This Bash script is designed for processing and extracting data from a specified input file utilizing The Sleuth Kit. It offers various features including checking dependencies, extracting data based on inode values, and providing an interactive search within the filesystem.
- Dependency Checking: Ensures all necessary tools are installed.
- Data Extraction: Facilitates extraction of data based on inode values.
- Interactive Search: Allows for searching text within the filesystem and selecting specific nodes for processing.
- Arbitrary Command Execution: Enables execution of user-specified commands.
To use the script, run:
./script.sh -o OFFSET -f INPUT_FILE-o OFFSET: Specifies the offset value to be used in the script
-f INPUT_FILE: Defines the input file for the script to process
-d: Checks if all dependencies are installed.
After initial processing, the script enters an interactive mode with the following commands:
'i': Inspect specific file via inode
's': Perform a filename text search
'c': Execute an arbitrary command
'q': Exit the script
Output directory: out/
Extracted data directory: out/extracted
./run.sh -o 2048 -f example.ddfls, grep, awk, sed, strings, icat