casualscripter/Masterthesis
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Added Nautilus scripts for TSK

Browse Source
This commit is contained in:
Patrick Neumann
2020-11-29 22:29:48 +01:00
parent 5336abb4d9
commit 5230d1d602
5 changed files with 676 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
home/lucifer/.local/share/nautilus/scripts/03-TSK/04-fsstat-and-fls-root Executable file
View File

@ -0,0 +1,167 @@
#!/bin/bash
#===============================================================================
#
# DIRECTORY:
# /home/*/.local/share/nautilus/scripts/03-TSK/
# OR
# /home/*/.gnome2/nautilus-sctipts/03-TSK/ (deprecated)
#
# FILE:
# 04-fsstat-and-fls-root
#
# USAGE:
# Right klick on the first file of an EWF image (or a RAW image) and
# choose this nautilus script from the context menu.
#
# OPTIONS:
# none
#
# DESCRIPTION:
# Shows/stores all file system information incl. content of the root
# directoryoff all partitions off a block device or image in an EWF image.
#
# REQUIREMENTS:
# bash, zenity and sleuthkit
#
# BUGS:
# ---
#
# NOTES:
# Tested on
# - Debian 8+
# - Arch Linux
#
# AUTHOR:
# Patrick Neumann, patrick@neumannsland.de
#
# COMPANY:
# (privately)
#
# VERSION:
# 0.9 (beta)
#
# LINK TO THE MOST CURRENT VERSIONS:
# ...
#
# CREATED:
# 15.09.2020
#
# COPYRIGHT (C):
# 2015-2020 - Patrick Neumann
#
# LICENSE:
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# WARRANTY:
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# TODO:
# ---
#
# HISTORY:
# 0.9 - Patrick Neumann - Initial (public) release
#
#===============================================================================
#-------------------------------------------------------------------------------
# Additional supported Distribution(s) (add before Library!).
#-------------------------------------------------------------------------------
SUPPORTED_OSR="arch"
#-------------------------------------------------------------------------------
# Check for library (casualscripter_nautilus-scripts_functions.sh).
#-------------------------------------------------------------------------------
readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
if [ ! -f "${LIBRARY}" ] ; then
zenity --error \
--text \
"ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
exit 1
fi
source "${LIBRARY}"
#-------------------------------------------------------------------------------
# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
#-------------------------------------------------------------------------------
check_dep "${MMLS_BIN}" "sleuthkit"
check_dep "${FIND_BIN}" "findutils"
check_dep "${FSSTAT_BIN}" "sleuthkit"
check_ext "${SOURCE}" "[eE]01|dd|DD|raw|RAW|img|IMG"
check_tmp
#-------------------------------------------------------------------------------
# Generate fsinfo...txt files, if necessary.
#-------------------------------------------------------------------------------
for offset1 in $( ${MMLS_BIN} -aM "${SOURCE}" \
| ${AWK_BIN} '/^[[:digit:]]/ { print $3; }' \
| ${SED_BIN} 's/^0*//' )
do
mmstat="$( ${MMSTAT_BIN} -t bsd -o "${offset1}" "${SOURCE}" 2>/dev/null )"
# if not a BSD VBR
if [ -z "${mmstat}" ] ; then
fsstat1="$( ${FSSTAT_BIN} -o "${offset1}" "${SOURCE}" 2>/dev/null )"
# if file system type is known
if [ -n "${fsstat1}" ] ; then
echo "${fsstat1}" \
| ${AWK_BIN} '/File System Type|Volume (ID|Name|Label)/ { print; }' \
> "${TMP}/fsinfo-${offset1}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
echo >> "${TMP}/fsinfo-${offset1}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
${FLS_BIN} -o "${offset1}" "${SOURCE}" \
>> "${TMP}/fsinfo-${offset1}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
else
for block in $( ${PSTAT_BIN} -o "${offset1}" "${SOURCE}" 2>/dev/null | ${AWK_BIN} '/APSB Block Number:/ { print $NF; }' ) ; do
fsstat11="$( ${FSSTAT_BIN} -o "${offset1}" -B "${block}" "${SOURCE}" 2>/dev/null )"
# if file system type of a pool is known
if [ -n "${fsstat11}" ] ; then
echo "${fsstat11}" \
| ${AWK_BIN} '/File System Type|Volume UUID|APSB Block Number|Name \(Role\)/ { print; }' \
> "${TMP}/fsinfo-${offset1}-${block}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
echo >> "${TMP}/fsinfo-${offset1}-${block}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
${FLS_BIN} -o "${offset1}" -B "${block}" "${SOURCE}" \
>> "${TMP}/fsinfo-${offset1}-${block}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
fi
done
fi
# if a BSD VBR
else
echo "${mmstat}" > "${TMP}/mmstat-${offset1}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
for offset2 in $( ${MMLS_BIN} -t bsd -o "${offset1}" -aM "${SOURCE}"
| ${AWK_BIN} '/^[[:digit:]]/ { print $3; }' \
| ${SED_BIN} 's/^0*//' )
do
fsstat2="$( ${FSSTAT_BIN} -o "${offset2}" "${SOURCE}" 2>/dev/null )"
if [ -n "${fsstat2}" ] ; then
echo "${fsstat2}" \
| ${AWK_BIN} '/File System Type|Volume (ID|Name|Label)/ { print; }' \
> "${TMP}/fsinfo-${offset2}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
echo >> "${TMP}/fsinfo-${offset2}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
${FLS_BIN} -o "${offset2}" "${SOURCE}" \
>> "${TMP}/fsinfo-${offset2}-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
fi
done
fi
done | ${ZENITY_BIN} --progress \
--title="fsinfo (stat and ls root)" \
--text="Please wait..." \
--pulsate
#-------------------------------------------------------------------------------
# Display content of the resultfiles.
#-------------------------------------------------------------------------------
for resultfile in $( ${FIND_BIN} "${TMP}" -type f -name "fsinfo-*-$( ${BASENAME_BIN} "${SOURCE}" ).txt" ) ; do
display_resultfile "${resultfile}"
done
exit 0