{"id":18192001,"url":"https://github.com/codekow/ez-forensics","last_synced_at":"2025-04-07T16:28:37.143Z","repository":{"id":188375345,"uuid":"678628656","full_name":"codekow/ez-forensics","owner":"codekow","description":"A collection of tools for forensics when you left your other bag of tools at home","archived":false,"fork":false,"pushed_at":"2023-12-18T02:34:10.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-21T06:21:20.846Z","etag":null,"topics":["cyber-security","forensics","forensics-tools","linux"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codekow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-15T01:55:01.000Z","updated_at":"2023-09-21T17:23:22.000Z","dependencies_parsed_at":"2023-12-18T03:29:11.510Z","dependency_job_id":"e9613cfa-24d8-4b0a-a0fb-cc34ccb7d759","html_url":"https://github.com/codekow/ez-forensics","commit_stats":null,"previous_names":["codekow/ez-forensics"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codekow%2Fez-forensics","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codekow%2Fez-forensics/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codekow%2Fez-forensics/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codekow%2Fez-forensics/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codekow","download_url":"https://codeload.github.com/codekow/ez-forensics/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238715805,"owners_count":19518546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber-security","forensics","forensics-tools","linux"],"created_at":"2024-11-03T06:41:59.453Z","updated_at":"2025-02-13T18:46:06.723Z","avatar_url":"https://github.com/codekow.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Universal Forensic Notes\n\nThis repo has a collection of quick notes and scripts to be used\non most Linux systems to collect and process forensic data\n\n## Adhoc Commands\n\n```\n# create scratch dir\nmkdir scratch\ncd scratch\n\n# define input / output\nread -rp \"Enter Input Name: \" INPUT\nread -rp \"Enter Output Name: \" OUTPUT\n\n# create verify hashes\nFILENAME=$(basename ${INPUT})\ndd bs=4096 conv=noerror,sync if=${INPUT} | \\\n  tee \\\n  \u003e(md5sum \u003e ${FILENAME}.md5sum) \\\n  \u003e(sha256sum \u003e ${FILENAME}.sha256sum) \\\n  \u003e(sha1sum \u003e ${FILENAME}.sha1sum) \\\n  | pv \u003e ${FILENAME}\n\n# create verify hashes\ncat ${OUTPUT} | \\\n  tee \\\n  \u003e(md5sum \u003e ${OUTPUT}.md5sum) \\\n  \u003e(sha256sum \u003e ${OUTPUT}.sha256sum) \\\n  | sha1sum \u003e ${OUTPUT}.sha1sum\n\n# make squashfs directly from dd\nmksquashfs scratch ${OUTPUT}.squashfs \\\n  -all-root \\\n  -noappend \\\n  -p \"${OUTPUT}.raw f 400 root root dd bs=4096 conv=noerror,sync if=${INPUT}\"\n\n# make squashfs from scratch folder\nmksquashfs scratch ${OUTPUT}.squashfs -all-root -noappend\n\n# convert gzip image to squashfs\nmksquashfs scratch ${OUTPUT}.squashfs \\\n  -all-root \\\n  -noappend \\\n  -p \"${OUTPUT}.raw f 400 root root gunzip -c ${INPUT}\"\n\n# mount squashfs\nmount ${OUTPUT}.squashfs /mnt/tmp\n```\n\nExample\n\n```\nmkdir scratch\n\nOUTPUT=backup\n\nfor PART in /dev/sda?\ndo\n  mksquashfs scratch ${OUTPUT}.squashfs \\\n    -comp zstd \\\n    -no-xattrs \\\n    -all-root \\\n    -p \"$(basename ${PART}).raw f 400 root root sudo dd bs=4096 conv=noerror,sync if=${PART}\"\ndone\n\nfor PART in /dev/sda?\ndo\n  sudo dd bs=4096 conv=noerror,sync if=${PART} | \\\n  tee \\\n  \u003e(md5sum \u003e scratch/$(basename ${PART}).md5sum) \\\n  \u003e(sha256sum \u003e scratch/$(basename ${PART}).sha256sum) \\\n  | sha1sum \u003e scratch/$(basename ${PART}).sha1sum\ndone\n\nsudo smartctl -x /dev/sda \u003e scratch/hdinfo.txt\nsudo sfdisk -d /dev/sda \u003e scratch/sfdisk.txt\n\nmksquashfs scratch ${OUTPUT}.squashfs \\\n  -no-xattrs \\\n  -all-root\n\n```\n\n## Links\n\n- https://linuxreviews.org/Comparison_of_Compression_Algorithms\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodekow%2Fez-forensics","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodekow%2Fez-forensics","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodekow%2Fez-forensics/lists"}