Scalpel is the common file recovery tool that carves files with the help of
the Boyer-Moore string checks to find the footers and headers in a disk image.
Via these techniques, we can basically carve the file on the disk which was
sculpted during the time it takes to read it. Scalpel can slice FATx, NTFS,
ext2/3, or raw partition files independently of the file system. It helps
research and digital forensics.
Installation:
It’s an inbuilt utility of Kali Linux, so for installing from the packages
utility into the front line, you have to type,
sudo apt install scalpel -y.
Before Starting with Scalpel, you have to check whether the USB Drive is
actually showing on Kali Linux or not. For this, we have to use the command:
sudo fdisk -l. (In this scenario we are using SanDisk 8 GB USB Drive)
|
| FDISK Results |
-
Here it shows under the substantial path which is /dev/sdb1 with
7.5G of size means the USB Drive is inserted successfully and showing as
well.
-
Before initializing, we have to make changes to the configuration file.
The file is stored in
/etc/scalpel and the name of the
file is scalpel.conf. Just
nano or
gedit it to make changes.
|
| Editing the file |
-
Here you can find various file types mentioned that we can recover. Just
remove "#" from there. Let's try for
the JPG file type. So remove the hash from lines 87 and 88 and
save the file.
|
| Removing HASHes |
If the configuration file gives an error
upon saving. You have to open the file with sudo (for actual root
permission),
sudo gedit scalpel.conf.
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
%20Cover.jpg)
%20Cover.jpg)
No comments:
Post a Comment