Scalepel:
This is a filesystem-independent recovery tool for Linux and
Mac OS, which you can also run on Windows by compiling it with MinGW. Scalpel based on Foremost an open source
application developed to recover deleted information, Scalpel is significantly
more Fast and efficient by reading database of header and footer definitions
and extracts matching files or data fragments from a set of image files or raw
device files. Scalpel is file-system-independent and can recover files from
FATx, NTFS, ext2/3/4, HFS+, or raw partitions. It is useful for both digital
forensics investigation and file recovery.
How to
install scalpel recovery tool on LINUX
To install scalpel recovery tool on linux, you need to first and type following command:
#yum install scalpel* -y
How to use
scalpel recovery tool
Before we can use Scalpel, we must define some file types that Scalpel should
search for in/etc/scalpel/scalpel.conf. By default, all file types are commented out. In
this example, I want to search for deleted jpg files, so uncomment the
following lines:
#scalpel /dev/vda3 –o /home/anshuman/Desktop/output
No comments:
Post a Comment