Forensic Scripting using Bash

Title: Forensic Scripting using Bash
Year: May 2010 – Version 1.0
Duration: 1 week

content of this training package will be moved into Linux course and scripting is covered by Python Forensic Scripting

Course Aim

The course is designed to take students with no programming experience, and bring them all to a common level of knowledge and understanding of scripting for forensic computing applications in a Linux environment.

Prerequisites

Students are expected to have successfully participated in basic training for high tech crime investigators. They will have normally completed the ECTEG Introductory IT Forensics and Network Investigations Course. Ideally students will have completed the ‘ ECTEG Linux as a Forensic Tool’ course, or be able to demonstrate equivalent knowledge. They should have knowledge of common file systems, e.g. FAT, NTFS, and disk geometry, e.g. boot sector and partitioning. They should be comfortable with navigation of the Linux file system at the command line; editing, saving, setting permissions on files, awareness of common forensic techniques using Linux, e.g. basic regular expressions, dd, mount, The Sleuth Kit.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

The software development cycle (the waterfall model):

  • Analysis
  • Design
  • Programming
  • Testing

Writing scripts:

  • Shells and what is a shell – concentrating on bash
  • The first line
  • Comments
  • Use of standard Linux/bash commands
  • Saving and running the script (making executable – chmod)
  • Editors supporting syntax highlighting
  • Who is the script running as?
  • Reading user input
  • Arithmetic
  • Command line arguments