Data Recovery Using Foremost

Installation on Linux Ubuntu/Debian:

sudo aptitude install foremost

Help:

foremost –h

I will describe some startup keys:
-V Displays program version and copyright information.
-t Specifies the file extensions to search.
-d For UNIX file systems
-i Specifies a device or image.
-a Writes all headers without error detection.
-w Do not restore files, write only the file with the report.
-o Directory for saving recovered files.
-c Specifies the configuration file.
-q Fast mode. Files may be skipped, since the search is only at the beginning of the sector, the rest of it is skipped, and it is also not recommended to use it with the NTFS file system.
-Q Quiet mode, some error messages will not be displayed.
-v Verbose mode, displays all messages on the screen.

We look at what devices are:

sudo fdisk -l

Suppose we have a USB flash drive and we want to save its image in our file:

sudo dd if=/dev/sdb1 of=fleshka.dd

Let’s create a directory for the restored files where we are comfortable:

mkdir ./out

Launch Examples:

sudo foremost -t jpg -o ./out fleshka.dd
sudo foremost -t jpeg,png,gif -o ./out -v -i /dev/sda
sudo foremost -t all -d -o ./out -v -i /dev/sda

See also my other articles on data recovery.

Leave a comment

Leave a Reply