mstoeck3/pseudodisk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
overcuriousity
2025-10-20 12:14:33 +02:00
parent 1e08476cc6
commit 454aab1df3
3 changed files with 876 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

394
pseudodisk.sh Executable file
View File

@@ -0,0 +1,394 @@
#!/bin/bash
# Forensic Practice Disk Image Creator
# Creates disk images with various filesystems for forensic analysis practice
set -e # Exit on error
# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored messages
print_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if running as root
check_root() {
if [ "$EUID" -ne 0 ]; then
print_error "This script must be run as root (use sudo)"
exit 1
fi
}
# Function to check required tools
check_dependencies() {
local missing_tools=()
command -v dd >/dev/null 2>&1 || missing_tools+=("coreutils")
command -v losetup >/dev/null 2>&1 || missing_tools+=("util-linux")
command -v parted >/dev/null 2>&1 || missing_tools+=("parted")
command -v mkfs.ext4 >/dev/null 2>&1 || missing_tools+=("e2fsprogs")
if [ ${#missing_tools[@]} -gt 0 ]; then
print_error "Missing required packages: ${missing_tools[*]}"
print_info "Install with: sudo apt-get install ${missing_tools[*]}"
exit 1
fi
}
# Display banner
show_banner() {
echo ""
echo "=========================================="
echo " Forensic Disk Image Creator"
echo "=========================================="
echo ""
}
# Get filename from user
get_filename() {
echo ""
read -p "Enter output filename (default: forensic_disk.dd): " FILENAME
FILENAME=${FILENAME:-forensic_disk.dd}
if [ -f "$FILENAME" ]; then
read -p "File already exists. Overwrite? (y/n): " OVERWRITE
if [ "$OVERWRITE" != "y" ]; then
print_info "Exiting..."
exit 0
fi
fi
}
# Get disk size from user
get_disk_size() {
echo ""
echo "Disk Size Options:"
echo " 1) 100 MB (small, quick testing)"
echo " 2) 500 MB (medium)"
echo " 3) 1 GB (standard)"
echo " 4) 5 GB (large)"
echo " 5) Custom size"
echo ""
read -p "Select disk size [1-5]: " SIZE_CHOICE
case $SIZE_CHOICE in
1) DISK_SIZE_MB=100 ;;
2) DISK_SIZE_MB=500 ;;
3) DISK_SIZE_MB=1024 ;;
4) DISK_SIZE_MB=5120 ;;
5)
read -p "Enter size in MB: " DISK_SIZE_MB
if ! [[ "$DISK_SIZE_MB" =~ ^[0-9]+$ ]] || [ "$DISK_SIZE_MB" -lt 10 ]; then
print_error "Invalid size. Must be at least 10 MB"
exit 1
fi
;;
*)
print_error "Invalid choice"
exit 1
;;
esac
print_info "Selected disk size: ${DISK_SIZE_MB} MB"
}
# Get partition scheme
get_partition_scheme() {
echo ""
echo "Partition Scheme:"
echo " 1) GPT (GUID Partition Table) - Modern, Windows 10/11 default"
echo " 2) MBR (Master Boot Record) - Legacy, compatible with older systems"
echo ""
read -p "Select partition scheme [1-2]: " PARTITION_CHOICE
case $PARTITION_CHOICE in
1) PARTITION_SCHEME="gpt" ;;
2) PARTITION_SCHEME="msdos" ;;
*)
print_error "Invalid choice"
exit 1
;;
esac
print_info "Selected partition scheme: $PARTITION_SCHEME"
}
# Get filesystem type
get_filesystem() {
echo ""
echo "Filesystem Type:"
echo " 1) NTFS (Windows default, requires ntfs-3g)"
echo " 2) FAT32 (Universal compatibility, 4GB file limit)"
echo " 3) exFAT (Modern, large file support)"
echo " 4) ext4 (Linux default)"
echo " 5) ext3 (Older Linux)"
echo " 6) ext2 (Legacy Linux, no journaling)"
echo " 7) XFS (High-performance Linux)"
echo ""
read -p "Select filesystem [1-7]: " FS_CHOICE
case $FS_CHOICE in
1)
FILESYSTEM="ntfs"
if ! command -v mkfs.ntfs >/dev/null 2>&1; then
print_error "mkfs.ntfs not found. Install with: sudo apt-get install ntfs-3g"
exit 1
fi
;;
2) FILESYSTEM="vfat" ;;
3)
FILESYSTEM="exfat"
if ! command -v mkfs.exfat >/dev/null 2>&1; then
print_error "mkfs.exfat not found. Install with: sudo apt-get install exfat-utils"
exit 1
fi
;;
4) FILESYSTEM="ext4" ;;
5) FILESYSTEM="ext3" ;;
6) FILESYSTEM="ext2" ;;
7)
FILESYSTEM="xfs"
if ! command -v mkfs.xfs >/dev/null 2>&1; then
print_error "mkfs.xfs not found. Install with: sudo apt-get install xfsprogs"
exit 1
fi
;;
*)
print_error "Invalid choice"
exit 1
;;
esac
print_info "Selected filesystem: $FILESYSTEM"
}
# Get volume label
get_volume_label() {
echo ""
read -p "Enter volume label (default: FORENSIC): " VOLUME_LABEL
VOLUME_LABEL=${VOLUME_LABEL:-FORENSIC}
}
# Create the disk image
create_disk_image() {
print_info "Creating disk image file: $FILENAME (${DISK_SIZE_MB} MB)..."
# Use fallocate for faster creation if available
if command -v fallocate >/dev/null 2>&1; then
fallocate -l ${DISK_SIZE_MB}M "$FILENAME"
else
dd if=/dev/zero of="$FILENAME" bs=1M count=$DISK_SIZE_MB status=progress
fi
print_success "Disk image created"
}
# Setup loop device
setup_loop_device() {
print_info "Setting up loop device..."
LOOP_DEVICE=$(losetup -f)
losetup "$LOOP_DEVICE" "$FILENAME"
print_success "Loop device created: $LOOP_DEVICE"
}
# Create partition table and partition
create_partitions() {
print_info "Creating $PARTITION_SCHEME partition table..."
parted -s "$LOOP_DEVICE" mklabel "$PARTITION_SCHEME"
print_info "Creating partition..."
if [ "$PARTITION_SCHEME" = "gpt" ]; then
# For GPT, leave 1MB at start and end for alignment
parted -s "$LOOP_DEVICE" mkpart primary 1MiB 100%
else
# For MBR
parted -s "$LOOP_DEVICE" mkpart primary 1MiB 100%
fi
# Inform kernel about partition table changes
partprobe "$LOOP_DEVICE"
sleep 1
print_success "Partition created"
}
# Format the partition
format_partition() {
PARTITION="${LOOP_DEVICE}p1"
# Check if partition device exists
if [ ! -e "$PARTITION" ]; then
print_warning "Partition device $PARTITION not found, trying alternative..."
PARTITION="${LOOP_DEVICE}1"
fi
if [ ! -e "$PARTITION" ]; then
print_error "Cannot find partition device"
cleanup
exit 1
fi
print_info "Formatting partition with $FILESYSTEM filesystem..."
case $FILESYSTEM in
ntfs)
mkfs.ntfs -f -L "$VOLUME_LABEL" "$PARTITION"
;;
vfat)
mkfs.vfat -n "$VOLUME_LABEL" "$PARTITION"
;;
exfat)
mkfs.exfat -n "$VOLUME_LABEL" "$PARTITION"
;;
ext2|ext3|ext4)
mkfs."$FILESYSTEM" -L "$VOLUME_LABEL" "$PARTITION"
;;
xfs)
mkfs.xfs -f -L "$VOLUME_LABEL" "$PARTITION"
;;
esac
print_success "Filesystem created"
}
# Cleanup function
cleanup() {
if [ -n "$LOOP_DEVICE" ]; then
print_info "Cleaning up loop device..."
losetup -d "$LOOP_DEVICE" 2>/dev/null || true
fi
}
# Mount the filesystem
mount_filesystem() {
echo ""
read -p "Do you want to mount the filesystem now? (y/n): " MOUNT_NOW
if [ "$MOUNT_NOW" = "y" ]; then
MOUNT_POINT="/mnt/forensic_disk_$$"
mkdir -p "$MOUNT_POINT"
print_info "Mounting to $MOUNT_POINT..."
mount "$PARTITION" "$MOUNT_POINT"
print_success "Filesystem mounted at: $MOUNT_POINT"
print_info "To unmount: sudo umount $MOUNT_POINT"
MOUNTED=true
fi
}
# Display summary
show_summary() {
echo ""
echo "=========================================="
echo " Disk Image Creation Complete!"
echo "=========================================="
echo ""
echo "Image File: $(realpath $FILENAME)"
echo "Size: ${DISK_SIZE_MB} MB"
echo "Partition Scheme: $PARTITION_SCHEME"
echo "Filesystem: $FILESYSTEM"
echo "Volume Label: $VOLUME_LABEL"
echo "Loop Device: $LOOP_DEVICE"
echo "Partition: $PARTITION"
if [ "$MOUNTED" = true ]; then
echo "Mount Point: $MOUNT_POINT"
fi
echo ""
echo "=========================================="
echo " Forensic Analysis Commands"
echo "=========================================="
echo ""
echo "View partition table:"
echo " sudo parted $FILENAME print"
echo " sudo fdisk -l $FILENAME"
echo ""
echo "Hex editor analysis:"
echo " hexdump -C $FILENAME | less"
echo " xxd $FILENAME | less"
echo " sudo apt-get install bless # GUI hex editor"
echo " bless $FILENAME"
echo ""
echo "Mount the image later:"
echo " sudo losetup -f $FILENAME"
echo " sudo losetup -l # List loop devices"
echo " sudo mount /dev/loopXp1 /mnt/mountpoint"
echo ""
echo "Analyze with forensic tools:"
echo " sudo apt-get install sleuthkit"
echo " mmls $FILENAME # Show partition layout"
echo " fsstat -o 2048 $FILENAME # Filesystem details"
echo " fls -o 2048 $FILENAME # List files"
echo ""
echo "Clean up (when done):"
if [ "$MOUNTED" = true ]; then
echo " sudo umount $MOUNT_POINT"
fi
echo " sudo losetup -d $LOOP_DEVICE"
echo ""
}
# Trap to ensure cleanup on exit
trap cleanup EXIT
# Main execution
main() {
show_banner
check_root
check_dependencies
get_filename
get_disk_size
get_partition_scheme
get_filesystem
get_volume_label
echo ""
echo "=========================================="
echo " Summary"
echo "=========================================="
echo "Filename: $FILENAME"
echo "Size: ${DISK_SIZE_MB} MB"
echo "Partition Scheme: $PARTITION_SCHEME"
echo "Filesystem: $FILESYSTEM"
echo "Volume Label: $VOLUME_LABEL"
echo ""
read -p "Proceed with creation? (y/n): " CONFIRM
if [ "$CONFIRM" != "y" ]; then
print_info "Cancelled"
exit 0
fi
create_disk_image
setup_loop_device
create_partitions
format_partition
mount_filesystem
show_summary
}
# Run main function
main