# Filecarving with Foremost
### 1. Introduction
> In this lab, a disk image file “evidence.img” is provided in the home directory of the root user (/root/). One of the JPEG files present on the disk contains the flag.
Extract files from the given image using [**Foremost**](http://foremost.sourceforge.net/) tool and retrieve the flag!
**Guidelines:**
* [viu tool](https://github.com/atanunq/viu) can be used to view image files on command-line interface (CLI).
### 2. Filecarving with Foremost
First let’s check the command reference of the tool foremost that is linked above.
`foremost -v -i evidence.img -o output`
As we can see, one jpg file got extracted. Let’s open that file with the viu tool.
### 3. Retrieve the flag
`cd output/jpg`
`viu 00263184.jpg`
### 4. Summary
{% embed url="" %}
