Monday, May 11, 2015

Foremost File Types

Foremost File Types

Currently foremost can recover the following file types:
jpg - Support for the JFIF and Exif formats including implementations used in modern digital cameras.
gif
png
bmp - Support for windows bmp format.
avi
exe - Support for Windows PE binaries, will extract DLL and EXE files along with their compile times.
mpg - Support for most MPEG files (must begin with 0x000001BA)
wav
riff - This will extract AVI and RIFF since they use the same file format (RIFF). note faster than running each separately.
wmv - Note may also extract -wma files as they have similar format.
mov
pdf
ole - This will grab any file using the OLE file structure. This includes PowerPoint, Word, Excel, Access, and StarWriter
doc - Note it is more efficient to run OLE as you get more bang for your buck. If you wish to ignore all other ole files then use this.
zip - Note is will extract .jar files as well because they use a similar format. Open Office docs are just zipâd XML files so they are extracted
as well. These include SXW, SXC, SXI, and SX? for undetermined OpenOffice files.
rar
htm
cpp - C source code detection, note this is primitive and may generate documents other than C code.
You can tweak /etc/foremost.conf to add support for more file types.

Example cmd:

#foremost –t htm –i /tmp –o /recovery
Share: