analyzer is a bash script that analyze and retrieve data from memory and hard disk drive files using:
volatlity, bulk_extractor, binwalk, foremost and strings.
PROS:
-
help and info menu doesn't require sudo privileges.
-
have 3 way to analyze the wanted file: 1=standard bash script, 2=argument script, 3=flag script (using arguments)
-
capable of doing almost every volatility commands since not every one of them use the same option. (if your suggested profile is for exemple VistaSP1x86, some command could require for exemple WinSP2x86)
-
will save the user general scans in a statistics file.
-
check if the new supposed output file or directory is already created. (instead of :: error cant write on 'file.txt' because 'file.txt' already exist :: you'll get file.2.txt or dir.2 then .3, .4, ect...)
-
check for every errors possible. (correct path, correct answers as input, if the mem file choosen is truly a mem file)
-
the required dependencies and libraries will be scanned and any missing packages will be installed automatically.
CONS:
-
since we can run the script using arguments and flags, we cant put errors message for the flags option using "else" because it will disable the arguments scipt and vice versa.
-
if incorrect arguments or flags are written, the standard script will run. (advantage as well)
a project made by ThinkCyber.
Be Aware: the script could be different from the video since he got upgraded.
launch the script by typing:
└─$ sudo bash analyzer.sh
└─$ sudo ./analyzer
-h (stand for help) for more info about the flags option.
-i (stand for info) for more info about the script.
from zip file or from github:
git clone https://github.com/Gh0stAn0n/analyzer