bcarrier
commented
5 years ago No. Scalpel doesn't know anything about file systems to know what is unallocated. We tried to do this with Autopsy and have it feed the unallocated space into scalpel in memory only, but scalpel had memory leaks and would eventually cause everything to stop working.
I need to run scalpel on the unallocated space of a raw image. Based on everything I read online, this is done by first dumping the unallocated space to another file using blkls, and then running scalpel on that. However due to disk space constraints, this may not be possible. I don't see why scalpel can't theoretically run against the unallocated space on the raw image itself, without dumping. Is there anyway to do this currently?