This is a brief tutorial for the use and installation of Scalpel on OSX
- The first thing to do is to download the TRE (regex) library (here)
- open your download folder via a terminal and type in :
|
1 2 3 4 5 6 |
$ tar -xzvf tre-0.8.0.tar.gz $ cd tre-0.8.0/ $ sudo ./configure $ sudo ./make $ sudo ./make install $ cd .. |
- Once the TRE library installed download scalpel (here)
- Type in the following commands :
|
1 2 3 4 5 |
$ tar -xzvf scalpel-2.0.tar.gz $ cd scalpel-2.0/ $ sudo ./configure $ sudo make $ sudo make install |
And that’s it, Scalpel should be installed.
Now that scalpel has been installed, open the “scalpel.conf” file and edit the lines of the type of files you want to recover.
For example, delete the comment ‘#’ before each type of file you want to recover.
Finally to use it against a usb drive, enter the following line :
|
1 |
sudo ./scalpel -v -o Test /dev/disk1 |
Note : scalpel might be installed in :
|
1 |
/usr/local/bin/scalpel |
In which case you will have to copy the executable back to the folder that contains “scalpel.conf” (in my case)
|
1 |
mv /usr/local/bin scalpel ~/Downloads/Scalpel/ |
In this case the following options are used :
- -v for verbose
- -o for the directory to place the recovered files
- and finally the path to the USB drive
And that’s how you can use scalpel
By the way, a last tip : To list the partitions you can use the following command on Mac OSX.
|
1 |
$ diskutil list |
OsX Sierra
If you are using Mac OsX Sierra, please follow these steps.
- Install mac port
- Follow these instructions
|
1 2 3 |
sudo port install autoconf sudo port install automake sudo port install libtool |
make sure you choose automake rather than automake17
Followed by these instructions
|
1 2 3 |
sudo ./bootstrap sudo ./configure sudo make install |
Thank you @Lynsay for clarifying this on her blog.
Post a Comment