Scalpel is the common file recovery tool that carves files with the help of the Boyer-Moore string checks to find the footers and headers in a disk image. Via these techniques, we can basically carve the file on the disk which was sculpted during the time it takes to read it. Scalpel can slice FATx, NTFS, ext2/3, or raw partition files independently of the file system. It helps research and digital forensics.
Installation:
It’s an inbuilt utility of Kali Linux, so for installing from the packages
utility into the front line, you have to type,
sudo apt install scalpel -y.
Before Starting with Scalpel, you have to check whether the USB Drive is
actually showing on Kali Linux or not. For this, we have to use the command:
sudo fdisk -l. (In this scenario we are using SanDisk 8 GB USB Drive)
FDISK Results |
- Here it shows under the substantial path which is /dev/sdb1 with 7.5G of size means the USB Drive is inserted successfully and showing as well.
- Before initializing, we have to make changes to the configuration file. The file is stored in /etc/scalpel and the name of the file is scalpel.conf. Just nano or gedit it to make changes.
Editing the file |
- Here you can find various file types mentioned that we can recover. Just remove "#" from there. Let's try for the JPG file type. So remove the hash from lines 87 and 88 and save the file.
Removing HASHes |
- Now for a better understanding of the tool, type, scalpel -h.
Help Options |
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
No comments:
Post a Comment