-
Notifications
You must be signed in to change notification settings - Fork 0
/
analyse_image.sh
executable file
·54 lines (41 loc) · 1.4 KB
/
analyse_image.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/sh
sudo apt-get install python-lzma
if [ "$#" -ne 1 ] || [ ! -f "$1" ]; then
echo "[ERROR] Usage: ./analyse_image.sh <image>"
exit 1
fi
echo "[INFO] Verify that Plaso is installed."
if [ -z $(find . -maxdepth 1 -type d -name 'plaso-*' -print -quit) ]; then
echo "[ERROR] Plaso is not installed."
echo "[INFO] Start the installation? (y/n)"
read answer
if [ "$answer" != "y" ] && [ "$answer" != "n" ]; then
echo "[ERROR] Invalid answer. Just type 'y' (yes) or 'n' (no)"
exit 2
fi
if [ "$answer" = "y" ]; then
./install_plaso.sh
else
echo "[INFO] Not installing Plaso."
exit 3
fi
fi
echo "[INFO] Plaso is installed."
echo "[INFO] Generating the Plaso file for the provided image"
mkdir -p outputs
img_name=$(echo "$1" | rev | cut -d '/' -f 1 | rev)
date=$(date "+%d%m%y-%H%M%S")
log2timeline.py outputs/$img_name-$date-result.plaso $1 --artifact_definitions artifacts-20180827/data
if [ "$?" -ne 0 ]; then
echo "[ERROR] Failed to generate Plaso file."
exit 4
fi
echo "[INFO] Generated outputs/$1-result.plaso."
echo "[INFO] Analysing the result file."
psort.py -w "outputs/$img_name-$date-result.txt" "outputs/$img_name-$date-result.plaso"
if [ "$?" -ne 0 ]; then
echo "[ERROR] Failed to analyse the result file."
exit 5
fi
echo "[INFO] Generated outputs/$img_name-$date-result.txt with the analyse results"
exit 0