diff --git a/README.md b/README.md
index 2fba362..fdc3bb2 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
|-|-|-|-|-|
|Hard Drive (SATA)|SATA|5.25" 4x Bay 3.5" Enclosure > 4x SATA SAS Card > PCIe Slot A|Yes||
|Solid State Drive (SATA)|SATA|5.25" 4x Bay 2.5" Enclosure > 4x SATA SAS Card > PCIe Slot A|Yes||
-|Solid State Drive (NVMe)|PCIe/M.2|5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A|yes||
+|Solid State Drive (NVMe)|PCIe/M.2|5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A|Yes||
## Erasing
|Storage Type|Erase Type|Method|Implementation|Implemented?|
@@ -17,16 +17,16 @@
## Logging
|Info|Location|Log To:|Implemented?|Data|Notes|
|-|-|-|-|-|-|
-|User|- Script Input|- Ticket
- Logfile|Testing|- Username|Probably can implement as part of the kerb auth|
-|Wipe Details|- Script Input|- Ticket
- Logfile|Testing|- Erase Level
- Device Type
- Device||
-|Script Output|- Terminal Output|- Logfile|Testing|- All script output|Via transcribing or output redirection|
-|Machine Data|- Registry|- Ticket
- Logfile|Testing|- Machine Name
- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters|
-|Local Users|- Registry
- Filesystem|- Logfile|Testing|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
-|Domain Users|- Registry
- Filesystem|- Ticket
- Logfile|Testing|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
-|Last Logged On User|- Registry|- Ticket
- Logfile|Testing|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
-|Storage Info|- Other|- Ticket
- Logfile|Testing|- Serial Number
- SMART Data|smartctl|
-|System Info|- Registry|- Logfile|Testing|- Manufacturer
- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Can't actually be done offline|
-|Misc|- Misc|- Ticket
- Logfile|Testing|- Current Time
- Date||
+|User|- Script Input|- Ticket
- Logfile|Yes|- Username|Probably can implement as part of the kerb auth|
+|Wipe Details|- Script Input|- Ticket
- Logfile|Yes|- Erase Level
- Device Type
- Device||
+|Script Output|- Terminal Output|- Logfile|Yes|- All script output|Via transcribing or output redirection|
+|Machine Data|- Registry|- Ticket
- Logfile|Yes|- Machine Name
- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters|
+|Local Users|- Registry
- Filesystem|- Logfile|Yes|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
+|Domain Users|- Registry
- Filesystem|- Ticket
- Logfile|Yes|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
+|Last Logged On User|- Registry|- Ticket
- Logfile|Yes|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
+|Storage Info|- Other|- Ticket
- Logfile|Yes|- Serial Number
- SMART Data|smartctl|
+|System Info|- Registry|- Logfile|Yes|- Manufacturer
- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Can't actually be done offline|
+|Misc|- Misc|- Ticket
- Logfile|Yes|- Current Time
- Date||
@@ -35,6 +35,6 @@
|-|-|-|-|-|
Erasure Environment|Setup Alpine Linux Environment with SquashFS/No Persistence|Lightweight Linux Distro that can be loaded into RAM and be edited.
Avoids wiping USB but also can be used on any machine and customized.|Yes||
|Scripted Erase Tool|Write a script to guide the erase process|Allows for ease of use, and ensures consistent workflow
Can also tie in user auth, logging, etc|Yes|Done via bash scripting in erase_drive.sh|
-|User Authentication|Implement user authentication|For Auditing, Logging, connection to network shares, etc.|Testing|Probably kerb auth via krb5
-|Logging|Implement logging|For auditing purposes|Testing|Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs|
+|User Authentication|Implement user authentication|For Auditing, Logging, connection to network shares, etc.|Yes|Probably kerb auth via krb5
+|Logging|Implement logging|For auditing purposes|Yes|Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs|
|Ticket Notes|Add ticket note through script|To keep keyword searchable records associated with a ticket|No|Send email to Otobo with small details such as level, hostname, serial, etc
Might involve policy changes for when a ticket should be created.|
diff --git a/dbanplusplus.egr.msu.edu.apkovl.tar.gz b/dbanplusplus.egr.msu.edu.apkovl.tar.gz
index 945f630..8fb1b0b 100644
Binary files a/dbanplusplus.egr.msu.edu.apkovl.tar.gz and b/dbanplusplus.egr.msu.edu.apkovl.tar.gz differ
diff --git a/erase_drive.sh b/erase_drive.sh
index b78a2ff..d094bf1 100644
--- a/erase_drive.sh
+++ b/erase_drive.sh
@@ -2,11 +2,23 @@
#!/usr/bin/env bash
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
-log=/tmp/log_"$start_time".log
-log_x=/tmp/log_x_"$start_time".log
+logdir=/tmp
+log="$logdir"/log_"$start_time".log
+log_x="$logdir"/log_x_"$start_time".log
exec 3>&1 1>>"$log_x" 2>&1
set -x
+print="false"
+offline="false"
+while getopts ":p:o" opt; do
+ case ${opt} in
+ p ) print="true" ;;
+ o ) offline="true" ;;
+ \? ) echo "Invalid option: -$OPTARG" ;;
+ : ) echo "Option -$OPTARG requires an argument." ;;
+ esac
+done
+
loginput() {
echo "$*" >&3;
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
@@ -63,8 +75,11 @@ cleanup () {
pcie_disable
loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
- umount "/mnt/reinstallbackups"
- umount "/mnt/decs"
+ if [[ ! $offline = "true" ]];
+ then
+ umount "/mnt/reinstallbackups"
+ umount "/mnt/decs"
+ fi
}
trap catch_sigint SIGINT
@@ -74,13 +89,13 @@ get_netid () {
netid=
while [[ $netid =~ ^\s*$ ]];
do
- loginput "Enter netid: "
+ loginput "Enter r-account netid: "
read -r netid
logresponse "$netid"
if [[ $netid =~ ^\s*$ ]];
then
logwarn "Your netid cannot be blank."
- loginfo "Enter netid: "
+ loginfo "Enter r-account netid: "
else
local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
if [[ ! $ret_value = "0" ]]
@@ -103,16 +118,19 @@ get_ticket () {
logresponse "$ticket_number"
if [[ ! $ticket_number =~ ^\s*$ ]];
then
- mkdir -p /mnt/reinstallbackups
- if ! mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
+ if [[ ! $offline = "true" ]];
then
- logwarn "Failed to mount reinstallbackups, cannot check ticket status."
- else
- if ! ls /mnt/reinstallbackups | grep -q -E "^$ticket_number"
+ mkdir -p /mnt/reinstallbackups
+ if ! mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
then
- logwarn "Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
+ logwarn "Failed to mount reinstallbackups, cannot check ticket status."
+ else
+ if ! ls /mnt/reinstallbackups | grep -q -E "^$ticket_number"
+ then
+ logwarn "Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
+ fi
+ umount /mnt/reinstallbackups
fi
- umount /mnt/reinstallbackups
fi
else
ticket_number="UNKNWN"
@@ -125,18 +143,18 @@ mount_remote () {
mkdir -p /mnt/decs
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
then
- dirname=
if [[ ! $ticket_number =~ ^\s*$ ]];
then
- dirname="UNKNWN-$start_time"
+ mkdir -p /mnt/decs/UNKNWN-"$start_time"
+ logdir=/mnt/decs/UNKNWN-"$start_time"
else
- dirname="$ticket_number"
+ mkdir -p /mnt/decs/"$ticket_number"
+ logdir=/mnt/decs/"$ticket_number"
fi
- mkdir -p /mnt/decs/"$dirname"
- cp "$log" /mnt/decs/"$dirname"/log_"$ticket_number"_"$start_time".log
- cp "$log_x" /mnt/decs/"$dirname"/log_x_"$ticket_number"_"$start_time".log
- log=/mnt/decs/"$dirname"/log_"$ticket_number"_"$start_time".log
- log_x=/mnt/decs/"$dirname"/log_x_"$ticket_number"_"$start_time".log
+ cp "$log" "$logdir"/log_"$ticket_number"_"$start_time".log
+ cp "$log_x" "$logdir"/log_x_"$ticket_number"_"$start_time".log
+ log="$logdir"/log_"$ticket_number"_"$start_time".log
+ log_x="$logdir"/log_x_"$ticket_number"_"$start_time".log
exec 1>>"$log_x" 2>&1
set -x
else
@@ -169,7 +187,7 @@ get_eraselevel () {
get_devicetype () {
devicetype=
- loginfo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
+ loginput "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginfo "Type 'help' for an explanation of each type."
read -r devicetype
logresponse "$devicetype"
@@ -212,11 +230,11 @@ get_device () {
loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
- loginfo "$(lsblk | grep -E '^NAME|^sd')"
+ loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|sda')"
elif [[ $devicetype = "SSD_NVME" ]];
then
pcie_enable
- loginfo "$(lsblk | grep -E '^NAME|^nvme')"
+ loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|nvme')"
fi
loginfo ""
loginput "Which is the device from this list? (Type 'help' for help.)"
@@ -254,8 +272,22 @@ get_device () {
fi
fi
- if [ -e "/dev/$device" ]; then
- loginfo "Picking device /dev/$device."
+ if [ -e /dev/"$device" ];
+ then
+ if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
+ then
+ if [[ $devicetype = "HDD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "0" ]];
+ then
+ logwarn "Device was specified to be a SATA HDD, but a SATA SSD device was chosen."
+ device=
+ elif [[ $devicetype = "SSD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "1" ]];
+ then
+ logwarn "Device was specified to be a SATA SSD, but a SATA HDD device was chosen."
+ device=
+ else
+ loginfo "Picking device /dev/$device."
+ fi
+ fi
else
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
@@ -265,7 +297,7 @@ get_device () {
make_infolog () {
loginfo "Reading drive to create a log."
- infolog=/mnt/decs/"$dirname"/info_"$ticket_number"_"$start_time".log
+ infolog="$logdir"/info_"$ticket_number"_"$start_time".log
{
echo "DETAILS"
echo "Start Time: $start_time"
@@ -341,7 +373,7 @@ make_infolog () {
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
- if find /tmp/"$ticket_number"-maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
+ if find /mnt/"$ticket_number"-maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
then
loginfo "Windows install detected on $device$i."
echo "Windows install detected on $device$i." >> "$infolog"
@@ -349,22 +381,27 @@ make_infolog () {
winpath=$(find /mnt/"$ticket_number" -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*")
cp "$winpath/SOFTWARE" /tmp/"$ticket_number"/SOFTWARE
cp "$winpath/SYSTEM" /tmp/"$ticket_number"/SYSTEM
+ CurrentVersion=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion')
+ ComputerName=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName')
+ Parameters=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Services\Tcpip\Parameters')
+ LogonUI=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')
+ ProfileList=$(hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList')
{
echo "WINDOWS DETAILS"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion'
echo ""
- echo "HOSTNAME"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName'
+ echo "$ComputerName" | grep -E '"ComputerName"=str\(1\):".+"' | sed -E 's/"ComputerName"=str\(1\):"(.+)"/Host Name: \1/'
+ echo "$CurrentVersion" | grep -E '"DisplayVersion"=str\(1\):".+"' | sed -E 's/"DisplayVersion"=str\(1\):"(.+)"/Windows Version: \1/'
+ echo "$CurrentVersion" | grep -E '"CurrentBuild"=str\(1\):".+"' | sed -E 's/"CurrentBuild"=str\(1\):"(.+)"/Current Build: \1/'
+ echo "$CurrentVersion" | grep -E '"EditionID"=str\(1\):".+"' | sed -E 's/"EditionID"=str\(1\):"(.+)"/Windows Edition: \1/'
+ echo "$CurrentVersion" | grep -E '"ProductName"=str\(1\):".+"' | sed -E 's/"ProductName"=str\(1\):"(.+)"/Product Name: \1/'
+ echo "$CurrentVersion" | grep -E '"RegisteredOrganization"=str\(1\):".+"' | sed -E 's/"RegisteredOrganization"=str\(1\):"(.+)"/Registered Organization: \1/'
+ echo "$CurrentVersion" | grep -E '"RegisteredOwner"=str\(1\):".+"' | sed -E 's/"RegisteredOwner"=str\(1\):"(.+)"/Registered Owner: \1/'
+ echo "$Parameters" | grep -E '"Domain"=str\(1\):".+"' | sed -E 's/"Domain"=str\(1\):"(.+)"/Domain: \1/'
+ echo "$LogonUI" | grep -E '"LastLoggedOnUser"=str\(1\):".+"' | sed -E 's/"LastLoggedOnUser"=str\(1\):"(.+)"/Last Logged On User: \1/'
+ echo "$LogonUI" | grep -E '"LastLoggedOnDisplayName"=str\(1\):".+"' | sed -E 's/"LastLoggedOnDisplayName"=str\(1\):"(.+)"/Last Logged On User: \1/'
+ echo "$ProfileList" | grep -E '"ProfileImagePath"=str\(2\):".+"' | sed -E 's/"ProfileImagePath"=str\(2\):"(.+)"/User: \1/'
echo ""
- echo "DOMAIN"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Services\Tcpip\Parameters'
- echo ""
- echo "USER DETAILS"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
- echo ""
- hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList'
- echo ""
- tree -a -L 1 -D "$(find /mnt/"$ticket_number" -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*")"
+ tree -a -L 1 -D "$(find /mnt/"$ticket_number"/ -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*")"
echo ""
} >> "$infolog"
else
@@ -418,6 +455,11 @@ make_infolog () {
logwarn "No partitions detected, device is likely empty."
fi
echo "END OF LOG" >> "$infolog"
+
+ if [[ $print = "true" ]];
+ then
+ cat "$infolog" >&3;
+ fi
}
erase_device_lv0 () {
@@ -618,13 +660,17 @@ pcie_disable (){
}
main (){
- get_netid
- get_ticket
- mount_remote
+ if [[ ! $offline = "true" ]];
+ then
+ get_netid
+ fi
- loginfo "By running this script, you are confirming that it has been two weeks past the date written on the slip attached to the storage device. DO NOT erase the device before two weeks have passed."
-
- confirm_message "Please type 'confirm' to acknowledge you have read this and that it has been two weeks." "confirm"
+ get_ticket
+
+ if [[ ! $offline = "true" ]];
+ then
+ mount_remote
+ fi
get_eraselevel #sets $eraselevel to 0-2 based on how to erase. Higher levels include lower levels.
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
diff --git a/log_drive_info.sh b/log_drive_info.sh
index 55035e5..27f8373 100644
--- a/log_drive_info.sh
+++ b/log_drive_info.sh
@@ -1,12 +1,22 @@
#!/bin/bash
#!/usr/bin/env bash
-
+
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
-log=/tmp/log_"$start_time".log
-log_x=/tmp/log_x_"$start_time".log
+logdir=/tmp
+log="$logdir"/log_"$start_time".log
+log_x="$logdir"/log_x_"$start_time".log
exec 3>&1 1>>"$log_x" 2>&1
set -x
+logtofile="false"
+while getopts ":l" opt; do
+ case ${opt} in
+ l ) logtofile="true" ;;
+ \? ) echo "Invalid option: -$OPTARG" ;;
+ : ) echo "Option -$OPTARG requires an argument." ;;
+ esac
+done
+
loginput() {
echo "$*" >&3;
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
@@ -53,7 +63,10 @@ cleanup () {
pcie_disable
loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
- umount "/mnt/decs"
+ if [[ $logtofile = "true" ]];
+ then
+ umount "/mnt/decs"
+ fi
}
trap catch_sigint SIGINT
@@ -89,12 +102,12 @@ mount_remote () {
mkdir -p /mnt/decs
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
then
- dirname="UNKNWN-$start_time"
- mkdir -p /mnt/decs/"$dirname"
- cp "$log" /mnt/decs/"$dirname"/log_UNKNWN_"$start_time".log
- cp "$log_x" /mnt/decs/"$dirname"/log_x_UNKNWN_"$start_time".log
- log=/mnt/decs/"$dirname"/log_UNKNWN_"$start_time".log
- log_x=/mnt/decs/"$dirname"/log_x_UNKNWN_"$start_time".log
+ logdir=/mnt/decs/UNKNWN-"$start_time"
+ mkdir -p "$logdir"
+ cp "$log" "$logdir"/log_UNKNWN_"$start_time".log
+ cp "$log_x" "$logdir"/log_x_UNKNWN_"$start_time".log
+ log="$logdir"/log_UNKNWN_"$start_time".log
+ log_x="$logdir"/log_x_UNKNWN_"$start_time".log
exec 1>>"$log_x" 2>&1
set -x
else
@@ -148,11 +161,11 @@ get_device () {
loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
- loginfo "$(lsblk | grep -E '^NAME|^sd')"
+ loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|sda')"
elif [[ $devicetype = "SSD_NVME" ]];
then
pcie_enable
- loginfo "$(lsblk | grep -E '^NAME|^nvme')"
+ loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|nvme')"
fi
loginfo ""
loginput "Which is the device from this list? (Type 'help' for help.)"
@@ -190,8 +203,22 @@ get_device () {
fi
fi
- if [ -e "/dev/$device" ]; then
+ if [ -e /dev/"$device" ];
+ then
+ if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
+ then
+ if [[ $devicetype = "HDD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "0" ]];
+ then
+ logwarn "Device was specified to be a SATA HDD, but a SATA SSD device was chosen."
+ device=
+ elif [[ $devicetype = "SSD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "1" ]];
+ then
+ logwarn "Device was specified to be a SATA SSD, but a SATA HDD device was chosen."
+ device=
+ else
loginfo "Picking device /dev/$device."
+ fi
+ fi
else
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
@@ -201,7 +228,7 @@ get_device () {
make_infolog () {
loginfo "Reading drive to create a log."
- infolog=/mnt/decs/"$dirname"/info_UNKNWN_"$start_time".log
+ infolog="$logdir"/info_UNKNWN_"$start_time".log
{
echo "DETAILS"
echo "Start Time: $start_time"
@@ -281,20 +308,25 @@ make_infolog () {
winpath=$(find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*")
cp "$winpath/SOFTWARE" /tmp/UNKNWN/SOFTWARE
cp "$winpath/SYSTEM" /tmp/UNKNWN/SYSTEM
+ CurrentVersion=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion')
+ ComputerName=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName')
+ Parameters=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Services\Tcpip\Parameters')
+ LogonUI=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')
+ ProfileList=$(hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList')
{
echo "WINDOWS DETAILS"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion'
echo ""
- echo "HOSTNAME"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName'
- echo ""
- echo "DOMAIN"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Services\Tcpip\Parameters'
- echo ""
- echo "USER DETAILS"
- hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
- echo ""
- hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList'
+ echo "$ComputerName" | grep -E '"ComputerName"=str\(1\):".+"' | sed -E 's/"ComputerName"=str\(1\):"(.+)"/Host Name: \1/'
+ echo "$CurrentVersion" | grep -E '"DisplayVersion"=str\(1\):".+"' | sed -E 's/"DisplayVersion"=str\(1\):"(.+)"/Windows Version: \1/'
+ echo "$CurrentVersion" | grep -E '"CurrentBuild"=str\(1\):".+"' | sed -E 's/"CurrentBuild"=str\(1\):"(.+)"/Current Build: \1/'
+ echo "$CurrentVersion" | grep -E '"EditionID"=str\(1\):".+"' | sed -E 's/"EditionID"=str\(1\):"(.+)"/Windows Edition: \1/'
+ echo "$CurrentVersion" | grep -E '"ProductName"=str\(1\):".+"' | sed -E 's/"ProductName"=str\(1\):"(.+)"/Product Name: \1/'
+ echo "$CurrentVersion" | grep -E '"RegisteredOrganization"=str\(1\):".+"' | sed -E 's/"RegisteredOrganization"=str\(1\):"(.+)"/Registered Organization: \1/'
+ echo "$CurrentVersion" | grep -E '"RegisteredOwner"=str\(1\):".+"' | sed -E 's/"RegisteredOwner"=str\(1\):"(.+)"/Registered Owner: \1/'
+ echo "$Parameters" | grep -E '"Domain"=str\(1\):".+"' | sed -E 's/"Domain"=str\(1\):"(.+)"/Domain: \1/'
+ echo "$LogonUI" | grep -E '"LastLoggedOnUser"=str\(1\):".+"' | sed -E 's/"LastLoggedOnUser"=str\(1\):"(.+)"/Last Logged On User: \1/'
+ echo "$LogonUI" | grep -E '"LastLoggedOnDisplayName"=str\(1\):".+"' | sed -E 's/"LastLoggedOnDisplayName"=str\(1\):"(.+)"/Last Logged On User: \1/'
+ echo "$ProfileList" | grep -E '"ProfileImagePath"=str\(2\):".+"' | sed -E 's/"ProfileImagePath"=str\(2\):"(.+)"/User: \1/'
echo ""
tree -a -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*")"
echo ""
@@ -350,6 +382,10 @@ make_infolog () {
logwarn "No partitions detected, device is likely empty."
fi
echo "END OF LOG" >> "$infolog"
+ if [[ ! $logtofile = "true" ]]
+ then
+ cat "$infolog" >&3
+ fi
}
#Rescan for PCIe devices
@@ -368,8 +404,11 @@ pcie_disable (){
}
main (){
- get_netid
- mount_remote
+ if [[ $logtofile = "true" ]];
+ then
+ get_netid
+ mount_remote
+ fi
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
get_device #sets $device to one of the /dev/xyz devices.