scalpel ERROR: Coul...
 
Notifications
Clear all

[Solved] scalpel ERROR: Couldn't open input file

12 Posts
5 Users
7 Likes
5,277 Views
(@tony75)
Posts: 33
Eminent Member
Topic starter
 

Hi

I try to run scalpel against raw file usb.001 but i get this error below, How can I solve this problem

I have raw fine on  my kali linux Desktop !

I run scalpel in kali linux 2020.2

kali@kali:~/Desktop$ sudo scalpel -i usb.001 -o sr1
[sudo] password for kali:
Scalpel version 1.60
Written by Golden G. Richard III, based on Foremost 0.69.

Opening target "/home/kali/Desktop/3��м"

ERROR: Couldn't open input file: 3��м -- No such file or directory
Scalpel was unable to open the image file: 3��м
Skipping...


Opening target "/home/kali/Desktop/3��м"

Segmentation fault



 
 
Posted : 01/07/2020 12:46 am
(@rich2005)
Posts: 535
Honorable Member
 

Try

scalpel -c scalpel.conf -o sr1 usb.001

or

scalpel -c scalpel.conf -o /home/kali/Desktop/sr1 /home/kali/Desktop/usb.001

 
Posted : 01/07/2020 7:07 am
Tony75 reacted
(@tony75)
Posts: 33
Eminent Member
Topic starter
 

@rich2005

It seems I got same error?

 

root@kali:/home/kali/Desktop# scalpel -c /etc/scalpel/scalpel.conf -i USB.001 -o sr1
Scalpel version 1.60
Written by Golden G. Richard III, based on Foremost 0.69.

Opening target "`�aN"

Segmentation fault
root@kali:/home/kali/Desktop#
 
Posted : 01/07/2020 2:54 pm
(@rich2005)
Posts: 535
Honorable Member
 

You've not run the same command I wrote 😉

 
Posted : 01/07/2020 2:58 pm
Tony75 reacted
(@tony75)
Posts: 33
Eminent Member
Topic starter
 

@rich2005

Thanks its work very fine now by removing -i

Thanks again

both work

root@kali:/home/kali/Desktop# scalpel USB.001 -o scalpel_output

root@kali:/home/kali/Desktop# scalpel -c /etc/scalpel/scalpel.conf USB.001 -o sr2
 
Posted : 01/07/2020 3:05 pm
(@rich2005)
Posts: 535
Honorable Member
 

OK no worries 🙂

 
Posted : 01/07/2020 3:07 pm
(@athulin)
Posts: 1156
Noble Member
 
Posted by: @tony75

@rich2005

Thanks its work very fine now by removing -i

Thanks again

both work

root@kali:/home/kali/Desktop# scalpel USB.001 -o scalpel_output

root@kali:/home/kali/Desktop# scalpel -c /etc/scalpel/scalpel.conf USB.001 -o sr2

Have you come to any conclusion to what your problem actually was?  While being able to get around the problem is fine in some situations, it does not clearly help in future cases. 

From where I am, it seems that your use of the -i option together with the image file was incorrect. That is, the part

... -i usb.001

That is not how you use -i.

The scalpel man page should tell you why.

I would also recommend avoiding going too far from the command line syntax as documented in that man page: one day, that syntax may be strictly enforced, and that day you will probably have a new problem, especially if you have built scripts using the syntax in the examples above.

 
Posted : 01/07/2020 4:18 pm
Tony75 reacted
(@tony75)
Posts: 33
Eminent Member
Topic starter
 

@athulin

I used many times scalpel with –i option but unfortunately this time gave me error and I don’t know the reason still?

But it must work with –i option!

-i Read names of disk images from specified file.
This post was modified 4 years ago by Tony75
 
Posted : 01/07/2020 5:57 pm
(@athulin)
Posts: 1156
Noble Member
 

@tony75

It almost certainly does work with the -i option.  (I haven't tested it, so there just might be problems. )

But note what the man page says:

Read names of disk images from specified file.

That is, the -i file is supposed to contain names/paths of your disk image files. It provides a indirection level.  It's not useful if you have only one single image file: it would be unneccessary work to use it that way, even though it is possible.

That is, -i is the kind of thing you use when you have several image files, and you either aren't able to get them in the correct order by use of other Unix tools (ls etc.), or if the list gets too long for one command line. So, you put all the names in the correct order in a file, and then use '-i file_with_all_image_file_paths_in_correct_order'.

Is that how you used it?  By your original posting, you specified the image file itself -- and that probably explains why you got some weird characters in the error messages, and probably also why you got two 'Opening target' logs, instead of only one as would be expected.

The man page could be clearer on this, but I also think the current description is at the normal level of most Unix commands. The reading of Unix/Linux man pages, like some mechanical activities not usually associated with computer forensics, often requires great calm of mind.

 
Posted : 01/07/2020 6:30 pm
Tony75 reacted
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 
Posted by: @athulin

The man page could be clearer on this, but I also think the current description is at the normal level of most Unix commands. The reading of Unix/Linux man pages, like some mechanical activities not usually associated with computer forensics, often requires great calm of mind.

I will translate that in non-politically correct terms as "the specific scalpel man page sucks exactly as much as  all other man pages".

Example:

Name

scalpel - Recover files or data fragments from a disk image using filetype-specific patterns

Synopsis

scalpel [-b] [-c <config file>] [-d] [-e] [-h] [-i <file>] [-n] [-o <dir>] [-O] [-p] [-q <clustersize>] [-r] [-V] [-v] [FILES]...

Description

Recover files from a disk image or raw block device based on headers and footers specified by the user.

 

So the tool is intended to extract "files" from "a disk image" (or "raw block device")

In synopsys [FILES] should then be [<path>Disk Image | Raw Block device]

Singular, not plural.

And the [-i <file>] should actually be [-i <disk image list>] or [-i <file list>]

Still, the specific usage of -i is - exceptionally - clear enough, as it is explained later:

-i file
file is used as a list of input files to examine. Each line in the specified file should contain a single filename.

though it may well do with:

-i file list
file list is used as a list of input Disk images or Raw Block Devices to examine. Each line in the specified file should contain a single filename.

As a side note usb.001 and USB.001 may or may not be the same thing in 'nix.

jaclaz

 

 
Posted : 02/07/2020 8:29 am
Tony75 reacted
Page 1 / 2
Share: