View Issue Details

IDProjectCategoryView StatusLast Update
0009133Kali LinuxNew Tool Requestspublic2025-04-23 14:02
ReporterProtheophage Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009133: AIC- Automated Image Collecto
Description

Name: Automated Image Collector (AIC) V 2.0
Description: Automates the process of imaging and cloning all drives attached to your computer, excluding the boot drive and the destination drive. For forensic image collections, it supports optional hashing, logging, and the use of DC3DD or DD
Source Code: https://github.com/Protheophage/Bash/tree/main/FunctionsAndModules/ForensicTools

Author: Colby Connolly (protheophage)
License: GNU v3 - Distributed freely via my github with no conditions.

Dependencies: dc3dd and dd

Activity: I started this project about 8 years ago. I completed version 1 and submitted it, but my code was an unreadable cluster. I recently completed version 2 with clean code, and more features. Such as hashing, logging, and the option to use dd or dc3dd.

How to Install: dpkg -i AutomatedImageCollector-2.0.deb

Packaged?: Yes, it is packaged
Package Source : https://github.com/Protheophage/DebPackages/tree/main/AIC

How to Use: It is meant to be used with a live usb to collect images of all storage devices in or attached to a computer. You can simply type AIC, and it will auto-exclude the boot device, search for a drive named DestDir, and prompt for a destination if one is not found. This will default to using dd with no logging or hashing. You can also use AIC -3 -h -l -d "/dev/sdd1" to specify that you want to use dc3dd, hash for integrity, enable logging, and specify the destination drive as /dev/sdd1.

Attached Files
AutomatedImageCollector.1 (3,122 bytes)   
.TH AIC 1 "August 2024" "2.0" "Automated Image Collector"
.SH NAME
AIC \- Automated Imaging and Cloning
.SH SYNOPSIS
.B AIC
[\-\-dc3dd | \-3] [\-\-hash | \-h] [\-\-whatif | \-w] [\-\-log | \-l LOG_DIR] [\-\-destination | \-d DEST_DRIVE]
.SH DESCRIPTION
The
.B AIC
Automates the process of imaging and cloning all drives attached to your computer, excluding the boot drive and the destination drive. For forensic image collections, it supports optional hashing, logging, and the use of
.B dc3dd.
.SH OPTIONS
.TP
.B \-\-dc3dd, \-3
Use
.B dc3dd
instead of
.B dd
for imaging.
.TP
.B \-\-hash, \-h
Generate SHA-256 hashes for the source and destination images.
.TP
.B \-\-whatif, \-w
Simulate the imaging process without making any changes. Displays the actions that would be performed.
.TP
.B \-\-log, \-l
Enable logging. Logs are saved to the default directory
.B /mnt/destDrive/logs.
.TP
.B \-\-destination, \-d DEST_DRIVE
Specify the destination drive manually. If not provided, the script attempts to find a drive labeled "DestDir".
.SH USAGE
.IP "1."
Find the destination drive by label:
The script looks for a drive labeled "DestDir". If not found, it prompts the user to enter the destination device path.
.IP "2."
Mount the destination drive:
The destination drive is mounted at
.B /mnt/destDrive.
.IP "3."
Create the images directory:
Ensures the directory
.B /mnt/destDrive/images
exists.
.IP "4."
Identify the boot drive:
The boot drive is identified and excluded from the imaging process.
.IP "5."
Find all other drives:
All drives except the boot drive and the destination drive are identified for imaging.
.IP "6."
Image the drives:
Each identified drive is imaged to the destination directory. If
.B \-\-dc3dd
is specified,
.B dc3dd
is used; otherwise,
.B dd
is used. If
.B \-\-hash
is specified, SHA-256 hashes are generated and logged. If
.B \-\-log
is specified, logs are saved to the specified directory.
.IP "7."
Simulate the process:
If
.B \-\-whatif
is specified, the script simulates the imaging process and displays the actions that would be performed without making any changes.
.IP "8."
Combine options:
You can combine options such as
.B \-\-dc3dd
with
.B \-\-log
and
.B \-\-hash
to enable logging and hashing while using
.B dc3dd
for imaging.
.SH EXAMPLES
.IP "Basic usage:"
.B AIC
.IP "Using dc3dd:"
.B AIC \-\-dc3dd
.IP "Using dd with hashing:"
.B AIC \-\-hash
.IP "Using dc3dd with hashing:"
.B AIC \-\-dc3dd \-\-hash
.IP "Simulate the process:"
.B AIC \-\-whatif
.IP "Log imaging details:"
.B AIC \-\-log /path/to/logs
.IP "Specify destination drive:"
.B AIC \-\-destination /dev/sdX1
.IP "Combine options:"
.B AIC \-\-dc3dd \-\-log /path/to/logs \-\-hash
.SH AUTHOR
Written by Colby C.
.SH REPORTING BUGS
Report bugs to [email protected].
.SH COPYRIGHT
This is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
AutomatedImageCollector.1 (3,122 bytes)   
AutomatedImageCollector.sh (5,190 bytes)   
#!/bin/bash
#WIP Still need to test and verify full function
AutomatedImageCollector() {
    local DEST_LABEL="DestDir"
    local DEST_MOUNT="/mnt/destDrive"
    local IMAGE_DIR="$DEST_MOUNT/images"
    local USE_DC3DD=false
    local HASH=false
    local WhatIf=false
    local logging=false
    local LOG_DIR="$DEST_MOUNT/logs"
    local DEST_DRIVE=""

    # Parse arguments
    while [[ "$#" -gt 0 ]]; do
        case $1 in
            --dc3dd|-3) USE_DC3DD=true ;;
            --hash|-h) HASH=true ;;
            --whatif|-w) WhatIf=true ;;
            --log|-l) logging=true ;;
            --destination|-d) shift; DEST_DRIVE=$1 ;;
            *) echo "Unknown parameter passed: $1"; return 1 ;;
        esac
        shift
    done

    # Find the destination drive by label or use the specified drive
    if [[ -n $DEST_DRIVE ]]; then
        DEST_DEVICE=$DEST_DRIVE
    else
        DEST_DEVICE=$(blkid -L "$DEST_LABEL")
    fi

    # If the destination drive is not found, prompt the user for the destination path
    if [ -z "$DEST_DEVICE" ]; then
        read -p "Destination drive not found. Please enter the destination device (e.g., /dev/sdX1): " DEST_DEVICE
    fi

    # Mount the destination drive
    mkdir -p $DEST_MOUNT
    mount $DEST_DEVICE $DEST_MOUNT

    # Ensure the images and log directories exists
    mkdir -p $IMAGE_DIR
    if $logging; then
    mkdir -p $LOG_DIR
    fi

    # Get the boot device
    local BOOT_DEVICE=$(df / | tail -1 | awk '{print $1}')
    local BASE_BOOT_DEVICE=$(echo $BOOT_DEVICE | sed 's/[0-9]*$//')

    # Get all devices and exclude the boot device and destination device
    local ALL_DEVICES=($(lsblk -nd -o NAME))
    local FILTERED_DEVICES=()
    local DEST_BASE_DEVICE=$(echo $DEST_DEVICE | sed 's/[0-9]*$//') # Get base device for DEST_DEVICE
    for DEVICE in "${ALL_DEVICES[@]}"; do
        if [[ "/dev/$DEVICE" != "$BOOT_DEVICE" && "/dev/$DEVICE" != "$BASE_BOOT_DEVICE"* && "/dev/$DEVICE" != "$DEST_BASE_DEVICE"* ]]; then
            FILTERED_DEVICES+=("/dev/$DEVICE")
        fi
    done

    if $WhatIf; then
        echo "WhatIf mode enabled"
        for DEVICE in "${FILTERED_DEVICES[@]}"; do
            echo "Device $DEVICE will be imaged to $IMAGE_DIR/$(basename $DEVICE).dd"
            if $USE_DC3DD; then
                # Handle dc3dd combinations
                if $logging && $HASH; then
                    echo "Using dc3dd with logging and hashing (sha256). Logs will be saved to $LOG_DIR."
                elif $logging; then
                    echo "Using dc3dd with logging. Logs will be saved to $LOG_DIR."
                elif $HASH; then
                    echo "Using dc3dd with hashing (sha256)."
                else
                    echo "Using dc3dd without logging or hashing."
                fi
            else
                # Handle dd combinations
                if $logging && $HASH; then
                    echo "Using dd with logging and hashing (sha256). Logs will be saved to $LOG_DIR."
                elif $logging; then
                    echo "Using dd with logging. Logs will be saved to $LOG_DIR."
                elif $HASH; then
                    echo "Using dd with hashing (sha256)."
                else
                    echo "Using dd without logging or hashing."
                fi
            fi
        done
        return 0
    fi

    if [[ -n $LOG_DIR ]]; then
        mkdir -p $LOG_DIR
        if [[ $? -ne 0 ]]; then
            echo "Failed to create log directory $LOG_DIR"
            return 1
        fi
    fi

    for DEVICE in "${FILTERED_DEVICES[@]}"; do
        local DEST_IMAGE="$IMAGE_DIR/$(basename $DEVICE).dd"
        local LOG_FILE="$LOG_DIR/$(basename $DEVICE).log"

        echo "Imaging device: $DEVICE"
        if $USE_DC3DD; then
            # Handle dc3dd combinations
            if $logging && $HASH; then
                dc3dd if=$DEVICE of=$DEST_IMAGE hash=sha256 log=$LOG_FILE
            elif $logging; then
                dc3dd if=$DEVICE of=$DEST_IMAGE log=$LOG_FILE
            elif $HASH; then
                dc3dd if=$DEVICE of=$DEST_IMAGE hash=sha256
            else
                dc3dd if=$DEVICE of=$DEST_IMAGE
            fi
        else
            # Handle dd combinations
            if $logging && $HASH; then
                dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress 2>&1 | tee -a $LOG_FILE
                sha256sum $DEVICE | tee -a $LOG_FILE
                sha256sum $DEST_IMAGE | tee -a $LOG_FILE
            elif $logging; then
                dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress 2>&1 | tee -a $LOG_FILE
            elif $HASH; then
                dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress
                sha256sum $DEVICE
                sha256sum $DEST_IMAGE
            else
                dd if=$DEVICE of=$DEST_IMAGE bs=4M status=progress
            fi
        fi
    done
}

#Leave next line commented to make script just declare the function. Uncomment to make script execute the function
#AutomatedImageCollector "$@"
AutomatedImageCollector.sh (5,190 bytes)   

Activities

Issue History

Date Modified Username Field Change
2025-04-11 05:22 Protheophage New Issue
2025-04-11 05:22 Protheophage File Added: AutomatedImageCollector-2.0.deb
2025-04-11 05:22 Protheophage File Added: AutomatedImageCollector.1
2025-04-11 05:22 Protheophage File Added: AutomatedImageCollector.sh
2025-04-23 14:02 daniruiz Summary Automated Image Collector (AIC) 2.0 - Automated Imaging and Cloning => AIC- Automated Image Collecto