Forensic Scripting using Bash

Title: Forensic Scripting using Bash
Duration: 1 week

content of this training package is moved into Basic Introductory and Linux courses. Scripting is covered by Python Forensic Scripting

Course Aim

The course is designed to take students with no programming experience, and bring them all to a common level of knowledge and understanding of scripting for forensic computing applications in a Linux environment.


Students are expected to have successfully participated in basic training for high tech crime investigators. They will have normally completed the ECTEG Introductory IT Forensics and Network Investigations Course. Ideally, students will have completed the ‘ ECTEG Linux as a Forensic Tool’ course, or be able to demonstrate equivalent knowledge. They should have knowledge of common file systems, e.g. FAT, NTFS, and disk geometry, e.g. boot sector and partitioning. They should be comfortable with navigation of the Linux file system at the command line; editing, saving, setting permissions on files, awareness of common forensic techniques using Linux, e.g. basic regular expressions, dd, mount, The Sleuth Kit.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

The software development cycle (the waterfall model):

  • Analysis
  • Design
  • Programming
  • Testing

Writing scripts:

  • Shells and what is a shell – concentrating on bash
  • The first line
  • Comments
  • Use of standard Linux/bash commands
  • Saving and running the script (making executable – chmod)
  • Editors supporting syntax highlighting
  • Who is the script running as?
  • Reading user input
  • Arithmetic
  • Command line arguments