0009133: AIC- Automated Image Collecto - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0009133	Kali Linux	New Tool Requests	public	2025-04-11 05:22	2025-04-23 14:02

Reporter	Protheophage	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open

Summary	0009133: AIC- Automated Image Collecto
Description	Name: Automated Image Collector (AIC) V 2.0 Description: Automates the process of imaging and cloning all drives attached to your computer, excluding the boot drive and the destination drive. For forensic image collections, it supports optional hashing, logging, and the use of DC3DD or DD Source Code: https://github.com/Protheophage/Bash/tree/main/FunctionsAndModules/ForensicTools Author: Colby Connolly (protheophage) License: GNU v3 - Distributed freely via my github with no conditions. Dependencies: dc3dd and dd Activity: I started this project about 8 years ago. I completed version 1 and submitted it, but my code was an unreadable cluster. I recently completed version 2 with clean code, and more features. Such as hashing, logging, and the option to use dd or dc3dd. How to Install: dpkg -i AutomatedImageCollector-2.0.deb Packaged?: Yes, it is packaged Package Source : https://github.com/Protheophage/DebPackages/tree/main/AIC How to Use: It is meant to be used with a live usb to collect images of all storage devices in or attached to a computer. You can simply type AIC, and it will auto-exclude the boot device, search for a drive named DestDir, and prompt for a destination if one is not found. This will default to using dd with no logging or hashing. You can also use AIC -3 -h -l -d "/dev/sdd1" to specify that you want to use dc3dd, hash for integrity, enable logging, and specify the destination drive as /dev/sdd1.
Attached Files	AutomatedImageCollector-2.0.deb (3,300 bytes) AutomatedImageCollector.1 (3,122 bytes) .TH AIC 1 "August 2024" "2.0" "Automated Image Collector" .SH NAME AIC \- Automated Imaging and Cloning .SH SYNOPSIS .B AIC [\-\-dc3dd \| \-3] [\-\-hash \| \-h] [\-\-whatif \| \-w] [\-\-log \| \-l LOG_DIR] [\-\-destination \| \-d DEST_DRIVE] .SH DESCRIPTION The .B AIC Automates the process of imaging and cloning all drives attached to your computer, excluding the boot drive and the destination drive. For forensic image collections, it supports optional hashing, logging, and the use of .B dc3dd. .SH OPTIONS .TP .B \-\-dc3dd, \-3 Use .B dc3dd instead of .B dd for imaging. .TP .B \-\-hash, \-h Generate SHA-256 hashes for the source and destination images. .TP .B \-\-whatif, \-w Simulate the imaging process without making any changes. Displays the actions that would be performed. .TP .B \-\-log, \-l Enable logging. Logs are saved to the default directory .B /mnt/destDrive/logs. .TP .B \-\-destination, \-d DEST_DRIVE Specify the destination drive manually. If not provided, the script attempts to find a drive labeled "DestDir". .SH USAGE .IP "1." Find the destination drive by label: The script looks for a drive labeled "DestDir". If not found, it prompts the user to enter the destination device path. .IP "2." Mount the destination drive: The destination drive is mounted at .B /mnt/destDrive. .IP "3." Create the images directory: Ensures the directory .B /mnt/destDrive/images exists. .IP "4." Identify the boot drive: The boot drive is identified and excluded from the imaging process. .IP "5." Find all other drives: All drives except the boot drive and the destination drive are identified for imaging. .IP "6." Image the drives: Each identified drive is imaged to the destination directory. If .B \-\-dc3dd is specified, .B dc3dd is used; otherwise, .B dd is used. If .B \-\-hash is specified, SHA-256 hashes are generated and logged. If .B \-\-log is specified, logs are saved to the specified directory. .IP "7." Simulate the process: If .B \-\-whatif is specified, the script simulates the imaging process and displays the actions that would be performed without making any changes. .IP "8." Combine options: You can combine options such as .B \-\-dc3dd with .B \-\-log and .B \-\-hash to enable logging and hashing while using .B dc3dd for imaging. .SH EXAMPLES .IP "Basic usage:" .B AIC .IP "Using dc3dd:" .B AIC \-\-dc3dd .IP "Using dd with hashing:" .B AIC \-\-hash .IP "Using dc3dd with hashing:" .B AIC \-\-dc3dd \-\-hash .IP "Simulate the process:" .B AIC \-\-whatif .IP "Log imaging details:" .B AIC \-\-log /path/to/logs .IP "Specify destination drive:" .B AIC \-\-destination /dev/sdX1 .IP "Combine options:" .B AIC \-\-dc3dd \-\-log /path/to/logs \-\-hash .SH AUTHOR Written by Colby C. .SH REPORTING BUGS Report bugs to [email protected]. .SH COPYRIGHT This is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. AutomatedImageCollector.1 (3,122 bytes) AutomatedImageCollector.sh (5,190 bytes) #!/bin/bash #WIP Still need to test and verify full function AutomatedImageCollector() { local DEST_LABEL="DestDir" local DEST_MOUNT="/mnt/destDrive" local IMAGE_DIR="$DEST_MOUNT/images" local USE_DC3DD=false local HASH=false local WhatIf=false local logging=false local LOG_DIR="$DEST_MOUNT/logs" local DEST_DRIVE="" # Parse arguments while [[ "$#" -gt 0 ]]; do case $1 in --dc3dd\|-3) USE_DC3DD=true ;; --hash\|-h) HASH=true ;; --whatif\|-w) WhatIf=true ;; --log\|-l) logging=true ;; --destination\|-d) shift; DEST_DRIVE=$1 ;; ) echo "Unknown parameter passed: $1"; return 1 ;; esac shift done # Find the destination drive by label or use the specified drive if [[ -n $DEST_DRIVE ]]; then DEST_DEVICE=$DEST_DRIVE else DEST_DEVICE=$(blkid -L "$DEST_LABEL") fi # If the destination drive is not found, prompt the user for the destination path if [ -z "$DEST_DEVICE" ]; then read -p "Destination drive not found. Please enter the destination device (e.g., /dev/sdX1): " DEST_DEVICE fi # Mount the destination drive mkdir -p $DEST_MOUNT mount $DEST_DEVICE $DEST_MOUNT # Ensure the images and log directories exists mkdir -p $IMAGE_DIR if $logging; then mkdir -p $LOG_DIR fi # Get the boot device local BOOT_DEVICE=$(df / \| tail -1 \| awk '{print $1}') local BASE_BOOT_DEVICE=$(echo $BOOT_DEVICE \| sed 's/[0-9]$//') # Get all devices and exclude the boot device and destination device local ALL_DEVICES=($(lsblk -nd -o NAME)) local FILTERED_DEVICES=() local DEST_BASE_DEVICE=$(echo $DEST_DEVICE \| sed 's/[0-9]$//') # Get base device for DEST_DEVICE for DEVICE in "${ALL_DEVICES[@]}"; do if [[ "/dev/$DEVICE" != "$BOOT_DEVICE" && "/dev/$DEVICE" != "$BASE_BOOT_DEVICE" && "/dev/$DEVICE" != "$DEST_BASE_DEVICE"* ]]; then FILTERED_DEVICES+=("/dev/$DEVICE") fi done if $WhatIf; then echo "WhatIf mode enabled" for DEVICE in "${FILTERED_DEVICES[@]}"; do echo "Device $DEVICE will be imaged to $IMAGE_DIR/$(basename $DEVICE).dd" if $USE_DC3DD; then # Handle dc3dd combinations if $logging && $HASH; then echo "Using dc3dd with logging and hashing (sha256). Logs will be saved to $LOG_DIR." elif $logging; then echo "Using dc3dd with logging. Logs will be saved to $LOG_DIR." elif $HASH; then echo "Using dc3dd with hashing (sha256)." else echo "Using dc3dd without logging or hashing." fi else # Handle dd combinations if $logging && $HASH; then echo "Using dd with logging and hashing (sha256). Logs will be saved to $LOG_DIR." elif $logging; then echo "Using dd with logging. Logs will be saved to $LOG_DIR." elif $HASH; then echo "Using dd with hashing (sha256)." else echo "Using dd without logging or hashing." fi fi done return 0 fi if [[ -n $LOG_DIR ]]; then mkdir -p $LOG_DIR if [[ $? -ne 0 ]]; then echo "Failed to create log directory $LOG_DIR" return 1 fi fi for DEVICE in "${FILTERED_DEVICES[@]}"; do local DEST_IMAGE="$IMAGE_DIR/$(basename $DEVICE).dd" local LOG_FILE="$LOG_DIR/$(basename $DEVICE).log" echo "Imaging device: $DEVICE" if $USE_DC3DD; then # Handle dc3dd combinations if $logging && $HASH; then dc3dd if=$DEVICE of=$DEST_IMAGE hash=sha256 log=$LOG_FILE elif $logging; then dc3dd if=$DEVICE of=$DEST_IMAGE log=$LOG_FILE elif $HASH; then dc3dd if=$DEVICE of=$DEST_IMAGE hash=sha256 else dc3dd if=$DEVICE of=$DEST_IMAGE fi else # Handle dd combinations if $logging && $HASH; then dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress 2>&1 \| tee -a $LOG_FILE sha256sum $DEVICE \| tee -a $LOG_FILE sha256sum $DEST_IMAGE \| tee -a $LOG_FILE elif $logging; then dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress 2>&1 \| tee -a $LOG_FILE elif $HASH; then dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress sha256sum $DEVICE sha256sum $DEST_IMAGE else dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress fi fi done } #Leave next line commented to make script just declare the function. Uncomment to make script execute the function #AutomatedImageCollector "$@" AutomatedImageCollector.sh (5,190 bytes)

Date Modified	Username	Field	Change
2025-04-11 05:22	Protheophage	New Issue
2025-04-11 05:22	Protheophage	File Added: AutomatedImageCollector-2.0.deb
2025-04-11 05:22	Protheophage	File Added: AutomatedImageCollector.1
2025-04-11 05:22	Protheophage	File Added: AutomatedImageCollector.sh
2025-04-23 14:02	daniruiz	Summary	Automated Image Collector (AIC) 2.0 - Automated Imaging and Cloning => AIC- Automated Image Collecto