diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..8271267 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +pendrive.img +device.img +.git +recovery diff --git a/.gitignore b/.gitignore index 0172ee6..fcca976 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +pendrive.img +device.img +recovery # Compiled Object files *.slo *.lo diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..48cbc35 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:16.04 + +# ADD https://github.com/sleuthkit/scalpel/archive/master.zip / + +RUN apt-get update && \ + apt-get install -y -qq --no-install-recommends \ + automake \ + default-jdk \ + g++ \ + libtool \ + libtre-dev \ + make \ + unzip && \ + rm -rf /var/lib/apt/lists/* + +COPY . /scalpel +WORKDIR /scalpel +RUN ./bootstrap && ./configure --disable-shared && make +ENTRYPOINT ["/scalpel/entrypoint.sh"] diff --git a/README b/README.md similarity index 90% rename from README rename to README.md index 241bf93..1aa0eee 100644 --- a/README +++ b/README.md @@ -1,3 +1,26 @@ +# s4ros/scalpel + +In courtesy of https://github.com/sleuthkit/scalpel + +## Docker + +### Run the container + +```sh +docker run --rm -it \ + -v $(pwd)/device.img:/scalpel/device.img \ + -v $(pwd)/recovery:/scalpel/recovery \ + s4ros/scalpel +``` + +#### Volumes description +There are two docker volumes that you need to mount to recover any files from the `device.img` + +* `/scalpel/device.img` - this has to be the image file of the device you want to recovery data from +* `/recovery` - this is the place where any recovered files will be written + +## + ******************************************************************** As of 6/27/2013 Scalpel has been released under the Apache 2.0 License @@ -71,13 +94,13 @@ int the future. COMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS: -Linux/Mac OS X: +Linux/Mac OS X: % ./bootstrap -% ./configure +% ./configure % make Windows (mingw): -cd src +cd src mingw32-make -f Makefile.win @@ -128,10 +151,3 @@ distributed with tre-0.7.5, which is licensed under the LGPL. Cheers, --Golden and Vico. - - - - - - - diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..8b87cb9 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + + +# set -x +ERRORS=() + +PWD=/scalpel + +if [[ ! -f ${PWD}/device.img ]]; then + ERRORS+=("No ${PWD}/device.img file available!") +fi + +if [[ ! -d ${PWD}/recovery ]]; then + ERRORS+=("No ${PWD}/recovery directory available!") +fi + +function print_errors() { + # echo Num of array items "${#ERRORS[@]}" + if [[ ${#ERRORS[*]} -gt 0 ]]; then + echo "There are ${#ERRORS[@]} errors:" + for item in "${ERRORS[@]}"; do + echo "- $item" + done + return 1 + fi + return 0 +} + +print_errors || exit 1 + +if [[ $# -gt 0 ]]; then + eval "$@" +else + ./scalpel -o ${PWD}/recovery ${PWD}/device.img +fi diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..9425578 --- /dev/null +++ b/run.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + + +# set -x +ERRORS=() + +PWD=$(pwd) + +if [[ ! -f ${PWD}/device.img ]]; then + ERRORS+=("No ${PWD}/device.img file available!") +fi + +# if [[ ! -d ${PWD}/recovery ]]; then +# ERRORS+=("No ${PWD}/recovery directory available!") +# fi + +function print_errors() { + # echo Num of array items "${#ERRORS[@]}" + if [[ ${#ERRORS[*]} -gt 0 ]]; then + echo "There are ${#ERRORS[@]} errors:" + for item in "${ERRORS[@]}"; do + echo "- $item" + done + return 1 + fi + return 0 +} + +print_errors || exit 1 + +docker run --rm -it \ + -v ${PWD}/device.img:/scalpel/device.img \ + -v ${PWD}/recovery:/scalpel/recovery \ +s4ros/scalpel $@