I found a bash script online for mass-restoring files using the Sleuthkit but am having trouble using it due to what I believe is an error in the script itself. Here is the script:
IMAGE=$1
LIST=$2
DEST=$3
cat $LIST | while read line; do
filetype=`echo "$line" | awk {'print $1'}`
filenode=`echo "$line" | awk {'print $2'}`
filenode=${filenode%:}
filename=`echo "$line" | cut -f 2 -d ' '`
if [ $filetype == "r/r" ]; then
echo "$filename"
mkdir -p "`dirname "$DEST/$filename"`"
icat -f ext2 -r -s $IMAGE "$filenode" > "$DEST/$filename"
fi
done
Everything works fine until the cut
statement, which throws this error:
cut: the delimiter must be a single character
Obviously the script is trying to use a string as a delimiter which the cut command does not allow. However, this isn't necessary as the output is actually tab-delimited. However, removing the delimiter produces this error message:
[: 16: r/r: unexpected operator
For every line. The input (the LIST file) looks like this:
r/r 8457-128-3: Architects list.docx
r/r 90219-128-4: ACID Pro 7.0 Projects/Track 2 - 3.sfk
r/r 90208-128-4: ACID Pro 7.0 Projects/Track 2 - 3.wav
r/r 192969-128-3: OLD SCHOOL PAPERS/Doc Comp.docx
The output of awk {'print $1'}
is one or the other of these two lines:
r/r
d/d
The output of awk {'print $2'}
is the file inodes, like this:
134164-128-1:
233761-128-1:
129177-128-1:
23963-128-1:
My suspicion was that the colon (:) was the problem so I removed it by piping the filenode to a sed
statement that got rid of the colon, but that also didn't fix the problem. So after modifying this line to repair the first issue:
filename=`echo "$line" | cut -f 2 -d ' '`
To:
filename=`echo "$line" | cut -f 2`
And even after removing the colon from the file inode number, I am still stuck with this error:
[: 16: r/r: unexpected operator
The script was written for an ext2 file system but I am using it on an NTFS file system. I have modified the necessary lines and can get the icat
command to work as written, so it is not an issue of not changing the relevant portions (the individual lines work fine, I've debugged this as well as I know how).
Here is my current script:
IMAGE=/dev/sdb
LIST=files.lst
DEST=~/Desktop/sol/backup
cat $LIST | while read line; do
filetype=`echo "$line" | awk {'print $1'}`
filenode=`echo "$line" | awk {'print $2'}`
filenode=${filenode%:}
filename=`echo "$line" | cut -f 2`
if [ $filetype == "r/r" ]; then
echo "$filename"
mkdir -p "`dirname "$DEST/$filename"`"
icat -f ntfs -o 409600 -r -s $IMAGE "$filenode" > "$DEST/$filename"
fi
done
So that's all the troubleshooting and thinking I've done so far. Any ideas?
UPDATE
I was asked to show the output of cat -vte $LIST
, which is as follows (sample):
r/r 284268-128-4:^IVirtualDJ/Skins/VirtualDJ 7 (6 Decks).zip$
r/r 284265-128-4:^IVirtualDJ/Skins/VirtualDJ5.zip$
d/d 284231-144-6:^IVirtualDJ/Tracklisting$
r/r 284345-128-4:^IVirtualDJ/Tracklisting/2013-06-21.m3u$
d/d 15695-144-1:^IMy Music$
r/r 14970-128-3:^IDemotivational pics.docx$
r/r 1677-128-1:^Idesktop.ini$
r/r 881-128-4:^IDocument 1.doc$