Filecarving with Foremost

1. Introduction

In this lab, a disk image file “evidence.img” is provided in the home directory of the root user (/root/). One of the JPEG files present on the disk contains the flag.

Extract files from the given image using Foremost tool and retrieve the flag!

Guidelines:

• viu tool can be used to view image files on command-line interface (CLI).

2. Filecarving with Foremost

First let’s check the command reference of the tool foremost that is linked above.

foremost -v -i evidence.img -o output

As we can see, one jpg file got extracted. Let’s open that file with the viu tool.

3. Retrieve the flag

cd output/jpg

viu 00263184.jpg

4. Summary