Skip to content

Commit

Permalink
version v0.23.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@cuhsat
cuhsat committed Jun 7, 2024
1 parent 16de3e9 commit 4b7820d
Show file tree
Hide file tree
Showing 12 changed files with 123 additions and 140 deletions.
1 change: 0 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ Forensic Artifacts Collecting Toolkit.
- [fmount](docs/fmount.md)
- [fmount.dd](docs/fmount.dd.md)
- [fmount.vmdk](docs/fmount.vmdk.md)
- [fkey](docs/fkey.md)
- [ffind](docs/ffind.md)
- [flog](docs/flog.md)
- [flog.evtx](docs/flog.evtx.md)
Expand Down
54 changes: 0 additions & 54 deletions cmd/fkey/main.go
View file

This file was deleted.

15 changes: 10 additions & 5 deletions cmd/fmount.dd/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// Usage:
//
// fmount.dd [-fsuzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
// fmount.dd [-fruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
//
// The flags are:
//
Expand All @@ -16,10 +16,12 @@
// The hash sum to verify.
// -f
// Force type (bypass check).
// -s
// System partition only.
// -r
// Search recovery key ids.
// -u
// Unmount image.
// -s
// System partition only.
// -z
// Unzip image.
// -q
Expand Down Expand Up @@ -51,6 +53,7 @@ func main() {
H := flag.String("H", "", "Hash algorithm")
V := flag.String("V", "", "Hash sum")
f := flag.Bool("f", false, "Force mounting")
r := flag.Bool("r", false, "Recovery key ids")
s := flag.Bool("s", false, "System partition only")
u := flag.Bool("u", false, "Unmount image")
z := flag.Bool("z", false, "Unzip image")
Expand All @@ -68,7 +71,7 @@ func main() {
}

if *h || len(img) == 0 {
sys.Usage("fmount.dd [-fsuzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE")
sys.Usage("fmount.dd [-fruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE")
}

if *q {
Expand Down Expand Up @@ -115,7 +118,9 @@ func main() {

var err error

if *u {
if *r {
_, err = dd.KeyIds(img)
} else if *u {
err = dd.Unmount(img)
} else {
_, err = dd.Mount(img, *D, *B, *s)
Expand Down
15 changes: 10 additions & 5 deletions cmd/fmount.vmdk/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// Usage:
//
// fmount.vmdk [-fsuzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
// fmount.vmdk [-fruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
//
// The flags are:
//
Expand All @@ -16,10 +16,12 @@
// The hash sum to verify.
// -f
// Force type (bypass check).
// -s
// System partition only.
// -r
// Search recovery key ids.
// -u
// Unmount image.
// -s
// System partition only.
// -z
// Unzip image.
// -q
Expand Down Expand Up @@ -51,6 +53,7 @@ func main() {
H := flag.String("H", "", "Hash algorithm")
V := flag.String("V", "", "Hash sum")
f := flag.Bool("f", false, "Force mounting")
r := flag.Bool("r", false, "Recovery key ids")
s := flag.Bool("s", false, "System partition only")
u := flag.Bool("u", false, "Unmount image")
z := flag.Bool("z", false, "Unzip image")
Expand All @@ -68,7 +71,7 @@ func main() {
}

if *h || len(img) == 0 {
sys.Usage("fmount.vmdk [-fsuzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE")
sys.Usage("fmount.vmdk [-fruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE")
}

if *q {
Expand Down Expand Up @@ -115,7 +118,9 @@ func main() {

var err error

if *u {
if *r {
_, err = vmdk.KeyIds(img)
} else if *u {
err = vmdk.Unmount(img)
} else {
_, err = vmdk.Mount(img, *D, *B, *s)
Expand Down
21 changes: 14 additions & 7 deletions cmd/fmount/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// Usage:
//
// fmount [-suzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-T RAW|DD|VMDK] [-D DIR] IMAGE
// fmount [-ruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-T RAW|DD|VMDK] [-D DIR] IMAGE
//
// The flags are:
//
Expand All @@ -16,10 +16,12 @@
// The hash algorithm to use.
// -V sum
// The hash sum to verify.
// -s
// System partition only.
// -r
// Search recovery key ids.
// -u
// Unmount image.
// -s
// System partition only.
// -z
// Unzip image.
// -q
Expand Down Expand Up @@ -52,8 +54,9 @@ func main() {
B := flag.String("B", "", "BitLocker key")
H := flag.String("H", "", "Hash algorithm")
V := flag.String("V", "", "Hash sum")
s := flag.Bool("s", false, "System partition only")
r := flag.Bool("r", false, "Recovery key ids")
u := flag.Bool("u", false, "Unmount image")
s := flag.Bool("s", false, "System partition only")
z := flag.Bool("z", false, "Unzip image")
q := flag.Bool("q", false, "Quiet mode")
h := flag.Bool("h", false, "Show usage")
Expand All @@ -69,7 +72,7 @@ func main() {
}

if *h || len(img) == 0 {
sys.Usage("fmount [-suzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-T RAW|DD|VMDK] [-D DIR] IMAGE")
sys.Usage("fmount [-ruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-T RAW|DD|VMDK] [-D DIR] IMAGE")
}

it, err := fmount.DetectType(img, *T)
Expand All @@ -96,14 +99,18 @@ func main() {
args = append(args, "-V", *V)
}

if *s {
args = append(args, "-s")
if *r {
args = append(args, "-r")
}

if *u {
args = append(args, "-u")
}

if *s {
args = append(args, "-s")
}

if *z {
args = append(args, "-z")
}
Expand Down
20 changes: 0 additions & 20 deletions docs/fkey.md
View file

This file was deleted.

5 changes: 3 additions & 2 deletions docs/fmount.dd.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
Mount forensic raw or dd disk images for read-only processing.

```sh
# fmount.dd [-fsuzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
# fmount.dd [-fruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
```

Available options:
Expand All @@ -12,8 +12,9 @@ Available options:
- `-H` Hash algorithm
- `-V` Verify hash sum
- `-f` Force type
- `-s` System partition only
- `-r` Recovery key ids
- `-u` Unmount image
- `-s` System partition only
- `-z` Unzip image
- `-q` Quiet mode
- `-h` Show usage
Expand Down
5 changes: 3 additions & 2 deletions docs/fmount.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
Mount forensic disk images for read-only processing.

```sh
# fmount [-suzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-T RAW|DD|VMDK] [-D DIR] IMAGE
# fmount [-ruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-T RAW|DD|VMDK] [-D DIR] IMAGE
```

Available options:
Expand All @@ -12,8 +12,9 @@ Available options:
- `-B` BitLocker key
- `-H` Hash algorithm
- `-V` Verify hash sum
- `-s` System partition only
- `-r` Recovery key ids
- `-u` Unmount image
- `-s` System partition only
- `-z` Unzip image
- `-q` Quiet mode
- `-h` Show usage
Expand Down
5 changes: 3 additions & 2 deletions docs/fmount.vmdk.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
Mount forensic [VMDK](https://forensics.wiki/vmware_virtual_disk_format_%28vmdk%29/) disk images for read-only processing.

```sh
# fmount.vmdk [-fsuzqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
# fmount.vmdk [-fruszqhv] [-H CRC32|MD5|SHA1|SHA256] [-V SUM] [-B KEY] [-D DIR] IMAGE
```

Available options:
Expand All @@ -12,8 +12,9 @@ Available options:
- `-H` Hash algorithm
- `-V` Verify hash sum
- `-f` Force type
- `-s` System partition only
- `-r` Recovery key ids
- `-u` Unmount image
- `-s` System partition only
- `-z` Unzip image
- `-q` Quiet mode
- `-h` Show usage
Expand Down
42 changes: 0 additions & 42 deletions pkg/fkey/fkey.go
View file

This file was deleted.

Loading

0 comments on commit 4b7820d

Please sign in to comment.