Foremost-NG: An Open-Source Toolkit for Advanced File Carving and Analysis
Resumo
File carving and data recovery are critical tasks in digital forensics, incident response, and malware analysis. The original Foremost tool, while powerful, has long suffered the lack of updates and limited file formats. This paper introduces Foremost-NG, a community-driven fork that significantly refactors the core structure, adds new file-format parsers (including EVTX, script files, Mach-O, and ELF executables), and integrates with VirusTotal for on-the-fly threat intelligence. By modernizing the carving engine, decoupling format-specific handlers, and embedding an HTTP-based lookup for hash-based analysis, Foremost-NG delivers a robust, extensible platform for modern forensic workflows, as well as facilitates the inclusion of new file-formats.Referências
Casino, F., Dasaklis, T. K., Spathoulas, G. P., Anagnostopoulos, M., Ghosal, A., Borocz, I., Solanas, A., Conti, M., and Patsakis, C. (2022). Research trends, challenges, and emerging topics in digital forensics: A review of reviews. Ieee Access, 10:25464–25493.
Kalmukov, Y. (2024). Experimental evaluation of the php’s curl library performance. arXiv preprint arXiv:2405.00001.
Ramli, N. I. S., Hisham, S. I., and Badshah, G. (2021). Analysis of file carving approaches: A literature review. In Advances in Cyber Security: Third International Conference, ACeS 2021, Penang, Malaysia, August 24–25, 2021, Revised Selected Papers 3, pages 277–287. Springer.
Sivanantham, G., Krishnan, A., et al. (2024). Experimenting integration of custom ecdsa algorithm in openssl. In 2024 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA), pages 1–6. IEEE.
Souza, C. H., Pascoal, T., Neto, E. P., Sousa, G. B., Filho, F. S., Batista, D. M., and Dantas Silva, F. S. (2025). Sdn-based solutions for malware analysis and detection: State-of-the-art, open issues and research challenges. Journal of Information Security and Applications, 93:104145.
Kalmukov, Y. (2024). Experimental evaluation of the php’s curl library performance. arXiv preprint arXiv:2405.00001.
Ramli, N. I. S., Hisham, S. I., and Badshah, G. (2021). Analysis of file carving approaches: A literature review. In Advances in Cyber Security: Third International Conference, ACeS 2021, Penang, Malaysia, August 24–25, 2021, Revised Selected Papers 3, pages 277–287. Springer.
Sivanantham, G., Krishnan, A., et al. (2024). Experimenting integration of custom ecdsa algorithm in openssl. In 2024 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA), pages 1–6. IEEE.
Souza, C. H., Pascoal, T., Neto, E. P., Sousa, G. B., Filho, F. S., Batista, D. M., and Dantas Silva, F. S. (2025). Sdn-based solutions for malware analysis and detection: State-of-the-art, open issues and research challenges. Journal of Information Security and Applications, 93:104145.
Publicado
01/09/2025
Como Citar
SOUZA, Cristian H. M.; BATISTA, Daniel M..
Foremost-NG: An Open-Source Toolkit for Advanced File Carving and Analysis. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 20-27.
DOI: https://doi.org/10.5753/sbseg_estendido.2025.12307.
