#!/bin/bash

# Scripting the making of a forensic set of tools 

if [ "$1" == "" ];then
    echo " Usage:";
    echo "     $0 <outputdir>";
    echo "";
    exit 1;
else 
    OUTDIR="$1";
fi

BINS="
arp
basename
bash
cat
cp
date
dcfldd
disk_sreset
disk_stat
dd
dmesg
fdisk
file
find
id
last
ldd
less
lessfile
lesspipe
ls
lsmod
lsof
md5sum
more
mount
nc
netstat
openssl
ps
pwd
ping
sha1sum
stat
tar
uname
uptime
w
which
whoami
"

rm -rf "${OUTDIR}"/

mkdir "${OUTDIR}"
mkdir "${OUTDIR}/bin"
mkdir "${OUTDIR}/lib"

for filename in ${BINS}; do
   if [ -x `which ${filename}` ];then 
       cp  "`which ${filename}`"  "${OUTDIR}/bin/";
   else
       echo "Skipping: ${filename}";
   fi
done

cd ${OUTDIR}
for filename in ${BINS}; do
    if [ -x bin/${filename} ];then
        ldd bin/${filename} | grep "/lib/"|sed -e 's/.*\( \/usr\/lib\/[^ ]*\| \/usr\/lib64\/[^ ]*\| \/lib\/[^ ]*\| \/lib64\/[^ ]*\).*/cp \1 lib/'|bash
    fi
done

echo -e "echo \"Dropping to a forensics bash environment:\"
LD_LIBRARY_PATH=\`pwd\`/lib/
PATH=\`pwd\`/bin/
export LD_LIBRARY_PATH
export PATH
bash --norc --noprofile 
" > forensics-bash.sh
chmod a+x forensics-bash.sh
cd ..
mkisofs -o ${OUTDIR}.iso ${OUTDIR}