Carving tools help you recover deleted files
If the filesystem is not completely destroyed, tools that evaluate the filesystem provide an important alternative to tools such as Foremost and Scalpel. The PhotoRec  recovery tool was developed by Christophe Grenier to rescue photos from corrupt Flash memory. PhotoRec will also work if the partition table is damaged.
Once PhotoRec has identified the filesystem, it extracts an enormous variety of file types. In addition to photo files, PhotoRec also restores EXE or ZIP files.
All told, the tool supports more than 180 file types. The program is controlled by means of a practical text menu, which reduces the danger of user errors. Unfortunately, PhotoRec cannot current analyze RAM dumps or swap files.
File carvers help forensic investigators extract deleted files. Foremost and Scalpel ignore the filesystem and can even restore data from RAM dumps and swap files. Their speed is quite amazing.
If the filesystem still exists, a tool such as PhotoRec is also useful for finding lost files.
- The Coroner's Toolkit: http://www.porcupine.org/forensics/tct.html
- The Sleuth Kit: http://www.sleuthkit.org
- Foremost: http://foremost.sf.net
- Scalpel: http://www.digitalforensicssolutions.com/Scalpel/
- PhotoRec: http://www.cgsecurity.org/wiki/PhotoRec
- FTimes: http://ftimes.sourceforge.net/FTimes/
- Foremost on the Forensics Wiki: http://www.forensicswiki.org/wiki/Foremost
- OCFA, The carve path zero-storage library and filesystem: http://ocfa.sourceforge.net/libcarvpath/
- DFRWS carving challenge: http://www.dfrws.org/2006/challenge/
Buy this article as PDF
But if you are not using the latest Linux kernel, your system is insecure.
Home routers will give room for custom firmware but still comply with FCC rules
Frank Karlitschek will continue to lead the open source ownCloud project
“Xenial Xerus” comes with a new packages format and several improvements for the enterprise.
Linux users can now download and install the Windows code editor
New initiative will address security and interoperability concerns around container technology.
Developers can use RHEL as a development platform without a subscription fee.
Windows users will soon have native access to the Bash shell.
Improvements to SMTP will provide better guarantee of confidentiality
Graphics vendor embraces new reality in Linux graphics