Digital Forensics HW6.sh

1. #!/bin/bash
2. #Dustin Dodson & Simon Smith
3. #HW 6
4.  
5. #Array variables for storing file names and magic numbers:
6. declare -a filenames
7. declare -a magnums
8.  
9. #This line will find all files in directory tree and temporarily store them to a file
10. find . -type f > filenames.tmp
11.  
12. #This will loop through results and find magic numbers, temporarily storing them to a file
13. while read filename; do
14.     filenames+=($filename) #Read through file line by line and store each file name to 'filenames' variable
15.     head -c 6 "$filename" >> magicnums.tmp #Finds the magic number of each file and write them to file
16. done < filenames.tmp #Tells bash to read from filenames.tmp file
17.  
18. #Python script for reading in file names and magic numbers for comparisons
19. cat <<END >pyscpt.tmp.py
20. #!/usr/bin/env python
21. #Dustin Dodson & Simon Smith
22. #HW 6
23.  
24. #List variables for storing file names and magic numbers
25. filenames = list()
26. magnums = list()
27.  
28. #Opens filenames.tmp and reads each line into an item in the list
29. with open("filenames.tmp") as f:
30.     filenames = f.readlines()
31.  
32. #Opens magicnums.tmp and reads magic numbers 6 bytes at a time
33. f = open("magicnums.tmp", "rb")
34. while True:
35.     mgk = f.read(6)
36.     if len(mgk) < 6:
37.         break
38.     magnums.append(mgk)
39.    
40. #Removes the line terminators from magic numbers
41. for item in magnums:
42.     item = item.rstrip('\n')
43.  
44. #List variables for files that (do/do not) have gif extension, files that have gif magic number
45. hasexten = list()
46. noexten = list()
47. hasnum = list()
48.  
49. #Goes through each element and puts the indexes into respective list
50. for i in range(len(filenames)):
51.     if filenames[i].lower().find(".gif") > -1: #If it has .gif extension
52.         hasexten.append(i) #Add index to hasexten variable
53.     else: #If no .gif extension
54.         noexten.append(i) #Add index to noexten variable
55.  
56.     #If file has magic number, add it to hasnum variable
57.     if magnums[i].lower().find("GIF87a".lower()) > -1:
58.         hasnum.append(i)
59.     elif magnums[i].lower().find("GIF89a".lower()) > -1:
60.         hasnum.append(i)
61.  
62. #Once more, go through each filename, this time looking at categories
63. for i in range(len(filenames)):
64.     if i in hasexten: #If filename has .gif extension
65.         if i in hasnum: #...and if it has the magic number, then tell user
66.             print "%s Has proper file extension and magic number\n" % (filenames[i])
67.         else: #If it does not have the magic number, still tell user
68.             print "%s Has proper file extension, but incorrect magic number\n" % (filenames[i])
69.     elif i in noexten: #If file does not have .gif extension
70.         if i in hasnum: #...but still has magic number, tell user
71.             print "%s Has proper magic number, but incorrect file extension\n" % (filenames[i])
72.         else: #If not, tell user that it is in no way a GIF file
73.             print "%s Has no .gif file extension or magic number\n" % (filenames[i])
74. END
75.  
76. #Run my new Python script
77. python pyscpt.tmp.py
78.  
79. #Clean up mess
80. rm filenames.tmp magicnums.tmp pyscpt.tmp.py