I need some help with Scalpel output.
Some background on what i am trying to achieve may help.
Following an investigation by CBS news regarding the extraction of data from photocopier hard disk drives, I thought i would try it myself (proof of concept).
I managed to get hold of a H.D from a copier and after a bit of research deduced a Linux Forensic tool was used for extraction.I run Ubuntu 10.10 on one of my computers,but i am green when it comes to using the Terminal commands.
I made an image of the copier drive using DD and then ran Scalpel with this command after editing the config file.
sudo scalpel disk1.img -o output
This worked great and put gigs of data in my home dir under folder output.
I have tried to direct the output to a 1TB caddy drive /dev/sdb but it does not work and say's directory not found. Tried sudo scalpel disk1.img -o /dev/sdb/output
Any help would be appreciated.
The destination needs to refer to the mount point of the partition not the device itself e.g. /mnt/sdb1 rather than /dev/sdb1.
Your external drive may automount when attached. If not (e.g. automounting is disabled in your distro or the drive isn't capable of automounting) you'll need to mount it first.
Thank you pragmatopian.
Could not get it to work with USB caddy but you put me on the right track.
I connected the 1TB as a secondary drive on the PC then checked with Ubuntu disk utility to see what it was called (after renaming the drive to 1TeraByte) the drive was /dev/sdb.
But the mount point was /media/1TeraByte so the command-
sudo scalpel disk1.img -o /media/1TeraByte/output worked.
Thank you. lol
No probs. Glad to be of assistance.