Sleuthkit/Autopsy Foremost patch

Adding Foremost to Autopsy

Sleuthkit/Autopsy Foremost patch

Adding Foremost to Autopsy

Description

Author: P. Vissers

Foremost is a tool which can recover data from unallocated space by user definable headers and optionally footers. It runs on most Linux distributions. I thought it would be handy to be able to integrate this into Autopsy, along with the option to edit the configuration file. Well, here is the patch. Effort has been made to respect the original format of the ‘base/autopsyfunc.pm’.

Foremost 0.64 can be downloaded from foremost.sourceforge.net

The foremost.conf file format has been adapted for use with Autopsy. You can use foremost_converter.pl to convert your original configuration file. Parsing an original foremost.conf will result in errors.

Usage

Apply the patch to the Autopsy source code.

Download

You can download the current version (1.0) of Sleuthkit/Autopsy Foremost patch here: autopsy-foremost-patch.tgz