Recovering lost or deleted files with Scalpel
If a file has been accidentally deleted from the system, you can use a small utility called Scalpel to recover it. Scalpel is a faster alternative to Foremost, which was originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research. Today, it is a tool that is generally associated with both digital forensics investigation and file recovery, and you can install it by typing the following command:
# yum install scalpel
You will need the EPEL repository to complete this process (which is discussed in a previous chapter), but when you are ready, simply update the following configuration file to determine what types of files you would like to search for:
# nano /etc/scalpel.conf
Having done this, you should now create a recovery directory, and then you should move to the /etc directory in order to use scalpel.conf like this:
# cd /etc
You can run a scan on...
