Foremost

Foremost is an extraction tool that can read from disk partitions or images, finding many types of files even those that have been deleted.

Example

$ sudo mkdir foremost-out
$ sudo foremost -dv -i /dev/sdb1 -o foremost-out/
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Sat Nov 26 14:04:49 2016
Invocation: foremost -dv -i /dev/sdb1 -o foremost-out/ 
Output directory: /home/mdf/foremost-out
Configuration file: /etc/foremost.conf
Processing: /dev/sdb1
|------------------------------------------------------------------
File: /dev/sdb1
Start: Sat Nov 26 14:04:49 2016
Length: 1 GB (2026962944 bytes)

...
796 FILES EXTRACTED
	
jpg:= 124
gif:= 77
bmp:= 21
rif:= 3
htm:= 15
ole:= 19
zip:= 121
rar:= 1
exe:= 133
png:= 129
pdf:= 153
------------------------------------------------------------------

Foremost finished at Sat Nov 26 14:22:26 2016