Foremost
Jump to navigation
Jump to search
Foremost is an extraction tool that can read from disk partitions or images, finding many types of files even those that have been deleted.
Example
$ sudo mkdir foremost-out $ sudo foremost -dv -i /dev/sdb1 -o foremost-out/ Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus Audit File Foremost started at Sat Nov 26 14:04:49 2016 Invocation: foremost -dv -i /dev/sdb1 -o foremost-out/ Output directory: /home/mdf/foremost-out Configuration file: /etc/foremost.conf Processing: /dev/sdb1 |------------------------------------------------------------------ File: /dev/sdb1 Start: Sat Nov 26 14:04:49 2016 Length: 1 GB (2026962944 bytes) ... 796 FILES EXTRACTED jpg:= 124 gif:= 77 bmp:= 21 rif:= 3 htm:= 15 ole:= 19 zip:= 121 rar:= 1 exe:= 133 png:= 129 pdf:= 153 ------------------------------------------------------------------ Foremost finished at Sat Nov 26 14:22:26 2016