<yambe:breadcrumb>Recovery_tools|Recovery tools</yambe:breadcrumb>

autopsy

autopsy comes preinstalled with kali linux. With autopsy we can create a symlink of partition and see its deleted files. The deleted files can then be recovered using its web interface. After autopsy is started it generally provides a web interface at http://localhost:9999/autopsy. Using the web interface we can create a new case and a new disk image (symlink without calculating hash). Then the image can be analyzed for deleted files.