Lazarus

Lazarus is a “a program that attempts to resurrect deleted files or data from raw data – most often the unallocated portions of a Unix file system, but it can be used on any data, such as system memory, swap, etc.” [From lazarus.README].

Lazarus is extremely disk and CPU intensive…it takes a very long time to run.  However, it will seek through each block of data (the size can be set by you) and search for known data, including the following types:

• archive
• C code
• ELF
• sniffers
• HTML
• image/pix
• logs
• mail
• null
• programs
• mailq
• removed
• lisp
• text
• uuencoded
• password file
• exe
• compressed
• binary
• sound

Each block of identified data is then written to disk and a HTML index is created so you can quickly review the results.  A nice overview of the program can be found at Patrick B. O’Keefe (Department of Computer Science & Engineering at the University of South Carolina) Lazarus tutorial.