SleuthKit

The  SleuthKit is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems.

ralf uses SleuthKit to obtain the iNode information for the file requested to restore, and to extract the corresponding data blocks to an image file, thus restricting the space to search for foremost and PhotoRec.

For more details on the SleuthKit, please visit the  project site.