Description: Fix the jpg recovery. Thanks to Isaac Schemm. (Closes: #631850) Remove some extra blank spaces and tabs. Author: Isaac Schemm Joao Eriberto Mota Filho Last-Update: 2018-09-16 --- scalpel-1.60.orig/scalpel.conf +++ scalpel-1.60/scalpel.conf @@ -1,11 +1,11 @@ -# Scalpel configuration file +# Scalpel configuration file # This configuration file controls the # types and sizes of files that are carved by Scalpel. Currently, # Scalpel can read Foremost 0.69 configuration files, but Scalpel # configuration files may not be backwards-compatible with Foremost. # In particular, maximum file carve size under Foremost 0.69 is 4GB, -# while in the current version of Scalpel, it's 16EB (16 exabytes). +# while in the current version of Scalpel, it's 16EB (16 exabytes). # For each file type, the configuration file # describes the file's extension, whether the header and footer are @@ -23,14 +23,14 @@ # change the 'wildcard' line *and* every occurrence of the old # wildcard character in the configuration file. ' # -# Note: ?' is equal to 0x3f and \063. +# Note: ?' is equal to 0x3f and \063. # -# If you want files carved without filename extensions, +# If you want files carved without filename extensions, # use "NONE" in the extension column. # The REVERSE keyword after a footer causes a search # backwards starting from [size] bytes beyond the location of the header -# This is useful for files like PDFs that may contain multiple copies of +# This is useful for files like PDFs that may contain multiple copies of # the footer throughout the file. When using the REVERSE keyword you will # extract bytes from the header to the LAST occurence of the footer (and # including the footer in the carved file). @@ -45,9 +45,9 @@ # data should NOT be included in a carved file--e.g., the beginning of # a subsequent file of the same type. # -# FORWARD_NEXT is the default carve type and this keyword may be +# FORWARD_NEXT is the default carve type and this keyword may be # included after the footer, but is not required. For FORWARD_NEXT -# carves, a block of data including the header and the first footer +# carves, a block of data including the header and the first footer # (within the maximum carve size) are carved. If no footer appears # after the header within the maximum carve size, then no carving is # performed UNLESS the -b command line option is supplied. In this case, @@ -60,13 +60,13 @@ #wildcard ? # case size header footer -#extension sensitive +#extension sensitive # #--------------------------------------------------------------------- # EXAMPLE WITH NO SUFFIX #--------------------------------------------------------------------- # -# Here is an example of how to use the no extension option. Any files +# Here is an example of how to use the no extension option. Any files # beginning with the string "FOREMOST" are carved and no file extensions # are used. No footer is defined and the max carve size is 1000 bytes. # @@ -74,7 +74,7 @@ # #--------------------------------------------------------------------- # GRAPHICS FILES -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # # AOL ART files @@ -84,10 +84,11 @@ # GIF and JPG files (very common) # gif y 5000000 \x47\x49\x46\x38\x37\x61 \x00\x3b # gif y 5000000 \x47\x49\x46\x38\x39\x61 \x00\x3b -# jpg y 200000000 \xff\xd8\xff\xe0\x00\x10 \xff\xd9 +# jpg y 5242880 \xff\xd8\xff???Exif \xff\xd9 REVERSE +# jpg y 5242880 \xff\xd8\xff???JFIF \xff\xd9 REVERSE # # -# PNG +# PNG # png y 20000000 \x50\x4e\x47? \xff\xfc\xfd\xfe # # @@ -102,17 +103,17 @@ # TIFF # tif y 200000000 \x4D\x4D\x00\x2A # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # ANIMATION FILES -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # AVI (Windows animation and DiVX/MPEG-4 movies) # avi y 50000000 RIFF????AVI # # Apple Quicktime # These needles are based on the file command's magic. I don't -# recommend uncommenting the 4th and 5th Quicktime needles unless -# you're sure you need to, because they generate HUGE numbers of +# recommend uncommenting the 4th and 5th Quicktime needles unless +# you're sure you need to, because they generate HUGE numbers of # false positives. # # mov y 10000000 ????moov @@ -130,9 +131,9 @@ # Macromedia Flash # fws y 4000000 FWS # -#--------------------------------------------------------------------- -# MICROSOFT OFFICE -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- +# MICROSOFT OFFICE +#--------------------------------------------------------------------- # # Word documents # @@ -149,37 +150,37 @@ # idx y 10000000 \x4a\x4d\x46\x39 # mbx y 10000000 \x4a\x4d\x46\x36 # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # WORDPERFECT #--------------------------------------------------------------------- # # wpc y 1000000 ?WPC # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # HTML -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # htm n 50000 # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # ADOBE PDF -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # pdf y 5000000 %PDF %EOF\x0d REVERSE # pdf y 5000000 %PDF %EOF\x0a REVERSE # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # AOL (AMERICA ONLINE) -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # AOL Mailbox # mail y 500000 \x41\x4f\x4c\x56\x4d # # -# -#--------------------------------------------------------------------- +# +#--------------------------------------------------------------------- # PGP (PRETTY GOOD PRIVACY) -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # PGP Disk Files # pgd y 500000 \x50\x47\x50\x64\x4d\x41\x49\x4e\x60\x01 @@ -195,15 +196,15 @@ # txt y 100000 -----BEGIN\040PGP # # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # RPM (Linux package format) -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # rpm y 1000000 \xed\xab # # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # SOUND FILES -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # wav y 200000 RIFF????WAVE # @@ -211,29 +212,29 @@ # ra y 1000000 \x2e\x72\x61\xfd # ra y 1000000 .RMF # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # WINDOWS REGISTRY FILES -#--------------------------------------------------------------------- -# +#--------------------------------------------------------------------- +# # Windows NT registry # dat y 4000000 regf # Windows 95 registry # dat y 4000000 CREG # # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # MISCELLANEOUS -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # # zip y 10000000 PK\x03\x04 \x3c\xac # -# java y 1000000 \xca\xfe\xba\xbe +# java y 1000000 \xca\xfe\xba\xbe # -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # ScanSoft PaperPort "Max" files -#--------------------------------------------------------------------- -# max y 1000000 \x56\x69\x47\x46\x6b\x1a\x00\x00\x00\x00 \x00\x00\x05\x80\x00\x00 -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- +# max y 1000000 \x56\x69\x47\x46\x6b\x1a\x00\x00\x00\x00 \x00\x00\x05\x80\x00\x00 +#--------------------------------------------------------------------- # PINs Password Manager program -#--------------------------------------------------------------------- +#--------------------------------------------------------------------- # pins y 8000 \x50\x49\x4e\x53\x20\x34\x2e\x32\x30\x0d