This repository was archived by the owner on Jun 11, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.go
More file actions
95 lines (81 loc) · 1.86 KB
/
Copy pathmain.go
File metadata and controls
95 lines (81 loc) · 1.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// Find forensic artifacts in mount points or the live system.
//
// Usage:
//
// ffind [-rcsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-C CSV] [-Z ZIP] [MOUNT ...]
//
// The flags are:
//
// -H algorithm
// The hash algorithm to use.
// -C file
// The artifacts csv listing name.
// -Z archive
// The artifacts zip archive name.
// -r
// Output relative paths.
// -c
// Use volume shadow copy.
// -s
// System artifacts only.
// -u
// User artifacts only.
// -q
// Quiet mode.
// -h
// Show usage.
// -v
// Show version.
//
// The arguments are:
//
// mount
// The image mount point(s) or the system root path(s).
// Defaults to STDIN, then %SYSTEMDRIVE% if not given.
package main
import (
"flag"
"io"
"go.foxforensics.eu/futils/pkg/sys"
"go.foxforensics.eu/ffind/internal/ffind"
)
func main() {
H := flag.String("H", "", "Hash algorithm")
C := flag.String("C", "", "CSV Listing name")
Z := flag.String("Z", "", "Zip archive name")
r := flag.Bool("r", false, "Relative paths")
c := flag.Bool("c", false, "Volume shadow copy")
s := flag.Bool("s", false, "System artifacts only")
u := flag.Bool("u", false, "User artifacts only")
q := flag.Bool("q", false, "Quiet mode")
h := flag.Bool("h", false, "Show usage")
v := flag.Bool("v", false, "Show version")
flag.CommandLine.SetOutput(io.Discard)
flag.Parse()
mnts, _ := sys.Args()
if len(mnts) == 0 {
mnts = append(mnts, "") // Live mode
}
if *v {
sys.Final(ffind.Version)
}
if *h {
sys.Usage("ffind [-rcsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-C CSV] [-Z ZIP] [MOUNT ...]")
}
if *q {
sys.Progress = nil
}
if *q && len(*Z)+len(*C) == 0 {
sys.Usage("Archive or Listing is required")
}
if *s && *u {
sys.Usage("System or User is required")
}
if *r && len(mnts) > 1 {
sys.Error("Disabled relative paths")
*r = false
}
for _, p := range mnts {
ffind.Find(p, *Z, *C, *H, *r, *c, *s, *u)
}
}