Created
August 9, 2012 23:34
-
-
Save uid0/3309040 to your computer and use it in GitHub Desktop.
Revisions
-
uid0 created this gist
Aug 9, 2012 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,74 @@ #!/bin/bash CLIENT="${1}" CASE="${2}" TAG="${3}" SERIALNO="${4}" SOURCEDEV="${5}" DESTPATH="${6}" OUTPUTPATH=$DESTPATH/$CLIENT/$CASE/$TAG-$SERIALNO LOGFILE=$OUTPUTPATH/log/$TAG-$SERIALNO.log STDERRLOG=$OUTPUTPATH/log/$TAG-$SERIALNO.stderr.log SEPERATOR="--------------------------------------------\r" if [ "$#" != 6 ]; then echo "Usage: acquire_disk.sh CLIENT CASE TAG SERIALNO SOURCEDEV DESTPATH" exit 2 fi # check directories, created if needed if [ ! -d "$DESTPATH" ]; then echo "Destination path [$DESTPATH] does not exist, exiting" exit 1 fi if [ -d "$DESTPATH/$CLIENT/$CASE/$TAG-$SERIALNO" ]; then echo "$DESTPATH/$CLIENT/$CASE/$TAG-$SERIALNO already exists, can't overwrite evidence" exit 1 fi GOTROOT=`whoami` if [ "$GOTROOT" != "root" ]; then echo "must be root to execute" exit 1 fi mkdir -p $OUTPUTPATH/log echo -e "Start date/time" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`/bin/date`\n" >> $LOGFILE 2>> $STDERRLOG echo -e "uname -a" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`uname -a`\n" >> $LOGFILE 2>> $STDERRLOG echo -e "dmesg | tail -50" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`dmesg | tail -50`\n" >> $LOGFILE 2>> $STDERRLOG echo -e "lshw" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`lshw`\n" >> $LOGFILE 2>> $STDERRLOG VERSION=`fdisk -v` echo -e "fdisk -l $SOURCEDEV [$VERSION]" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`fdisk -l $SOURCEDEV`\n" >> $LOGFILE 2>> $STDERRLOG VERSION=`mmls -V` echo -e "mmls $SOURCEDEV [$VERSION]" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`mmls $SOURCEDEV`\n" >> $LOGFILE 2>> $STDERRLOG VERSION=`fsstat -V` echo -e "fsstat $SOURCEDEV [$VERSION]" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`fsstat $SOURCEDEV`\n" >> $LOGFILE 2>> $STDERRLOG VERSION=`dc3dd --version 2>&1 | grep dc3dd` echo -e "dc3dd [$VERSION]" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "dc3dd if=$SOURCEDEV of=$OUTPUTPATH/$TAG-$SERIALNO.dc3dd verb=on hash=sha256 hlog=$OUTPUTPATH/log/$TAG-$SERIALNO.hashlog log=$OUTPUTPATH/log/$TAG-$SERIALNO.log rec=off\n" >> $LOGFILE dc3dd if=$SOURCEDEV of=$OUTPUTPATH/$TAG-$SERIALNO.dc3dd verb=on hash=sha256 hlog=$OUTPUTPATH/log/$TAG-$SERIALNO.hashlog log=$OUTPUTPATH/log/ $TAG-$SERIALNO.log rec=off echo -e "ls -lR $DESTPATH/$CLIENT/$CASE/$TAG-$SERIALNO" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`ls -lR $DESTPATH/$CLIENT/$CASE/$TAG-$SERIALNO`\n" >> $LOGFILE echo -e "End date/time" >> $LOGFILE echo -e "$SEPERATOR" >> $LOGFILE echo -e "`/bin/date`\n" >> $LOGFILE #sha256sum all log files cd $OUTPUTPATH/log/ sha256sum * > $TAG-$SERIALNO.sha256.log