foremost application

2 views
Skip to first unread message

mark...@gmail.com

unread,
Feb 20, 2007, 10:26:04 PM2/20/07
to Forensic Ideas
Hello,

Thank you for your advice in advance. In running this tool I have a
few questions about the conf file. One, I ran this on an image
searching for MS doc files. I got what appears to be duplicate
entires (00001040.doc & 00001040_1.doc) Why the duplicate entries.
One is 10 bytes and the other is 12,500 kb (which is the default in
foremost.conf).

The questions I have are the following. 1). What is the max in
foremost.conf? Can I change it to unlimited (eof). 2). I ran strings
on one of the files and it showed me what appeard a combination of
mulitiple files. Is it possible that it is not pulling out 1
specific .doc file. I did set the conf file to to pull only .doc
files. How can find the original name of the file? You can tell that
its not just a .doc file , even saw this (This program cannot be run
in DOS mode.) listed in the file. When I run file against the file I
get MS office document.

Thanks for your help.

Reply all
Reply to author
Forward
0 new messages