Home
Latest images
Search
Register
Log inCAINE 1.5 Installed and Scalpel to carve files from the disk
Page 1 of 1
CAINE 1.5 Installed and Scalpel to carve files from the disk
joetekno Tue Mar 09, 2010 8:28 pm
"Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery."
1. Select "Start"... Caine... Caine Interface
2. Click the "Create Report" button
3. Select the "Analysis" tab
4. Click the “Scalpel” button
5. Click the “Open input file” button
6. Select your image file (example: file system.. evidence… sda-img.dd)
7. Click the “OK” button
8. Click “Select directory” button
9. Create a directory to save your output to
a. Select… File system… evidence…
b. Click “Create folder” button, type “scalpeloutput”
c. Click “OK” button
10. Open a terminal window, maneuver to /evidence and see if the scalpeloutput directory exists. If it does not, redo step 8.
11. Click the “Edit file” button
a. Remove the pound/hash marks “#” in front of the “doc” entries
b. Click the “Save” button
c. Exit Gedit “File… Quit”
d. Click the “Run Scalpel” button
1. Select "Start"... Caine... Caine Interface
2. Click the "Create Report" button
3. Select the "Analysis" tab
4. Click the “Scalpel” button
5. Click the “Open input file” button
6. Select your image file (example: file system.. evidence… sda-img.dd)
7. Click the “OK” button
8. Click “Select directory” button
9. Create a directory to save your output to
a. Select… File system… evidence…
b. Click “Create folder” button, type “scalpeloutput”
c. Click “OK” button
10. Open a terminal window, maneuver to /evidence and see if the scalpeloutput directory exists. If it does not, redo step 8.
11. Click the “Edit file” button
a. Remove the pound/hash marks “#” in front of the “doc” entries
b. Click the “Save” button
c. Exit Gedit “File… Quit”
d. Click the “Run Scalpel” button
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Similar topics» CAINE v0.5 Installed to Hard Disk and Scalpel
» CAINE 1.5 Installed and Rifiuti to analyze INFO2 files
» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» Caine 2.5 Pre-Installed in VirtualBox
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
» CAINE 1.5 Installed and Rifiuti to analyze INFO2 files
» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» Caine 2.5 Pre-Installed in VirtualBox
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum