From 2f609c5035e9b095ae96f3793170ee99888a812c Mon Sep 17 00:00:00 2001
From: Patrick Neumann <patrick@neumannsland.de>
Date: Tue, 1 Dec 2020 12:13:32 +0100
Subject: [PATCH] Added Nautilus script for getting timezone info

---
 .../scripts/05c-Linux/03-E01-timezone         | 177 ++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100755 home/lucifer/.local/share/nautilus/scripts/05c-Linux/03-E01-timezone

diff --git a/home/lucifer/.local/share/nautilus/scripts/05c-Linux/03-E01-timezone b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/03-E01-timezone
new file mode 100755
index 0000000..e066699
--- /dev/null
+++ b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/03-E01-timezone
@@ -0,0 +1,177 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05c-Linux/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05c-Linux/ (deprecated)
+#
+# FILE:
+#   03-E01-timezone
+#
+# USAGE:
+#   Right click on a EWF_E01 image (.E01) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Stored and shows timezone information.
+#
+# REQUIREMENTS:
+#   bash, zenity, sleuthkit, awk, sed, openssl and grep
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://...
+#
+# CREATED:
+#   24.04.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ---
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${AWK_BIN}" "awk"
+check_dep "${FLS_BIN}" "sleuthkit"
+check_dep "${FSSTAT_BIN}" "sleuthkit"
+check_dep "${GREP_BIN}" "grep"
+check_dep "${ICAT_BIN}" "sleuthkit"
+check_dep "${IFIND_BIN}" "sleuthkit"
+check_dep "${ISTAT_BIN}" "sleuthkit"
+check_dep "${MMLS_BIN}" "sleuthkit"
+check_dep "${OPENSSL_BIN}" "openssl"
+check_dep "${SED_BIN}" "sed"
+
+check_ext "${SOURCE}" "[eE]01|dd|DD|raw|RAW|img|IMG"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly OFFSET="$( choose_partition "${SOURCE}" | ${AWK_BIN} -F "_" '{ print $3; }' )"
+
+readonly TIMEZONE="${DIRNAME}/timezone.txt"
+
+#-------------------------------------------------------------------------------
+# A wonder maybe takes "a little bit" longer... :-/
+#-------------------------------------------------------------------------------
+if ${FSSTAT_BIN} -o "${OFFSET}" "${SOURCE}" > /dev/null 2>&1 ; then
+  (
+    echo -e -n "Partition (mmls line):\n  " >> "${TIMEZONE}"
+    ${MMLS_BIN} -aM "${SOURCE}" \
+    | ${AWK_BIN} '$3=='"${OFFSET}"' { print $0; }' \
+    >> "${TIMEZONE}"  
+
+    localtime="$( ${IFIND_BIN} -o "${OFFSET}" \
+	                             -n "/etc/localtime" \
+                               "${SOURCE}" )"
+    if [ "${localtime}" != "File not found" ] ; then
+      symlink="$( ${ISTAT_BIN} -o "${OFFSET}" "${SOURCE}" "${localtime}" \
+                  | ${AWK_BIN} -F ":" '/Symbolic link to/ { sub( /.*\/usr\/share\/zoneinfo\//, "", $2 ); print $2 }' )"
+      echo -e -n "  Information from \"/etc/localtime\":\n  " >> "${TIMEZONE}"
+      if [ -n "${symlink}" ] ; then
+        echo "${symlink}" >> "${TIMEZONE}"
+      else
+        md5="$( ${ICAT_BIN} -o "${OFFSET}" "${SOURCE}" "${localtime}" \
+                | ${OPENSSL_BIN} md5 \
+                | ${AWK_BIN} '{ print $NF; }' )"
+        usz="$( ${IFIND_BIN} -o "${OFFSET}" -n "/usr/share/zoneinfo" "${SOURCE}" )"
+        OLDIFS=$IFS ; IFS=$'\n'
+        for zoneinfo in $( ${FLS_BIN} -r -p -o "${OFFSET}" "${SOURCE}" "${usz}" ) ; do
+          inode="$( echo "${zoneinfo}" \
+                    | ${SED_BIN} -r 's/(.*[[:space:]])([[:digit:]]+)(:[[:space:]].*)/\2/' )"
+          if ${ICAT_BIN} -o "${OFFSET}" "${SOURCE}" "${inode}" \
+          | ${OPENSSL_BIN} md5 \
+          | ${GREP_BIN} --fixed-strings "${md5}" > /dev/null 2>&1 ; then
+            echo "${zoneinfo}" | ${AWK_BIN} '{ print $NF; }' >> "${TIMEZONE}"
+          fi
+        done
+        IFS=$OLDIFS
+      fi
+      echo >> "${TIMEZONE}"
+    else
+      echo -e "  Symbolic link \"/private/etc/localtime\" not found.\n"
+    fi
+
+    timezone="$( ${IFIND_BIN} -o "${OFFSET}" -n "/etc/timezone" "${SOURCE}" )"
+    if [ "${timezone}" != "File not found" ] ; then
+      echo -e -n "  Information from \"/etc/timezone\":\n  " >> "${TIMEZONE}"
+      ${ICAT_BIN} -o "${OFFSET}" "${SOURCE}" "${timezone}" >> "${TIMEZONE}"
+    else
+      echo -e "  File \"/etc/timezone\" not found.\n"
+    fi
+	  echo >> "${TIMEZONE}"
+  ) | ${ZENITY_BIN} --progress \
+                    --title="timezone" \
+                    --text="Please wait..." \
+                    --pulsate
+else
+  echo -e "  ?  (The Sleuth Kit does not support the filesystem!)\n" >> "${TIMEZONE}"
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "timezone.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${TIMEZONE}"
+
+exit 0