Sorter

Description

sorter is a Perl script that analyzes a file system to organize the allocated and unallocated files by file type. It runs the ’file’ command on each file and organizes the files according to the rules in configuration files. Extension mismatching is also done to identify ’hidden’ files. One can also provide hash databases for files that are known to be good and can be ignored and files that are known to be bad and should be alerted.

Usage

Syntax

sorter [-b size] [-E] [-e] [-h]  [-l] [-md5] [-s] [-sha1] [-U] [-v] [-V] [-a hash_alert] [-c config] [-C config] [-d dir] [-m mnt] [-n nsrl_db] [-x hash_exclude] [-o imgoffset] [-f fstype] [-i imgtype] image [images] [dir_meta_addr]

Options

        -b size: Minimum size.  Ignore files smaller than 'size' sorter 
	-E: Perform category indexing only (no extension checks - was '-i')
	-e: Perform extension checks only (no category index files)
	-h: HTML Format
	-l: List index to STDOUT (no files are ever written)
	-md5: Print the MD5 value with the index output
	-s: Save files to category directories
	-sha1: Print the SHA-1 value with the index output sorter 
	-U: Ignore the unknown category - only save catgories in config files
	-v: verbose debugging output
	-V: print version information
	-a hash_alert: hash database of hashes to alert on
	-c config: specify a config file to use (in addition to default files)
	   NOTE: This config file has priority over default files
	-C config: specify the ONLY config file to use
	-d dir: Save category index files in the specified directory
	-f fstype: file system type (Sleuth Kit types) of image
	-i imgtype: Format of image file
	-o imgoffset: Offset of file system in image (in sectors)
	-m mnt: The mounting point of the image
	-n nsrl_db: The NIST NSRL database file (NSRLFile.txt) (hashes to ignore)
	-x hash_exclude: hash database of hashes to ignore 
	dir_meta_addr: Address of directory to start analyzing from 
	image: image to analyze sorter 

Example

cyborg@cyborg:~$ sudo sorter  -f ntfs -d /home/cyborg/DIR1 image.dd 

Analyzing  "image.dd"
  Loading Allocated File Listing 
  Processing 49 Allocated Files and Directories
  100%

All files have been saved to: /home/cyborg/DIR1
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?