Scalpel is a fast file carver that reads a database of header and footer
definitions and extracts matching files from a set of image files or raw device
files. Scalpel is filesystem-independent and will carve files from FATx, NTFS,
ext2/3, or raw partitions. It is useful for both digital forensics
investigation and file recovery. Scalpel resulted from a complete rewrite of foremost 0.69, a popular open
source file carver, to enhance performance and decrease memory usage.
Linux
The preferred platform for using Scalpel is Linux. Scalpel has small memory
requirements and runs well even on machines with modest resources. For example,
Scalpel will rapidly carve arbitrary-sized files on a Pentium 2 with 256MB,
booting a "live" Linux distribution such as Knoppix.
Windows
Scalpel will also compile under Win32 using mingw, provided you first install
the pthreads library. If you'd like to try Scalpel on Win32 w/o the bother of
compiling it yourself, an executable and pthreads DLL are included in the
distribution--just untar and go. Note that under Windows, the pthreads DLL must
be present in the same directory as the Scalpel executable. Carving physical
and logical devices directly under Windows (e.g., using \\.\physicaldrive0 as a
target) is not supported in the current release.
Mac OS X
As of v1.53, Scalpel is supported on Mac OS X. Compile using "make
bsd". As of v1.54, Scalpel supports "live" carving of
block devices under Mac OS X.
All platforms
As of v1.54, Scalpel supports carving files larger than 4GB on all platforms.
As of v1.60, Scalpel supports preview carving and other new carving modes. See the distribution for details.
Current version of Scalpel:
Scalpel 1.60 (Released 12/08/2006)
Previous versions of Scalpel:
Scalpel 1.54a0ad1ae3f709bb42d30ba2dee992c3b0 *scalpel-1.60.tar.gz
5315f3e737437faf3cef7da55cde2d32
*scalpel-1.54.tar.gz
626df7149175b8a1a0b8380003dadf24
*scalpel-1.53.tar.gz
cb54d87d54a0fa4721d13ba4f6076491
*scalpel-1.52.tar.gz
8e64bf92085081e0367cf23718bb6126
*scalpel-1.51.tar.gz
If you have patterns to contribute for file types not currently listed in the distributed "scalpel.conf", please email them to the address below.
Please submit any comments, feature requests, or bug reports to the author, Golden G. Richard III, at golden@digitalforensicssolutions.com