Does anyone have a custom signature file for simple carver they could share. I hate to redo work of putting that together if it is already done.
Does anyone have a custom signature file for simple carver they could share. I hate to redo work of putting that together if it is already done.
If you find scalpel online the Scalpel.config file contains a load of very good file headers.
Hope this was of help
Stephen
Have you found scalpel a better tool than Simple Carver or EnCase. I have just found that with encase it seems to hang forever when carving from unallocated space.
Depends what your using it for I've fund if you really narrow down your search queries it can go quite fast. The only two massive hangups it has are
Your have to use a 001 image in command line
You will always get false positives on MPEG's especially beause their header has two HEX 00's in it
What I am trying to get are deleted temp internet HTML pages.
What I am trying to get are deleted temp internet HTML pages.
Scalpel would probably be really good for you then, if I remember right it has a HTML carver but you might get problems with footer analysis but you can bypass it if you want. Be prepared for a lot of nonsense pages though, you might want to find a third party viewer tg flick through them quickly/use doc view in EnCase 6 on an LEF of the carved files
What I am working on is I am going to port the signatures from my EnCase and other databases to the Simple Carver tool. When it is complete I would be more than happy to share with everyone. There is also a file extension database that you can sign up for but it cost money.
I will do it that way. I will carve the files outside of encase then import them back in for review.
Thanks for your assistance.