Which technique in digital forensics extracts files from unallocated space without relying on metadata?

File carving targets unallocated space by reassembling files from raw data based on file signatures rather than filesystem metadata. In practice, forensic analysts scan the disk for known headers and footers of file types, then piece together the bytes between them to reconstruct complete files. Because this method does not rely on metadata such as file tables or directory entries, it can recover files even when metadata is missing, damaged, or overwritten. This makes it ideal for extracting data that has been deleted or left behind after edits or reformats. It does face challenges with fragmented data or files without distinctive signatures, which can lead to partial or ambiguous results. Other processes like imaging, general analysis, or collection describe broader activities (copying data, examining data, or acquiring evidence) and don’t specifically capture the signature-based reconstruction from raw space.