Description: Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
source : http://foremost.sourceforge.net/
this video explains how to use forensics tool foremost. following are the options.
foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus.
$ foremost [-v|-V|-h|-T|-Q|-q|-a|-w-d] [-t <type>] [-s <blocks>] [-k <size>]
[-b <size>] [-c <file>] [-o <dir>] [-i <file] -V="" -="" display="" copyright="" information="" and="" exit="" -t="" -="" specify="" file="" type.="" (-t="" jpeg,pdf="" ...)="" -d="" -="" turn="" on="" indirect="" block="" detection="" (for="" UNIX="" file-systems)="" -i="" -="" specify="" input="" file="" (default="" is="" stdin)="" -a="" -="" Write="" all="" headers,="" perform="" no="" error="" detection="" (corrupted="" files)="" -w="" -="" Only="" write="" the="" audit="" file,="" do="" not="" write="" any="" detected="" files="" to="" the="" disk="" -o="" -="" set="" output="" directory="" (defaults="" to="" output)="" -c="" -="" set="" configuration="" file="" to="" use="" (defaults="" to="" foremost.conf)="" -q="" -="" enables="" quick="" mode.="" Search="" are="" performed="" on="" 512="" byte="" boundaries.="" -Q="" -="" enables="" quiet="" mode.="" Suppress="" output="" messages.="" -v="" -="" verbose="" mode.="" Logs="" all="" messages="" to="" screen="">
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
this tool works on the basis of headers, footers, and internal data structures.
thanks
Tool Looks good. Anyone tried this tool ? let's see when you are recovered some files. After that, how was the file health? its working or not ? I mean some time we can see the recovered file but we cant access.