Digital Forensics with The Sleuth Kit - icat
In The Sleuth Kit (TSK), “icat” is a command line tool used to recover or display the contents of a specific file or data object in a given image or file system. The “icat” tool works by reading the file system metadata to locate the file or data object of interest and then reading the raw data associated with that object.
The contents of the file can then be displayed to the user or saved to disk. “icat” is commonly used in digital forensics and incident response to recover deleted or damaged files, or to retrieve specific data of interest for analysis.