11,7 +11,7 @@ https://github.com/lconte/Copy-PhotoRecFilesbyExtension.ps1
 
 Using a Python script
 ---------------------
-Python comes preinstalled on macOS and most Linux distribution. It can also be installed under Windows.
+Python comes preinstalled on macOS and most Linux distributions. It can also be installed under Windows.
 The Python program `sort-PhotorecRecoveredFiles <https://github.com/tfrdidi/sort-PhotorecRecoveredFiles>`_
 
  * sorts all files by file extensions into own folders.
@@ -21,27 +21,37 @@ The Python program `sort-PhotorecRecoveredFiles <https://github.com/tfrdidi/sort
 Renaming files using exiftool
 *****************************
 exiftool can use meta-data from several popular file formats to rename files.
-All Linux distributions comes with a package for exiftool (perl-Image-ExifTool for RedHat, CentOS and Fedora) but otherwise it is available for Windows, Linux and macOS from http://www.sno.phy.queensu.ca/~phil/exiftool/
+All Linux distributions comes with a package for :command:`exiftool` (file:`perl-Image-ExifTool` for Red Hat, CentOS and Fedora) but otherwise it is available for Windows, Linux and macOS from https://www.sno.phy.queensu.ca/~phil/exiftool/
 
 
 .. code-block:: none
 
-   exiftool -r -ext jpg '-FileName<DateTimeOriginal' -d sorted_jpg/%Y%m%d/%Y%m%d_%H%M%S%%-c.%%e jpg/
-   exiftool -r -ext tif '-FileName<DateTimeOriginal' -d sorted_tif/%Y%m%d/%Y%m%d_%H%M%S%%-c.%%e tif/
    exiftool -r -ext avi '-FileName<DateTimeOriginal' -d avi/%Y%m%d_%H%M%S%%-c.%%e avi/
    exiftool -r -ext doc '-FileName<CreateDate' -d doc/%Y%m/%%f.%%e doc/
+   exiftool -r -ext jpg '-FileName<DateTimeOriginal' -d sorted_jpg/%Y%m%d/%Y%m%d_%H%M%S%%-c.%%e jpg/
    exiftool -r -ext mov '-FileName<CreateDate' -d mov/%Y%m%d_%H%M%S%%-c.%%e mov/
-   exiftool -r -ext mp3 '-FileName<mp3/${artist;} - ${Album;} - ${Track;} - ${Title;}%-c.%e' mp3/
-   exiftool -r -ext mp4 '-FileName<CreateDate' -d mp4/%Y%m%d_%H%M%S%%-c.%%e mp4/
+   exiftool -r -ext mp3 '-FileName<mp3/${artist;} - ${Album;} - ${Track;} - ${Title;}%-c.%e' mp3/f*.mp3
+   exiftool -r -ext mp3 '-FileName<mp3/${artist;} - ${Album;} - ${Title;}%-c.%e' -if 'not defined $Track and defined $Title and $Title ne ""' mp3/f*.mp3
+   exiftool -r -ext mp3 '-FileName<mp3/${artist;} - ${Title;}%-c.%e' -if 'not defined $Track and not defined $Album and defined $Title and $Title ne ""' mp3/f*.mp3
+   exiftool -r -ext mp3 '-FileName<mp3/${artist;} - ${Album;}%-c.%e' -if 'not defined $Track and (not defined $Title or $Title eq "")' mp3/f*.mp3
+   exiftool -r -ext ogg '-FileName<ogg/${artist;} - ${Album;} - ${Track;} - ${Title;}%-c.%e' ogg/f*.ogg
+   exiftool -r -ext ogg '-FileName<ogg/${artist;} - ${Album;} - ${Title;}%-c.%e' -if 'not defined $Track and defined $Title and $Title ne ""' ogg/f*.ogg
+   exiftool -r -ext ogg '-FileName<ogg/${artist;} - ${Title;}%-c.%e' -if 'not defined $Track and not defined $Album and defined $Title and $Title ne ""' ogg/f*.ogg
+   exiftool -r -ext ogg '-FileName<ogg/${artist;} - ${Album;}%-c.%e' -if 'not defined $Track and (not defined $Title or $Title eq "")' ogg/f*.ogg
    exiftool -r -ext m4p '-FileName<m4p/${Artist;} - ${Album;} - ${Title;}%-c.%e' m4p/
    exiftool -r -ext mkv '-FileName<%f_${Title;}%-c.%e' mkv/
+   exiftool -r -ext mp4 '-FileName<CreateDate' -d mp4/%Y%m%d_%H%M%S%%-c.%%e mp4/
+   exiftool -r -ext ps  '-FileName<%f_${Title;}%-c.%e' ps/
+   exiftool -r -ext rtf '-FileName<%f_${Title;}%-c.%e' rtf/
+   exiftool -r -ext tif '-FileName<DateTimeOriginal' -d sorted_tif/%Y%m%d/%Y%m%d_%H%M%S%%-c.%%e tif/
    exiftool -r -ext ttf '-FileName<ttf/${FontName;}%-c.%e' ttf/
+   exiftool -r -ext wma '-FileName<wma/${AlbumArtist;} - ${AlbumTitle;} - ${TrackNumber;}%-c.%e' wma/
 
    exiftool -r -ext jpg '-FileName<IMG_${FileIndex}%-c.%e' recup_dir.*
 
 Removing duplicated files
 *************************
-Under Linux, fslint can be used to remove duplicated files
+Under Linux, :command:`fslint` can be used to remove duplicated files
 
 .. code-block:: none
 
 
@@ -4,45 +4,45 @@ How to make the system bootable again
 Check that
 
  * all partitions are listed in the partition table
- * a partition with your computer os is listed as \*(bootable)
+ * a partition with your computer OS is listed as \*(bootable)
  * you can list the files from the bootable partition
 
 
 DOS - Window 95/98
 ------------------
 
-If your OS doesn't boot, you can reinstall the system files with ``sys c:``.
+If your OS doesn't boot, you can reinstall the system files with :command:`sys c:`.
 
 Windows 2000/XP/2003
 --------------------
 
- * Run fixmbr from the Recovery Console
+ * Run :command:`fixmbr` from the Recovery Console
 
 .. code-block:: none
 
    fixmbr \Device\HardDisk0
 
 If you still have the problem,
 
- * Run `fixboot` to repair NTFS boot sector.
- * Check ``c:\boot.ini`` content
+ * Run :command:`fixboot` to repair NTFS boot sector.
+ * Check :file:`c:\\boot.ini` content
 
 Windows Vista/Windows 7/..., Windows Server 2008/...
 ----------------------------------------------------
- * Run ``bootrec.exe /fixmbr`` from the Recovery Console
- * For legacy / PC Intel partition table, check ``c:\boot.ini`` content
- * For EFI GPT, check the output of ``bcdedit /v``. To modify the settings, use the ``bcdedit /set`` command.
- * Run ``bootrec.exe /fixboot`` to repair NTFS boot sector.
+ * Run :command:`bootrec.exe /fixmbr` from the Recovery Console
+ * For legacy / PC Intel partition table, check :file:`c:\\boot.ini` content
+ * For EFI GPT, check the output of :command:`bcdedit /v`. To modify the settings, use the :command:`bcdedit /set` command.
+ * Run :command:`bootrec.exe /fixboot` to repair NTFS boot sector.
 
 Linux/FreeBSD
 -------------
 
- * Update your /etc/fstab to reflect the new partition order.
+ * Update your :file:`/etc/fstab` to reflect the new partition order.
  * Update your multiboot configuration
 
-    * Lilo: /etc/lilo.conf
-    * Grub: /boot/grub/grub.conf
-    * Grub2: /etc/grub2-efi.cfg
+    * Lilo: :file:`/etc/lilo.conf`
+    * Grub: :file:`/boot/grub/grub.conf`
+    * Grub2: :file:`/etc/grub2-efi.cfg`
 
  * Reinstall the multiboot in the Master Boot Record.
 
 
@@ -7,8 +7,8 @@ Once you have downloaded the source archive from https://www.cgsecurity.org/wiki
 
 .. code-block:: none
 
-   tar xjf testdisk-7.1-WIP.tar.bz2
-   cd testdisk-7.1-WIP
+   tar xjf testdisk-7.2-WIP.tar.bz2
+   cd testdisk-7.2-WIP
    ./configure && make
 
 
@@ -19,7 +19,7 @@ Compilation from git repository
 
    git clone https://git.cgsecurity.org/testdisk.git
 
-If you have already cloned the project, to update your local copy, run ``git pull`` from the testdisk directory. 
+If you have already cloned the project, to update your local copy, run :command:`git pull` from the :file:`testdisk` directory. 
 
 .. code-block:: none
 
 
@@ -1,6 +1,6 @@
 Compilation environment
 ***********************
-testdisk uses several libraries if available:
+TestDisk uses several libraries if available:
 
  * libncurses - Required, TestDisk and PhotoRec use a text user interface, Ncurses library and development files must be available.
  * Ext2fs library - Optional, used by TestDisk to list files from ext2/ext3/ext4 partition and by PhotoRec to be able to carve the free space from an ext2/ext3 partition instead of the whole partition
@@ -16,7 +16,6 @@ Linux
 -----
 
  * Debian/Ubuntu: ``apt-get install build-essential e2fslibs-dev libewf-dev libncurses5-dev libncursesw5-dev ntfs-3g-dev libjpeg-dev uuid-dev zlib1g-dev qtbase5-dev qttools5-dev-tools pkg-config dh-autoreconf git``
- * RHEL/CentOS 5: ``yum install buildsys-build e2fsprogs-devel libjpeg-devel ncurses-devel ntfs-3g-devel zlib-devel git``
  * RHEL/CentOS 6 or later: ``yum install @buildsys-build desktop-file-utils e2fsprogs-devel libewf-devel libjpeg-devel libuuid-devel ncurses-devel ntfs-3g-devel qt-devel qt5-qtbase-devel zlib-devel git``
  * Fedora: ``dnf install @buildsys-build desktop-file-utils e2fsprogs-devel libewf-devel libjpeg-devel libuuid-devel ncurses-devel ntfs-3g-devel qt-devel qt5-qtbase-devel zlib-devel git``
 
@@ -28,8 +27,8 @@ Windows
 -------
 cygwin
 ^^^^^^
-Cygwin https://cygwin.com/ is a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows, it includes the gcc compiler.
-A DLL (cygwin1.dll) provides substantial POSIX API functionality, such functions may be required by some libraries that TestDisk or PhotoRec can use.
+Cygwin https://cygwin.com/ is a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows, it includes the GCC compiler.
+A DLL (:file:`cygwin1.dll`) provides substantial POSIX API functionality, such functions may be required by some libraries that TestDisk or PhotoRec can use.
 
 MinGW-w64
 ^^^^^^^^^
 
@@ -32,7 +32,7 @@
 # ones.
 extensions = [
 #    'sphinx.ext.githubpages',
-    'rst2pdf.pdfbuilder'
+#    'rst2pdf.pdfbuilder'
 ]
 
 # Add any paths that contain templates here, relative to this directory.
 
@@ -1,11 +1,17 @@
 Cross Compilation environment
 *****************************
 Using Linux, it's possible to generate binaries for Windows.
-Two cross-compiler toolchains are available under Fedora and CentOS 7 to create binaries for Windows 32 and 64 bits.
+Two cross-compiler toolchains are available under Fedora to create binaries for Windows 32 and 64 bits.
 All packages needed are available at
 
- * Windows cygwin target: https://copr.fedorainfracloud.org/coprs/grenier/cygwin-testdisk/
- * Windows mingw target: https://copr.fedorainfracloud.org/coprs/grenier/mingw-testdisk/
+ * Windows Cygwin target
 
-testdisk, photorec and fidentify official binaries are generated using cygwin,
-qphotorec using mingw.
+   * https://copr.fedorainfracloud.org/coprs/grenier/cygwin-testdisk/
+   * https://copr.fedorainfracloud.org/coprs/yselkowitz/cygwin/
+
+ * Windows MinGW target
+
+   * https://copr.fedorainfracloud.org/coprs/grenier/mingw-testdisk/
+
+:command:`testdisk`, :command:`photorec` and :command:`fidentify` official binaries are generated using Cygwin,
+:command:`qphotorec` using MinGW.
@@ -1,29 +1,29 @@
 DDRescue: data recovery from damaged disk
 =========================================
 
-A bad sector is a sector on a computer's disk drive that is either inaccessible or unwriteable due to permanent damage, such as physical damage to the disk surface.
+A bad sector is a sector on a computer's disk drive that is either inaccessible or unwritable due to permanent damage, such as physical damage to the disk surface.
 Flash memory may also have "bad sectors" (even if technically there is no sector in flash memory) due to permanent damage like failed flash memory transistors.
 
 Instead of working directly on the damaged disk, it's recommended to create a copy and to work on the clone.
 Two possibilities: create a disk image (a file) or overwrite a new/empty disk.
 
-ddrescue can be found for Linux or macOS. If your computer is using another operating system, no problem, create a Linux LiveUSB! (See :ref:`live-usb`)
+ddrescue can be found for Linux or macOS. If your computer is using another operating system, no problem, create a Linux Live USB! (See :ref:`live-usb`)
 
 ddrescue on Linux
 *****************
-drescue is available on all Linux distribution.
+ddrescue is available on all Linux distribution.
 
  * CentOS: ``yum install ddrescue``
  * Debian/Ubuntu: ``apt install gddrescue``
  * Fedora: ``dnf install ddrescue``
 
-Use ``lsblk`` or ``testdisk -lu`` to identify all the disks.
+Use :command:`lsblk` or :command:`testdisk -lu` to identify all the disks.
 
 ddrescue on macOS
 *****************
 To install ddrescue:
 
- * Press Command+Space and type ``Terminal`` and press enter/return key.
+ * Press Command+Space and type :command:`Terminal` and press enter/return key.
  * Run in Terminal app:
 
 .. code-block:: none
@@ -32,22 +32,22 @@ To install ddrescue:
    ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
    brew install ddrescue
 
-Done! You can now use ``ddrescue``.
-Use ``diskutil list`` to get information on all available disks and their partitioning.
+Done! You can now use :command:`ddrescue`.
+Use :command:`diskutil list` to get information on all available disks and their partitioning.
 
 DDRescue: disk to file image
 ****************************
 It's the recommended method for forensic purpose.
 You need enough space to store the file: if you want to create a clone of a 1TB disk, you need at least 1TB free on a filesystem.
 Avoid FAT filesystem for the destination as they are limited to 4GB file.
 
-In the following example, an image named sdb.dd will be created from the second disk /dev/sdb.
+In the following example, an image named :file:`sdb.dd` will be created from the second disk :file:`/dev/sdb`.
 
 .. code-block:: none
 
    ddrescue /dev/sdb sdb.dd sdb.log
 
-The log file ``sdb.log`` can be used to restart the recovery.
+The log file :file:`sdb.log` can be used to restart the recovery.
 It can take a few hours to several days to clone a disk with a lot of bad sectors.
 
 DDRescue: disk to disk copy
@@ -56,13 +56,13 @@ The destination disk must be at least as big as the original one. Be careful, tw
 
 Ie. WD10EZRZ and WD10EZEX are two models sold by Western Digital as 1TB model, in fact the first one is 1,000,000 MB, the second one 1,000,204 MB.
 
-Before beginning, disconnect all disks, usb device, cd/dvd reader/writer not needed: there is less chance to overwrite the wrong disk.
+Before beginning, disconnect all disks, USB device, CD/DVD reader/writer not needed: there is less chance to overwrite the wrong disk.
 
 .. code-block:: none
 
    ddrescue /dev/sdb /dev/sdc sdb.log
 
-The log file ``sdb.log`` can be used to restart the recovery.
+The log file :file:`sdb.log` can be used to restart the recovery.
 
 
 ddrutility: restricting ddrescue to NTFS allocated data block
 
@@ -6,7 +6,7 @@ DFRWS 2006 Forensics Challenge
 
 DFRWS 2006 Forensics Challenge is a data carving challenge. It's possible to use PhotoRec to recover most files:
 
- * run `photorec dfrws-2006-challenge.raw`
+ * run :command:`photorec dfrws-2006-challenge.raw`
  * Choose Proceed
  * Go In Options menu
  * Set "Paranoid : Yes (Brute force enabled)"
 
@@ -6,7 +6,7 @@ This test image is a 6MB FAT16 file system with six deleted files and two delete
 
 To undelete all files manually,
 
- * run `testdisk 6-fat-undel.dd`
+ * run :command:`testdisk 6-fat-undel.dd`
  * Choose `Proceed`.
  * A non partitioned media is detected automatically, press Enter to confirm.
  * Choose `Undelete`.
@@ -27,7 +27,7 @@ All files are copied.
  * Choose [Quit] until you have exited all menus
 
 The usual filenames for a FAT filesystem are composed of 8 chars for the name and 3 for the extension.
-When a file is deleted, the first character of the filename is overwritten. TestDisk represents the lost char by a underscore `_` (e.g. `_RAG1.DAT` instead of `FRAG1.DAT`)
+When a file is deleted, the first character of the filename is overwritten. TestDisk represents the lost char by a underscore `_` (e.g. :file:`_RAG1.DAT` instead of :file:`FRAG1.DAT`)
 If a long filename (> 8 characters) is present, it will be use instead. A benefit is that the whole filename can be displayed (e.g. `System Volume Information`)
 
 All files are recovered successfully except the 3 fragmented files.
 
@@ -4,12 +4,12 @@ Download the small `NTFS filesystem <https://sourceforge.net/projects/dftt/files
 
 To undelete all files manually,
 
- * run `testdisk 7-ntfs-undel.dd`
+ * run :command:`testdisk 7-ntfs-undel.dd`
  * Choose `Proceed`.
  * A non partitioned media is detected automatically, press Enter to confirm.
  * Choose `Undelete`.
 
-TestDisk lists all lost files successfully. The alternate data stream is listed as `./mult1.dat:ADS`, alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. Malware has used alternate data streams to hide code. As a result, malware scanners and other special tools now check for alternate data streams. Forensics analyst should also search for them as they may be used to hide documents.
+TestDisk lists all lost files successfully. The alternate data stream is listed as :file:`./mult1.dat:ADS`, alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. Malware has used alternate data streams to hide code. As a result, malware scanners and other special tools now check for alternate data streams. Forensics analyst should also search for them as they may be used to hide documents.
 
  * Press 'C' (uppercase) to copy all selected files and directories.
  * Choose a destination to copy all the files: use the arrow keys (up, down, left, right) to navigate, you can also use the enter key to enter into a directory.
 
@@ -5,7 +5,7 @@ The content of a disk may be modified by simply connecting it to a computer:
 
  * LVM driver will sync two RAID1-like volumes if they are out of sync
  * Linux Raid and fake Raid will also resync the disks if they are out of sync
- * Auto-mouting of the filesystem will modify the last-mount date and the mount count
+ * Auto-mounting of the filesystem will modify the last-mount date and the mount count
  * ext3 and ext4 will replay the journal if the filesystem is dirty.
  * The NTFS file system may attempt to commit or rollback unfinished transactions, and/or change flags on the volume to mark it as "in use".
  * The operating system will update the access time for any file accessed
@@ -21,7 +21,7 @@ updates in service area each time the device is powered-on.). It remains the bes
 Without a hardware write blocker, it's still possible to reduce the risks of accidental modifications.
 Using a Linux computer without graphical interface and without auto-mounting *may* be considered a good enough solution.
 
-Under Linux, `blockdev` or `hdparm` can be used to switch a disk to read-only:
+Under Linux, :command:`blockdev` or :command:`hdparm` can be used to switch a disk to read-only:
 
 .. code-block:: none
 
@@ -38,7 +38,7 @@ Loopback device is a safer alternative:
    losetup -r /dev/loop0 /dev/sdb
    testdisk /dev/loop0
 
-This way testdisk is forced to open the device in read-only.
+This way TestDisk is forced to open the device in read-only.
 
 
 Loopback can also be used to mount a filesystem in read-only:
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@`
`32`	`32`	`# ones.`
`33`	`33`	`extensions = [`
`34`	`34`	`# 'sphinx.ext.githubpages',`
`35`		`- 'rst2pdf.pdfbuilder'`
	`35`	`+# 'rst2pdf.pdfbuilder'`
`36`	`36`	`]`
`37`	`37`
`38`	`38`	`# Add any paths that contain templates here, relative to this directory.`