Carving tools help you recover deleted files
If the filesystem is not completely destroyed, tools that evaluate the filesystem provide an important alternative to tools such as Foremost and Scalpel. The PhotoRec  recovery tool was developed by Christophe Grenier to rescue photos from corrupt Flash memory. PhotoRec will also work if the partition table is damaged.
Once PhotoRec has identified the filesystem, it extracts an enormous variety of file types. In addition to photo files, PhotoRec also restores EXE or ZIP files.
All told, the tool supports more than 180 file types. The program is controlled by means of a practical text menu, which reduces the danger of user errors. Unfortunately, PhotoRec cannot current analyze RAM dumps or swap files.
File carvers help forensic investigators extract deleted files. Foremost and Scalpel ignore the filesystem and can even restore data from RAM dumps and swap files. Their speed is quite amazing.
If the filesystem still exists, a tool such as PhotoRec is also useful for finding lost files.
- The Coroner's Toolkit: http://www.porcupine.org/forensics/tct.html
- The Sleuth Kit: http://www.sleuthkit.org
- Foremost: http://foremost.sf.net
- Scalpel: http://www.digitalforensicssolutions.com/Scalpel/
- PhotoRec: http://www.cgsecurity.org/wiki/PhotoRec
- FTimes: http://ftimes.sourceforge.net/FTimes/
- Foremost on the Forensics Wiki: http://www.forensicswiki.org/wiki/Foremost
- OCFA, The carve path zero-storage library and filesystem: http://ocfa.sourceforge.net/libcarvpath/
- DFRWS carving challenge: http://www.dfrws.org/2006/challenge/
Read full article as PDF:Foremost_Web.pdf (884.84 kB)
Missing page in print articlePg 32 of the print article is incorrect. Page 33 is duplicated on pgs 32 and 33.
Thank you for providing correct article layout via PDF.
New release comes with better semantic search and improvements to Kontact.
Annual code quality report shows FOSS is more secure at all project size levels.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers