Monday, November 4, 2013

Scalpel : Data Recovery From Byte Strings

In digital forensics, file carving is an essential process. It is a technique in which investigator uses databases of headers as well footers. These headers and footers contain byte strings. So, suppose you have 5 JPEG files. So all those 5 files will have same header & footer byte strings. So this tool carves data by analyzing that byte string. This Is an advance tool as it also carves file even after its metadata is removed.

Design of Scalpel
It’s a high performance file carving utility which is designed based on 2 principles.
1.    Economical yet flexible : This tool is designed in such a way that it can run on any machine which is having still those ancient Pentium II processors with 256 or even less MB ram. It can also run on Knoppix, Helix or any other Linux system. Additionally this tool is capable of recovering data of any larger size.

2.    Time Complexity : Here I am using this “High Performance” word frequently because when we talk about high performance, we always consider quality along with time. This tool is carving files in no time without compromising the quality of the carving service.


READ FULL ARTICLE ...CLICK HERE...

No comments:

Post a Comment