a forensic file recovery tool
Brian Kelsay
BLKELSAY at kcc.usda.gov
Wed Jun 23 13:14:50 CDT 2004
Foremost: a Linux computer forensics tool
"Written by agents in the U.S. Air Force Office of Special Investigations, Foremost can read
through files and file headers on PCs or copied PC hard disk images. The tool scans a drive or
drive image for pre-defined file types or specific text strings, which are defined in a
configuration file. Foremost can be used to recover entire files, or partial file fragments from a
damaged disk as well as from deleted files on a hard drive. When the program finds files, it copies
the file header and data to a file on the local Linux machine."
Story
http://rootprompt.org/article.php3?article=7117
For stuff like Jim Hermann's lost mail it should be useful too.
Brian Kelsay
More information about the Kclug
mailing list