Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.
The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
Originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research , foremost has been opened to the general public.
You can download the latest version here:
Or read more here.
- Rekall – Memory Forensic Framework
- DAMM – Differential Analysis of Malware in Memory
- Malheur – Automatic Malware Analysis Tool
- PlainSight – Open Source Computer Forensics LiveCD
- tcpxtract – Extract Files from Network Traffic AKA Carving
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks
Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,210 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 33,235 views
- sslsniff v0.6 Released – SSL MITM Tool - 27,159 views