January 5th, 2009 by ahoogScalpel is an open source file carving utility like foremost but with an emphasis on speed and efficiency. When analyzing a 15GB dd image, scalpel took just under 2 minutes while foremost took nearly 15 minutes. Foremost carved more files however most were invalid (this is anecdotal and may not always be the case!). Here is the full description from the scalpel website:
“Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery. Scalpel resulted from a complete rewrite of foremost 0.69 a popular open source file carver, to enhance performance and decrease memory usage.”
See also
