{"id":13698777,"url":"https://github.com/korczis/foremost","last_synced_at":"2025-05-04T04:30:36.100Z","repository":{"id":3956671,"uuid":"5049997","full_name":"korczis/foremost","owner":"korczis","description":"Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.  Originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research , foremost has been opened to the general public. We welcome any comments, suggestions, patches, or feedback you have on this program. Please direct all correspondence to namikus@users.sf.net.","archived":false,"fork":false,"pushed_at":"2023-05-26T08:26:00.000Z","size":65,"stargazers_count":316,"open_issues_count":6,"forks_count":54,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-11-13T03:34:50.858Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/korczis.png","metadata":{"files":{"readme":"README","changelog":"CHANGES","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2012-07-14T18:37:00.000Z","updated_at":"2024-10-31T09:33:44.000Z","dependencies_parsed_at":"2024-01-17T16:08:15.770Z","dependency_job_id":"2e4915fe-79ad-4a34-84f4-2957e01b573e","html_url":"https://github.com/korczis/foremost","commit_stats":{"total_commits":4,"total_committers":3,"mean_commits":"1.3333333333333333","dds":0.5,"last_synced_commit":"9b2ccf2a6d924e7a57971af6b92e6a287d28efb1"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korczis%2Fforemost","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korczis%2Fforemost/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korczis%2Fforemost/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korczis%2Fforemost/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/korczis","download_url":"https://codeload.github.com/korczis/foremost/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252288912,"owners_count":21724323,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T19:00:52.831Z","updated_at":"2025-05-04T04:30:35.464Z","avatar_url":"https://github.com/korczis.png","language":"C","readme":"\nFOREMOST \n----------------------------------------------------------------------\n\nForemost is a Linux program to recover files based on their headers and\nfooters. Foremost can work on image files, such as those generated by dd,\nSafeback, Encase, etc, or directly on a drive. The headers and footers are\nspecified by a configuration file, so you can pick and choose which\nheaders you want to look for.\n\n\n\n--------------------------------------------\nINSTALL FOREMOST\n--------------------------------------------\n\nTo run foremost, you must:\n\n- uncompress the archive\n- compile\n- install\n\nHere's how to do it:\n\nLINUX:\n$ tar zxvf foremost-xx.tar.gz\n$ cd foremost-xx\n$ make\n$ make install\n\nBSD:\n$ tar zxvf foremost-xx.tar.gz\n$ cd foremost-xx\n$ make unix\n$ make install\n\nSOLARIS:\n$ tar zxvf foremost-xx.tar.gz\n$ cd foremost-xx\n$ make solaris\n$ make install\n\nOSX:\n$ tar zxvf foremost-xx.tar.gz\n$ cd foremost-xx\n$ make mac\n$ make macinstall\n\nOn systems with older versions of glibc (earlier than 2.2.0), you will get \nsome harmless warnings about ftello and fseeko not being defined. You can \nignore these.\n\n\nIf you ever need to remove foremost from your system, you can do this:\n\n$ make uninstall\n\n\n\n--------------------------------------------\nUSING FOREMOST\n--------------------------------------------\n\nA description of the command line arguments can be found in the man page. \nTo view it:\n\n$ man foremost\n\n\n\n--------------------------------------------\nCONFIGURATION FILE FORMAT\n--------------------------------------------\n\nThe configuration file is used to control what types of files foremost\nsearches for. A sample configuration file, foremost.conf, is included with\nthis distribution. For each file type, the configuration file describes\nthe file's extension, whether the header and footer are case sensitive,\nthe maximum file size, and the header and footer for the file. The footer\nfield is optional, but header, size, case sensitivity, and extension are\nnot!\n\nAny line that begins with a '#' is considered a comment and ignored. Thus,\nto skip a file type just put a '#' at the beginning of that line\n\nHeaders and footers are decoded before use. To specify a value in\nhexadecimal use \\x[0-f][0-f], and for octal use \\[0-7][0-7][0-7].  Spaces\ncan be represented by \\s. Example: \"\\x4F\\123\\I\\sCCI\" decodes to \"OSI CCI\".\n\nTo match any single character (aka a wildcard) use a '?'. If you need to\nsearch for the '?' character, you will need to change the 'wildcard' line\n*and* every occurrence of the old wildcard character in the configuration\nfile. Don't forget those hex and octal values! '?' is equal to 0x3f and\n\\063.\n\nHere's a sample set of headers and footers:\n\n# extension  case-sens  max-size   header\t\t\tfooter\t\t(option)\n#\n# GIF and JPG files (very common)\n\tgif\ty\t155000\t\\x47\\x49\\x46\\x38\\x37\\x61\t\\x00\\x3b\n  \tgif\ty \t155000\t\\x47\\x49\\x46\\x38\\x39\\x61\t\\x00\\x00\\x3b\n  \tjpg\ty\t200000\t\\xff\\xd8\\xff\t\t\t\\xff\\xd9\n\nNote: the option is a method of specifying additional options.  Current the following options exist:\n\nFORWARD: Specify to search from the header to the footer (optional) up to the max-size.\nREVERSE: Specify to search from the footer to the header up to the max-size.\nNEXT: Specify to search from the header to the data just past the footer.  This allows you to  specify data that you know is 'NOT' in the data you are looking for and should terminated the search, up to the max-size.\n\n--------------------------------------------\nBUG REPORTING\n--------------------------------------------\n\nPlease report ALL bugs to nick dot mikus AT gmail d0t com. Please include a \ndescription of the bug, how you found it, and your contact information.\n\n\n\n\n--------------------------------------------\nCREDITS AND THANKS\n--------------------------------------------\n\nForemost was written by Special Agent Kris Kendall and Special Agent Jesse\nKornblum of the United States Air Force Office of Special Investigations\nstarting in March 2001. This program would not be what it is today without\nhelp from (in no particular order): Rob Meekins, Dan Kalil, and Chet\nMaciag. This project was inspired by CarvThis, written by the Defense\nComputer Forensic Lab in 1999.\n\n\n--------------------------------------------\nLEGAL NOTICE\n--------------------------------------------\n\ndd, Safeback, and Encase are copyrighted works and any questions regarding \nthese tools should be directed to the copyright holders. The United States \nGovernment does not endorse the use of these or any other imaging tools. \n","funding_links":[],"categories":["Challenges","Tools","Forensics"],"sub_categories":["Steganography","Recovering tool / Memory Extraction"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkorczis%2Fforemost","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkorczis%2Fforemost","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkorczis%2Fforemost/lists"}