From cb4450f8ef058349eb89f6baf746b4e52ec8e3c1 Mon Sep 17 00:00:00 2001 From: s4ros Date: Thu, 20 Jun 2019 23:58:03 +0200 Subject: [PATCH 1/4] Dockerize the `scalpel` app --- .dockerignore | 4 ++++ .gitignore | 3 +++ Dockerfile | 18 ++++++++++++++++++ README => README.md | 34 ++++++++++++++++++++++++---------- 4 files changed, 49 insertions(+), 10 deletions(-) create mode 100644 .dockerignore create mode 100644 Dockerfile rename README => README.md (90%) diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..8271267 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +pendrive.img +device.img +.git +recovery diff --git a/.gitignore b/.gitignore index 0172ee6..fcca976 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +pendrive.img +device.img +recovery # Compiled Object files *.slo *.lo diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2149069 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM ubuntu:16.04 + +# ADD https://github.com/sleuthkit/scalpel/archive/master.zip / +COPY . /scalpel + +RUN apt-get update && \ + apt-get install -y -qq \ + automake \ + default-jdk \ + g++ \ + libtool \ + libtre-dev \ + make \ + unzip + +WORKDIR /scalpel +RUN ./bootstrap && ./configure --disable-shared && make +CMD ["./scalpel", "-o /recovery", "device.img"] diff --git a/README b/README.md similarity index 90% rename from README rename to README.md index 241bf93..1dfccba 100644 --- a/README +++ b/README.md @@ -1,3 +1,24 @@ +# s4ros/scalpel + +In courtesy of https://github.com/sleuthkit/scalpel + +## Docker + +### Run the container + +```sh +docker run --rm -it \ + -v $(pwd)/device.img:/scalpel/device.img \ + -v $(pwd)/recovery:/recovery \ + s4ros/scalpel +``` + +#### Volumes description +There are two docker volumes that you need to mount to recover any files from the `device.img` + +* `/scalpel/device.img` - this has to be the image file of the device you want to recovery data from +* `/recovery` - this is the place where any recovered files will be written + ******************************************************************** As of 6/27/2013 Scalpel has been released under the Apache 2.0 License @@ -71,13 +92,13 @@ int the future. COMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS: -Linux/Mac OS X: +Linux/Mac OS X: % ./bootstrap -% ./configure +% ./configure % make Windows (mingw): -cd src +cd src mingw32-make -f Makefile.win @@ -128,10 +149,3 @@ distributed with tre-0.7.5, which is licensed under the LGPL. Cheers, --Golden and Vico. - - - - - - - From 7ee32ab7f19f48dc9f210657598a0c970ee77395 Mon Sep 17 00:00:00 2001 From: s4ros Date: Fri, 21 Jun 2019 00:30:15 +0200 Subject: [PATCH 2/4] Add `run.sh` for ease of use --- run.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100755 run.sh diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..7bdf1c8 --- /dev/null +++ b/run.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + + +# set -x +ERRORS=() + +PWD=$(pwd) + +if [[ ! -f ${PWD}/device.img ]]; then + ERRORS+=("No ${PWD}/device.img file available!") +fi + +if [[ ! -d ${PWD}/recovery ]]; then + ERRORS+=("No ${PWD}/recovery directory available!") +fi + +function print_errors() { + # echo Num of array items "${#ERRORS[@]}" + if [[ ${#ERRORS[*]} -gt 0 ]]; then + echo "There are ${#ERRORS[@]} errors:" + for item in "${ERRORS[@]}"; do + echo "- $item" + done + return 1 + fi + return 0 +} + +print_errors || exit 1 + +docker run --rm -it \ + -v ${PWD}/device.img:/scalpel/device.img \ + -v ${PWD}/recovery:/recovery \ +s4ros/scalpel From 350e03bae35d2828ee4014dabd358b7cd7a71862 Mon Sep 17 00:00:00 2001 From: s4ros Date: Fri, 21 Jun 2019 00:46:52 +0200 Subject: [PATCH 3/4] Dockerfile optimizations --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2149069..b110e34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,14 +4,15 @@ FROM ubuntu:16.04 COPY . /scalpel RUN apt-get update && \ - apt-get install -y -qq \ + apt-get install -y -qq --no-install-recommends \ automake \ default-jdk \ g++ \ libtool \ libtre-dev \ make \ - unzip + unzip && \ + rm -rf /var/lib/apt/lists/* WORKDIR /scalpel RUN ./bootstrap && ./configure --disable-shared && make From 6726968dc48e41ca4ce5b6b2bc92cf69bc142333 Mon Sep 17 00:00:00 2001 From: s4ros Date: Fri, 21 Jun 2019 01:37:00 +0200 Subject: [PATCH 4/4] Add docker entrypoint * fixed `run.sh` script * fixed docker volumes --- Dockerfile | 4 ++-- README.md | 4 +++- entrypoint.sh | 35 +++++++++++++++++++++++++++++++++++ run.sh | 10 +++++----- 4 files changed, 45 insertions(+), 8 deletions(-) create mode 100755 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index b110e34..48cbc35 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ FROM ubuntu:16.04 # ADD https://github.com/sleuthkit/scalpel/archive/master.zip / -COPY . /scalpel RUN apt-get update && \ apt-get install -y -qq --no-install-recommends \ @@ -14,6 +13,7 @@ RUN apt-get update && \ unzip && \ rm -rf /var/lib/apt/lists/* +COPY . /scalpel WORKDIR /scalpel RUN ./bootstrap && ./configure --disable-shared && make -CMD ["./scalpel", "-o /recovery", "device.img"] +ENTRYPOINT ["/scalpel/entrypoint.sh"] diff --git a/README.md b/README.md index 1dfccba..1aa0eee 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ In courtesy of https://github.com/sleuthkit/scalpel ```sh docker run --rm -it \ -v $(pwd)/device.img:/scalpel/device.img \ - -v $(pwd)/recovery:/recovery \ + -v $(pwd)/recovery:/scalpel/recovery \ s4ros/scalpel ``` @@ -19,6 +19,8 @@ There are two docker volumes that you need to mount to recover any files from th * `/scalpel/device.img` - this has to be the image file of the device you want to recovery data from * `/recovery` - this is the place where any recovered files will be written +## + ******************************************************************** As of 6/27/2013 Scalpel has been released under the Apache 2.0 License diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..8b87cb9 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + + +# set -x +ERRORS=() + +PWD=/scalpel + +if [[ ! -f ${PWD}/device.img ]]; then + ERRORS+=("No ${PWD}/device.img file available!") +fi + +if [[ ! -d ${PWD}/recovery ]]; then + ERRORS+=("No ${PWD}/recovery directory available!") +fi + +function print_errors() { + # echo Num of array items "${#ERRORS[@]}" + if [[ ${#ERRORS[*]} -gt 0 ]]; then + echo "There are ${#ERRORS[@]} errors:" + for item in "${ERRORS[@]}"; do + echo "- $item" + done + return 1 + fi + return 0 +} + +print_errors || exit 1 + +if [[ $# -gt 0 ]]; then + eval "$@" +else + ./scalpel -o ${PWD}/recovery ${PWD}/device.img +fi diff --git a/run.sh b/run.sh index 7bdf1c8..9425578 100755 --- a/run.sh +++ b/run.sh @@ -10,9 +10,9 @@ if [[ ! -f ${PWD}/device.img ]]; then ERRORS+=("No ${PWD}/device.img file available!") fi -if [[ ! -d ${PWD}/recovery ]]; then - ERRORS+=("No ${PWD}/recovery directory available!") -fi +# if [[ ! -d ${PWD}/recovery ]]; then +# ERRORS+=("No ${PWD}/recovery directory available!") +# fi function print_errors() { # echo Num of array items "${#ERRORS[@]}" @@ -30,5 +30,5 @@ print_errors || exit 1 docker run --rm -it \ -v ${PWD}/device.img:/scalpel/device.img \ - -v ${PWD}/recovery:/recovery \ -s4ros/scalpel + -v ${PWD}/recovery:/scalpel/recovery \ +s4ros/scalpel $@