Hi
I try to run scalpel against raw file usb.001 but i get this error below, How can I solve this problem
I have raw fine on my kali linux Desktop !
I run scalpel in kali linux 2020.2
kali@kali:~/Desktop$ sudo scalpel -i usb.001 -o sr1
[sudo] password for kali:
Scalpel version 1.60
Written by Golden G. Richard III, based on Foremost 0.69.
Opening target "/home/kali/Desktop/3��м"
ERROR: Couldn't open input file: 3��м -- No such file or directory
Scalpel was unable to open the image file: 3��м
Skipping...
Opening target "/home/kali/Desktop/3��м"
Segmentation fault
Â
Try
scalpel -c scalpel.conf -o sr1 usb.001
or
scalpel -c scalpel.conf -o /home/kali/Desktop/sr1 /home/kali/Desktop/usb.001
It seems I got same error?
Â
root@kali:/home/kali/Desktop# scalpel -c /etc/scalpel/scalpel.conf -i USB.001 -o sr1
Scalpel version 1.60
Written by Golden G. Richard III, based on Foremost 0.69.
Opening target "`�aN"
Segmentation fault
root@kali:/home/kali/Desktop#
Thanks its work very fine now by removing -i
Thanks again
both work
root@kali:/home/kali/Desktop# scalpel USB.001 -o scalpel_output
root@kali:/home/kali/Desktop# scalpel -c /etc/scalpel/scalpel.conf USB.001 -o sr2
OK no worries 🙂
Thanks its work very fine now by removing -i
Thanks again
both work
root@kali:/home/kali/Desktop# scalpel USB.001 -o scalpel_output
root@kali:/home/kali/Desktop# scalpel -c /etc/scalpel/scalpel.conf USB.001 -o sr2
Have you come to any conclusion to what your problem actually was? While being able to get around the problem is fine in some situations, it does not clearly help in future cases.Â
From where I am, it seems that your use of the -i option together with the image file was incorrect. That is, the part
... -i usb.001
That is not how you use -i.
The scalpel man page should tell you why.
I would also recommend avoiding going too far from the command line syntax as documented in that man page: one day, that syntax may be strictly enforced, and that day you will probably have a new problem, especially if you have built scripts using the syntax in the examples above.
I used many times scalpel with –i option but unfortunately this time gave me error and I don’t know the reason still?
But it must work with –i option!
-i Read names of disk images from specified file.
It almost certainly does work with the -i option. (I haven't tested it, so there just might be problems. )
But note what the man page says:
Read names of disk images from specified file.
That is, the -i file is supposed to contain names/paths of your disk image files. It provides a indirection level. It's not useful if you have only one single image file: it would be unneccessary work to use it that way, even though it is possible.
That is, -i is the kind of thing you use when you have several image files, and you either aren't able to get them in the correct order by use of other Unix tools (ls etc.), or if the list gets too long for one command line. So, you put all the names in the correct order in a file, and then use '-i file_with_all_image_file_paths_in_correct_order'.
Is that how you used it? By your original posting, you specified the image file itself -- and that probably explains why you got some weird characters in the error messages, and probably also why you got two 'Opening target' logs, instead of only one as would be expected.
The man page could be clearer on this, but I also think the current description is at the normal level of most Unix commands. The reading of Unix/Linux man pages, like some mechanical activities not usually associated with computer forensics, often requires great calm of mind.
The man page could be clearer on this, but I also think the current description is at the normal level of most Unix commands. The reading of Unix/Linux man pages, like some mechanical activities not usually associated with computer forensics, often requires great calm of mind.
I will translate that in non-politically correct terms as "the specific scalpel man page sucks exactly as much as  all other man pages".
Example:
Name
scalpel - Recover files or data fragments from a disk image using filetype-specific patterns
Synopsis
scalpel [-b] [-c <config file>] [-d] [-e] [-h] [-i <file>] [-n] [-o <dir>] [-O] [-p] [-q <clustersize>] [-r] [-V] [-v] [FILES]...
Description
Recover files from a disk image or raw block device based on headers and footers specified by the user.
Â
So the tool is intended to extract "files" from "a disk image" (or "raw block device")
In synopsys [FILES] should then be [<path>Disk Image | Raw Block device]
Singular, not plural.
And the [-i <file>] should actually be [-i <disk image list>] or [-i <file list>]
Still, the specific usage of -i is - exceptionally - clear enough, as it is explained later:
-i file
file is used as a list of input files to examine. Each line in the specified file should contain a single filename.
though it may well do with:
-i file list
file list is used as a list of input Disk images or Raw Block Devices to examine. Each line in the specified file should contain a single filename.
As a side note usb.001 and USB.001 may or may not be the same thing in 'nix.
jaclaz
Â