Skip to content

Scalpel on OSX

This is a brief tutorial for the use and installation of Scalpel on OSX

  • The first thing to do is to download the TRE (regex) library (here)
  • open your download folder via a terminal and type in :
$ tar -xzvf tre-0.8.0.tar.gz
$ cd tre-0.8.0/
$ sudo ./configure
$ sudo ./make
$ sudo ./make install
$ cd ..
  • Once the TRE library installed download scalpel (here)
  • Type in the following commands : 
$ tar -xzvf scalpel-2.0.tar.gz
$ cd scalpel-2.0/
$ sudo ./configure
$ sudo make
And that’s it, Scalpel should be installed.
Now that scalpel has been installed, open the “scalpel.conf” file and edit the lines of the type of files you want to recover.
For example, delete the comment  ’#’  before each type of file you want to recover.
Finally  to use it against a usb drive, enter the following line :
sudo scalpel -v -o Test /dev/disk1
In this case the following options are used :
  •  -v for verbose
  • -o  for the directory to place the recovered files 
  • and finally the path to the USB drive 
And that’s how you can use scalpel
By the way, a last tip :  To list the partitions you can use the following command on Mac OSX.
$ diskutil list
And That’s it.

{ 9 } Comments

  1. isa56K | 31 March 2012 at 13 h 56 min | Permalink

    I’m getting an error on install of Scalpel about tre not being available, I have installed tre via macports and manually and still get the same error.

    Did you do this on Lion?

    This is the error:

    checking for regcomp in -ltre… no
    configure: error: Scalpel requires libtre and libtre-dev. See http://laurikari.net/tre/.

    Thx.

  2. Noktec | 31 March 2012 at 15 h 03 min | Permalink

    Hi,

    Yup, I did it on Lion, but I did everything by hand, I’m not that keen
    on macports, because usually it gives a bunch of errors.

    Did you try to recompile is such as mentioned above ? let me know about the outcome :)

  3. TCB13 | 2 April 2012 at 10 h 58 min | Permalink

    Hi,

    I’m also running into problem in lion, the exact same error as isa56K.
    Any progresses so far?

    Thank you.

  4. Noktec | 2 April 2012 at 11 h 05 min | Permalink

    Did you also use MacPort to install TRE ?

  5. TCB13 | 2 April 2012 at 12 h 26 min | Permalink

    Yes because after installing it the way you did in your post it didn’t work.

  6. Noktec | 2 April 2012 at 14 h 02 min | Permalink

    I just followed my steps back on a macbook air with lion and it works fine. I’ve no idea why it doesn’t work for you.

    EDIT : hummm I might have omitted 

     $sudo make install
  7. TCB13 | 2 April 2012 at 22 h 33 min | Permalink

    I feel the most dumb person in the world now… also add the “make install” to the post on the Scalpel part.

    Thank you and have a nice day.

  8. TCB13 | 2 April 2012 at 22 h 39 min | Permalink

    Hi,

    Just a tip for everyone, to list the partitions and disks in OSX similar to “fdisk -l” in linux just issue:

    diskutil list

    Add this to the main post with my blessing! ;)

  9. Noktec | 3 April 2012 at 0 h 23 min | Permalink

    Thanks, I’ll add that ;)

Post a Comment

Your email is never published nor shared. Required fields are marked *