CAINE 1.5 Installed and Scalpel to carve files from the disk

View previous topic View next topic Go down

CAINE 1.5 Installed and Scalpel to carve files from the disk

Post  joetekno on Tue Mar 09, 2010 8:28 pm

"Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery."

1. Select "Start"... Caine... Caine Interface
2. Click the "Create Report" button
3. Select the "Analysis" tab
4. Click the “Scalpel” button
5. Click the “Open input file” button
6. Select your image file (example: file system.. evidence… sda-img.dd)
7. Click the “OK” button
8. Click “Select directory” button

9. Create a directory to save your output to
a. Select… File system… evidence…
b. Click “Create folder” button, type “scalpeloutput”
c. Click “OK” button

10. Open a terminal window, maneuver to /evidence and see if the scalpeloutput directory exists. If it does not, redo step 8.
11. Click the “Edit file” button
a. Remove the pound/hash marks “#” in front of the “doc” entries
b. Click the “Save” button
c. Exit Gedit “File… Quit”
d. Click the “Run Scalpel” button

joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum