1 min read 126 words Updated Mar 09, 2026 Created May 09, 2026

Foremost

Foremost is an extraction tool that can read from disk partitions or images, finding many types of files even those that have been deleted.

Example

$ sudo mkdir foremost-out
$ sudo foremost -dv -i /dev/sdb1 -o foremost-out/
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Sat Nov 26 14:04:49 2016
Invocation: foremost -dv -i /dev/sdb1 -o foremost-out/ 
Output directory: /home/mdf/foremost-out
Configuration file: /etc/foremost.conf
Processing: /dev/sdb1
|------------------------------------------------------------------
File: /dev/sdb1
Start: Sat Nov 26 14:04:49 2016
Length: 1 GB (2026962944 bytes)

...
796 FILES EXTRACTED
	
jpg:= 124
gif:= 77
bmp:= 21
rif:= 3
htm:= 15
ole:= 19
zip:= 121
rar:= 1
exe:= 133
png:= 129
pdf:= 153
------------------------------------------------------------------

Foremost finished at Sat Nov 26 14:22:26 2016