Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerize scalpel #44

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
pendrive.img
device.img
.git
recovery
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
pendrive.img
device.img
recovery
# Compiled Object files
*.slo
*.lo
Expand Down
19 changes: 19 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
FROM ubuntu:16.04

# ADD https://github.com/sleuthkit/scalpel/archive/master.zip /

RUN apt-get update && \
apt-get install -y -qq --no-install-recommends \
Comment on lines +5 to +6

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
RUN apt-get update && \
apt-get install -y -qq --no-install-recommends \
RUN apt update && \
apt install -y -qq --no-install-recommends \

it's time to let go of apt-get

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apt-get should still be used in scripts

automake \
default-jdk \
g++ \
libtool \
libtre-dev \
make \
unzip && \
rm -rf /var/lib/apt/lists/*

COPY . /scalpel
WORKDIR /scalpel
RUN ./bootstrap && ./configure --disable-shared && make
ENTRYPOINT ["/scalpel/entrypoint.sh"]
36 changes: 26 additions & 10 deletions README → README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,26 @@
# s4ros/scalpel
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be changed to sleuthkit


In courtesy of https://github.com/sleuthkit/scalpel
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This segment should be removed, since this will actually be in the official sleuthkit repository


## Docker

### Run the container

```sh
docker run --rm -it \
-v $(pwd)/device.img:/scalpel/device.img \
-v $(pwd)/recovery:/scalpel/recovery \
s4ros/scalpel
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be changed to sleuthkit

```

#### Volumes description
There are two docker volumes that you need to mount to recover any files from the `device.img`

* `/scalpel/device.img` - this has to be the image file of the device you want to recovery data from
* `/recovery` - this is the place where any recovered files will be written

##

********************************************************************

As of 6/27/2013 Scalpel has been released under the Apache 2.0 License
Expand Down Expand Up @@ -71,13 +94,13 @@ int the future.

COMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS:

Linux/Mac OS X:
Linux/Mac OS X:
% ./bootstrap
% ./configure
% ./configure
% make

Windows (mingw):
cd src
cd src
mingw32-make -f Makefile.win


Expand Down Expand Up @@ -128,10 +151,3 @@ distributed with tre-0.7.5, which is licensed under the LGPL.
Cheers,

--Golden and Vico.







35 changes: 35 additions & 0 deletions entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/usr/bin/env bash


# set -x
ERRORS=()

PWD=/scalpel

if [[ ! -f ${PWD}/device.img ]]; then
ERRORS+=("No ${PWD}/device.img file available!")
fi

if [[ ! -d ${PWD}/recovery ]]; then
ERRORS+=("No ${PWD}/recovery directory available!")
fi

function print_errors() {
# echo Num of array items "${#ERRORS[@]}"
if [[ ${#ERRORS[*]} -gt 0 ]]; then
echo "There are ${#ERRORS[@]} errors:"
for item in "${ERRORS[@]}"; do
echo "- $item"
done
return 1
fi
return 0
}

print_errors || exit 1

if [[ $# -gt 0 ]]; then
eval "$@"
else
./scalpel -o ${PWD}/recovery ${PWD}/device.img
fi
34 changes: 34 additions & 0 deletions run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash


# set -x
ERRORS=()

PWD=$(pwd)

if [[ ! -f ${PWD}/device.img ]]; then
ERRORS+=("No ${PWD}/device.img file available!")
fi

# if [[ ! -d ${PWD}/recovery ]]; then
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commented out code should be removed before pushing to production

# ERRORS+=("No ${PWD}/recovery directory available!")
# fi

function print_errors() {
# echo Num of array items "${#ERRORS[@]}"
if [[ ${#ERRORS[*]} -gt 0 ]]; then
echo "There are ${#ERRORS[@]} errors:"
for item in "${ERRORS[@]}"; do
echo "- $item"
done
return 1
fi
return 0
}

print_errors || exit 1

docker run --rm -it \
-v ${PWD}/device.img:/scalpel/device.img \
-v ${PWD}/recovery:/scalpel/recovery \
s4ros/scalpel $@
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be changed to sleuthkit