- by x32x01 ||
When it comes to digital forensics, 
recovering deleted or lost files is one of the most critical tasks. In this tutorial, we’ll learn how to use the Foremost tool in Kali Linux to bring back data that’s been permanently deleted - even from a formatted drive! 
Foremost is a powerful forensic data recovery tool used to restore lost files based on their headers, footers, and internal data structures. It can recover data from:
And it supports a wide range of file types - images, videos, PDFs, Office documents, and even .exe files.
Originally, Foremost came preinstalled in Kali Linux, but now you need to install it manually using the command below:
Before jumping into recovery, it’s good to understand the available options. Run the following command:
This will display all available flags and parameters to fine-tune your recovery process.
Now, plug in your USB drive or external device. To find its path, open a terminal and type:
You’ll see something like 
Now comes the magic part - running Foremost to restore deleted data:
Let’s break this down:
Tip: If you skip -t, Foremost will try to recover all known file types, which might take longer.
The time required depends on the size of the drive and the number of deleted files. Smaller drives will recover faster, while larger or overwritten data may take longer.
If some files have been overwritten, they might be partially corrupted - but Foremost still tries to recover as much data as possible.
Once done, open your chosen output folder (for example, 
Foremost isn’t just for digital investigators - it’s also great for personal data recovery. Whether you’ve lost photos from your camera SD card or accidentally formatted a USB drive, Foremost can save the day - and it’s totally free! 
Why pay for expensive recovery software when you can use a powerful open-source forensic tool that’s trusted by professionals worldwide?
If this guide helped you recover your lost files, drop a comment and share your experience - we’d love to hear your story!
recovering deleted or lost files is one of the most critical tasks. In this tutorial, we’ll learn how to use the Foremost tool in Kali Linux to bring back data that’s been permanently deleted - even from a formatted drive! 
Introduction to Foremost
Foremost is a powerful forensic data recovery tool used to restore lost files based on their headers, footers, and internal data structures. It can recover data from:- Hard drives
- USB flash drives
- Memory cards
- External storage devices
And it supports a wide range of file types - images, videos, PDFs, Office documents, and even .exe files.
Originally, Foremost came preinstalled in Kali Linux, but now you need to install it manually using the command below:
Code:
sudo apt-get install foremost Check the Foremost Help Menu
Before jumping into recovery, it’s good to understand the available options. Run the following command: Code:
foremost -h
Identify Your USB Drive
Now, plug in your USB drive or external device. To find its path, open a terminal and type: Code:
fdisk -l/dev/sdb1 - this represents your storage partition. Copy or note this path, as we’ll use it in the next step. 
Recover Permanently Deleted Files
Now comes the magic part - running Foremost to restore deleted data: Code:
foremost -t jpg,pdf,mp4 -v -q -i /dev/sdb1 -o /root/Desktop/recoveredLet’s break this down:
- -t → specify file types (e.g., jpg, pdf, mp4)
- -v → verbose mode (shows detailed output)
- -q → quick mode (faster scanning)
- -i → input device (our USB drive /dev/sdb1)
- -o → output folder for recovered files
Tip: If you skip -t, Foremost will try to recover all known file types, which might take longer.
Wait for the Process to Complete
The time required depends on the size of the drive and the number of deleted files. Smaller drives will recover faster, while larger or overwritten data may take longer.If some files have been overwritten, they might be partially corrupted - but Foremost still tries to recover as much data as possible.
Check Your Recovered Files
Once done, open your chosen output folder (for example, /root/Desktop/recovered). You’ll find your restored files neatly organized into folders by file type. Final Thoughts
Foremost isn’t just for digital investigators - it’s also great for personal data recovery. Whether you’ve lost photos from your camera SD card or accidentally formatted a USB drive, Foremost can save the day - and it’s totally free! Why pay for expensive recovery software when you can use a powerful open-source forensic tool that’s trusted by professionals worldwide?
If this guide helped you recover your lost files, drop a comment and share your experience - we’d love to hear your story!
Last edited: