Foremost is a forensic data recovery program for Linux operating system. It recovers files from their header footer and data structure using a process called file carving. Although written for law enforcement uses, it is freely available for general data retrieval purposes.
In this article, I will show you how to install and use the Foremost data recovery tool in Ubuntu.
Features of Foremost data recovery tool
The key features of Foremost utility are –
- Can retrieve data that was in different formats
- You can add custom file format by editing the available configuration file
- Can recover iPhone data using a computer
- Extract data elements that are embedded or lost from an image
How to install foremost in Ubuntu
Foremost is available in the Ubuntu repository so you can directly install it using the apt command in your terminal. But before you install Foremost on your system make sure to update the local package index by using –
sudo apt updateNext, run the following command to install Foremost on your Ubuntu system –
sudo apt install foremostIf it asks for your confirmation, type y and then press enter.
How to use Foremost tool in Ubuntu
Foremost recover files from a disk, based on the file type specified by a user by using the option -t with the foremost command. Foremost supports various files format such as jpg, gif, png, bmp, pdf, wmv, zip, exe, doc, etc.
The first step to use Foremost is to list disks and partitions and identify one that you want to scan for deleted files. There are several ways to list a disk, you can list them by using the given command.
df -h
Now let’s say we want to recover files on /dev/sda1 then we will use the given command –
sudo foremost -t jpg,pdf,mp4 -v -q -i /dev/sda1 -o /RecoveredWhere -t – Used to mention file type that we are going to recover
-v – Enables verbose mode which shows the information regarding the current state of foremost while recovering files
-q– This option is used for a quick scan of the device
-i– This option is used to mention the input device for scanning and recovering data
-o– This option is used to pass the location where recovered files will be saved
The following image shows the process of recovering files from a storage device.
Once completed all the files will be saved in the /Recovered directory.
You can check other options that can be used with this command on its manual page. Run the given command to view the man page of foremost command in your terminal –
man foremostConclusion
I hope now you are able to use this tool on your system for recovering deleted files. Now if you have a query then write us in the comments below.