![Featured_[file-carving-data-recovery]](https://www.ticktechtold.com/wp-content/uploads/2022/11/Featured_file-carving-data-recovery.webp)
File Carving is a data recovery technique used to restore and recover full/partial lost, damaged or deleted files in a media drive. It is mainly used in data recovery and digital forensics investigations.
The magic of file carving lies in the software tool’s understanding of file formats and their header, footer and structure to re-construct back to their original state.
Below is a summary table of the different tools mentioned in this article.
| S/no | File Craving Tool | Platform |
|---|---|---|
| 1 | Stellar Data Recovery | Windows, macOS |
| 2 | PhotoRec | Windows, macOS, Linux |
| 3 | Recuva | Windows |
| 4 | Easeus Data Recovery | Windows, macOS |
| 5 | Foremost | Linux |
| 6 | DDRescue | Windows |
| 7 | Bulk Extractor | Windows, Linux |
In this article, I will list all the best and most reliable file carving tools for Windows, Mac and Linux operating systems.
There will be a mixture of both GUI software and terminal console tools. Some of the best file-craving tools out there are, in fact, console command-line applications.
What are the Best File Craving Tools for Digital Forensics and Data Recovery?
Here are the seven (7) best file carving tools that can be used for data recovery and digital forensics use.
1. Stellar Data Recovery
Stellar Data Recovery is a file carving and data recovery tool for Mac and Windows devices capable of recovering deleted documents, photos, and videos.
The software tool is compatible with M1, M2, and T2 chip-enabled Macs and often supports the latest macOS version.
For data recovery, it can recover from Fusion drive, Time Machine devices, formatted partitions and retrieves from solid state drives, portable hard drives, and many more.
2. PhotoRec
PhotoRec is a free, open-source image data recovery tool that supports over 480+ file extension formats. It can restore lost images from computers, digital cameras, mobile devices, memory cards or other storage media such as USB flash drives.
PhotoRec provides read-only access to its directory for data recovery to prevent overwriting recovered data onto the same drive or partition. Instead, users will specify another drive or volume for recovered images.
QPhotoRec is the graphical user interface for the file-carving PhotoRec tool that offers simplicity and ease of use.
3. Recuva
Recuva is a Windows-only file carving application that can retrieve any lost file, including emails, documents, music, movies, and images. Additionally, it can restore data from any rewriteable media you may have, including USB sticks, external hard drives, and memory cards.
Recuva has an advanced deep scan mode for hard-to-find files that scans your drive to find all traces of deleted files.
The data recovery tool can recover files from damaged or recently formatted devices. It has free and Pro versions with more data recovery features.
4. Easeus Data Recovery
Easeus Data Recovery is a file-carving software that can recover almost any file, including documents, images, videos, audio, emails and many more.
The data recovery tool can restore deleted files from various media (hard drives, MicroSD cards, etc.) and repair corrupted photos, videos and documents.
The easy-to-use GUI interface offers users a free preview of the restored/recovered file before attempting a full recovery which requires more time.
There is also a feature that allows users to specify precisely which directory location they want the file recovery to take place, which can save up time instead of deep scanning the entire drive.
5. Foremost
Initially developed by the U.S Air Force, Foremost is a lightweight Linux terminal application that does file carving on files based on their headers, footers and data structures.
Foremost is installed on Linux operating systems and can be used on Kali Linux and Ubuntu distros. The data recovery tool also supports digital forensics images, such as dd and E01 evidence file formats.
6. DDRescue
DDRescue is a data recovery tool that copies data from one file or block device (hard drive, CD-ROM, etc.) to another file or block device and tries to salvage the good part if a read error occurs.
The file carving tool manipulates ddrescue map files, displays map file contents, translates map files to and from different formats, compares map files, checks the rescue status, and can remove a map file after the rescue is complete.
DDRescue does not write zeros to the output and is periodically saved to a disc, which is helpful in the event of a crash.
7. Bulk Extractor
Bulk Extractor works like a file carving tool and a high-performance digital forensics exploitation tool. The data recovery software tool searches for file header and footer patterns of various data and then extracts these ranges as a file.
The tool extracts structured information such as credit card numbers, email addresses, JPEG images, etc., without going through the parsing of file systems.
Bulk Extractor – Features
- It is multi-threaded, so input data should be processed at high speed. (100 – 300 MBytes/sec)
- Expand data recursively, such as expanding gzipped files
- Support memory dumps, disk, volume, and file systems.
