Scalpel is a fast file carver that reads a database of header and
footer definitions and extracts matching files or data fragments from
a set of image files or raw device files. Scalpel is
filesystem-independent and will carve files from FATx, NTFS, ext2/3,
HFS+, or raw partitions. It is useful for both digital forensics
investigation and file recovery.
Linux
The preferred platform for using Scalpel is Linux.
Windows
Scalpel will also compile under Windows (32 or 64-bit) using mingw.
If you'd like to try Scalpel on Windows without the bother of
compiling it yourself, an executable and appropriate libraries are included in the
distribution--just untar and go. Note that under Windows, the pthreads DLL must
be present in the same directory as the Scalpel executable. Carving physical
and logical devices directly under Windows (e.g., using \\.\physicaldrive0 as a
target) is not supported in the current release.
Mac OS X
As of v1.53, Scalpel is supported on Mac OS X.
All platforms
As of v1.54, Scalpel supports carving files larger than 4GB on all platforms.
As of v1.60, Scalpel supports preview carving and other new carving modes. See the distribution for details.
As for v2.0, Scalpel supports regular expressions for headers and footers, minimum carve sizes, multithreading and asynchronous I/O, and beta-level support for GPU-accelerated file carving.
Current version of Scalpel:
Scalpel 2.0 (Released 4/19/2011)
Previous versions of Scalpel:
Scalpel 1.60
Scalpel 1.54
Scalpel 1.53
Scalpel 1.52
Scalpel 1.51
MD5 hashes for Scalpel distributions:
b0da813bf34941e79209d7fafe86a6e6 *scalpel-2.0.tar.gz
a0ad1ae3f709bb42d30ba2dee992c3b0 *scalpel-1.60.tar.gz
5315f3e737437faf3cef7da55cde2d32
*scalpel-1.54.tar.gz
626df7149175b8a1a0b8380003dadf24
*scalpel-1.53.tar.gz
cb54d87d54a0fa4721d13ba4f6076491
*scalpel-1.52.tar.gz
8e64bf92085081e0367cf23718bb6126
*scalpel-1.51.tar.gz
If you have patterns to contribute for file types not currently listed in the distributed "scalpel.conf", please email them to us. Please also submit any comments, feature requests, or bug reports to the authors via scalpel@digitalforensicssolutions.com.