{"id":13546529,"url":"https://github.com/sleuthkit/scalpel","last_synced_at":"2025-04-13T06:22:51.889Z","repository":{"id":53515549,"uuid":"11002722","full_name":"sleuthkit/scalpel","owner":"sleuthkit","description":"Scalpel is an open source data carving tool. It is not being actively maintained. ","archived":false,"fork":false,"pushed_at":"2024-03-27T20:39:48.000Z","size":1509,"stargazers_count":639,"open_issues_count":36,"forks_count":103,"subscribers_count":44,"default_branch":"master","last_synced_at":"2025-04-04T05:05:36.413Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sleuthkit.png","metadata":{"files":{"readme":"README","changelog":"Changelog","contributing":null,"funding":null,"license":"LICENSE-2.0.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-06-27T16:59:40.000Z","updated_at":"2025-03-28T08:50:42.000Z","dependencies_parsed_at":"2024-11-03T14:31:54.733Z","dependency_job_id":"b559cc9b-8b06-4306-9b9b-6efb60cd9e9d","html_url":"https://github.com/sleuthkit/scalpel","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sleuthkit%2Fscalpel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sleuthkit%2Fscalpel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sleuthkit%2Fscalpel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sleuthkit%2Fscalpel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sleuthkit","download_url":"https://codeload.github.com/sleuthkit/scalpel/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248665752,"owners_count":21142123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:00:39.591Z","updated_at":"2025-04-13T06:22:51.864Z","avatar_url":"https://github.com/sleuthkit.png","language":"Shell","readme":"********************************************************************\n\nAs of 6/27/2013 Scalpel has been released under the Apache 2.0 License\nand the source is available at The Sleuth Kit github repository.\n\nIt is not being actively maintained.  The Autopsy team started to do\nwork on it to integrate tightly into via Java/JNI bindings, but ran\ninto several memory leaks and the effort was abandoned. \n\nNo official releases are being made. You can submit pull requests, \nbut they may take a while to get reviewed. \n\n********************************************************************\n\nScalpel is a file carving and indexing application that runs on Linux\nand Windows.  The first version of Scalpel, released in 2005, was\nbased on Foremost 0.69. There have been a number of internal releases\nsince the last public release, 1.60, primarily to support our own\nresearch.  The newest public release v2.0, has a number of additional\nfeatures, including:\n\no minimum carve sizes.\n\no multithreading for quicker execution on multicore CPUs.\n\no asynchronous I/O that allows disk operations to overlap with pattern\nmatching--this results in a substantial performance improvement.\n\no regular expression support for headers/footers.\n\no embedded header/footer matching for better processing of structured\nfile types that may contain embedded files.\n\no for advanced users, support for massively-threaded execution on\nGraphics Processing Units (GPUs).  This feature is available only on\nLinux and requires installation of the NVIDIA CUDA SDK, modification\nof scalpel.h to enable the GPU threading mode, and compilation with\nthe CUDA toolchain.  Our implementation also requires an NVIDIA GPU\nwith compute capability \u003e= 1.2, so older CUDA-capable cards probably\nwon't work.  The NVIDIA GTX 260 is relatively inexpensive and powerful\nand has the appropriate compute capability.  The GPU-enhanced version\nof Scalpel is able to do preview carving at rates that exceed the disk\nbandwidth of most file servers, so for big jobs, it may be worth the\nextra effort required to use this feature.  Note that regular\nexpression-based headers and footers are NOT currently supported when\nGPU acceleration is in use!  We might address this in a future\nrelease.\n\nScalpel performs file carving operations based on patterns that\ndescribe particular file or data fragment \"types\".  These patterns may\nbe based on either fixed binary strings or regular expressions.  A\nnumber of default patterns are included in the configuration file\nincluded in the distribution, \"scalpel.conf\".  The comments in the\nconfiguration file explain the format of the file carving patterns\nsupported by Scalpel.\n\nImportant note: The default configuration file, \"scalpel.conf\", has\nall supported file patterns commented out--you must edit this file\nbefore running Scalpel to activate some patterns.  Resist the urge to\nsimply uncomment all file carving patterns; this wastes time and will\ngenerate a huge number of false positives.  Instead, uncomment only\nthe patterns for the file types you need.\n\nScalpel options are described in the Scalpel man page, \"scalpel.1\".\nYou may also execute Scalpel w/o any command line arguments to see a\nlist of options.\n\nNOTE: Compilation is necessary on Unix platforms and on Mac OS X.  For\nWindows platforms, a precompiled scalpel.exe is provided.  If you do\nwish to recompile Scalpel on Windows, you'll need a mingw (gcc)\nsetup. Scalpel will not compile using Visual Studio C compilers.  Note\nthat our compilation environment for Windows is currently 32-bit; we\nhaven't tested on the 64-bit version of mingw, but will address this\nint the future.\n\nCOMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS:\n\nLinux/Mac OS X:    \n% ./bootstrap\n% ./configure \n% make\n\nWindows (mingw):\ncd src \nmingw32-make -f Makefile.win\n\n\nand enjoy.  If you want to install the binary and man page in a more\npermanent place, just copy \"scalpel\" (or \"scalpel.exe\") and\n\"scalpel.1\" to appropriate locations, e.g., on Linux, \"/usr/local/bin\"\nand \"/usr/local/man/man1\", respectively.  On Windows, you'll also need\nto copy the pthreads and tre regular expression library dlls into the\nsame directory as \"scalpel.exe\".\n\n\nOTHER SUPPORTED PLATFORMS\n\nWe are not currently supporting Scalpel on Unix variants other than\nLinux. Go ahead and try a ./configure and make and see what happens,\nbut be sure to do thorough testing before using Scalpel in production\nwork.  If you are interested in supporting a version of Scalpel on an\nalternate platforms, please contact us.  If you are interested in\nsupporting a GPU-enhanced version of Scalpel on Windows, we are also\ninteresting in hearing from you.\n\n\nLIMITATIONS:\n\nCarving Windows physical and logical device files (e.g.,\n\\\\.\\physicaldrive0 or \\\\.\\c:) isn't currently supported because it\nrequires us to rewrite some portions of Scalpel to use Windows file\nI/O functions rather than standard Unix calls.  This may be supported\nin a future release.\n\nBlock map features are currently disabled, as we are rewriting this\nsubsystem to enhance interoperability with the Sleuthkit.  An improved\nversion of the block map features will return in a subsequent release.\nThe -s command line option (\"skip\") has been removed and will be\nreplaced with a more robust facility in the next major release.\n\n\nDEPENDENCIES:\n\nScalpel uses the POSIX threads library.  On Win32, Scalpel is\ndistributed with the Pthreads-win32 - POSIX Threads Library for Win32,\nwhich is Copyright(C) 1998 John E. Bossom and Copyright(C) 1999,2005\nby Pthreads-win32 contributors.  This library is licensed under the LGPL.\n\nScalpel for Win32 uses the tre regular expression library and is\ndistributed with tre-0.7.5, which is licensed under the LGPL.\n\nCheers,\n\n--Golden and Vico.\n\n\n\n\n\n\n\n","funding_links":[],"categories":["File Carving","Tools","Forensics"],"sub_categories":["Other Resources","Data tampering"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsleuthkit%2Fscalpel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsleuthkit%2Fscalpel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsleuthkit%2Fscalpel/lists"}