Undelete Files in Ubuntu Using Foremost

218
Article Source Bright Hub
May 16, 2009, 12:45 pm

Foremost is a Linux tool originally developed by the Air Force Office of Special Investigations and the Center for Information Systems Security Studies and Research. Primarily thought of a data forensics tool for law enforcement, the program has been released to the public. Here we’ll try using it for a specific purpose. Rather than explore all its capabilities, we’ll look at one area particularly helpful to Linux users – file undeletion in Ubuntu.

Many new users of Linux are surprised to learn that no “undelete” application is part of a distribution. If they research the problem a little, they’ll find that specialized hard drive searches using Grep or the Linux write command can be used to “dump” part of the contents of the hard drive into a file or folder. This is an inconvenient and lengthy process best done soon after the deletion and run from a Live CD instead of from an active partition…