Extracting Hidden Files With Foremost On Linux

Code:

sudo apt install -y foremost

Extract Script

Code:

#!/bin/bash
#(c) J~Net 2016
# Usage ./Ext6ract.sh "filename.png"
#
myvar="$1"
myvar2="$2"
sudo apt-get install -y foremost
mkdir output
# steghide extract -sf "$myvar" -p "$myvar2"
foremost -t all -i "$myvar" -o output

A useful function for your .bashrc

Code:

sudo gedit .bashrc

Code:

function unhide() {
myvar="$1"
myvar2="$2"
mkdir output
foremost -t all -i "$myvar" -o output
}

Usage:

Code:

unhide image.png

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Using windows to make a file to test for Extraction!

Code:

putting data into an image

copy /b pic.jpg+txt.rar final.jpg

Or

copy /b "file.jpg"+"file.zip" "newfile.jpg"
 
where pic.jpg is the original picture file, the .rar is the compressed data and final is the output file containing the original image plus compressed data!


now to extract open pic with winrar

Also try out the file extraction using scalpel

Code:

sudo apt-get install -y scalpel

Code:

sudo gedit /etc/scapel/scalpel.conf

Code:

slalpel -c scalpel.conf -o output infile.img

More about it

Digital Forensics



Making an md5 hash of a file

Code:

md5sum file.dd > file.md5

Binwalk

Code:

sudo apt-get install -y binwalk