digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-02-21 11:17:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
04706e0bbd2e2dd537018fb355fe3d0a0c4a54d0
digital-forensics-lab/Help/scripts/docker/Dockerfile
Frank Xu e239e418b6 add docker for digital forensics
2023-08-28 20:55:30 -04:00

518 lines
18 KiB
Docker
Raw Blame History

FROM ubuntu:22.04
LABEL author=Chimezie
# Set environmental variable to store installation summary
# Forces the selection of US Eastern Standard time Zone.
ENV TZ=US/Eastern \
DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install tzdata
# Update package list and install security updates
RUN apt-get update \
&& apt-get install -y apt-utils
RUN apt update \
&& apt upgrade -y \
&& apt autoremove -y \
&& apt-get update && apt-get install -y wget \
&& apt-get update && apt-get install sudo
# Tools Directory
WORKDIR /tools/lab
# Install text editors
RUN sudo apt install -y nano \
&& apt install -y vim \
&& apt update && apt install -y gedit
# Install Wine32 and Wine64
RUN sudo dpkg --add-architecture i386 \
&& dpkg --add-architecture amd64 \
&& apt-get update \
&& apt-get install -y --no-install-recommends wine32 \
&& apt-get install --no-install-recommends --assume-yes wine
ENV DISPLAY :0
# Install other packages
RUN sudo apt -y install python3-pip \
&& sudo apt -y install terminator \
&& apt -y install sqlite3 \
&& apt -y install tree \
&& apt -y install xmlstarlet \
&& apt -y install libhivex-bin \
&& apt -y install pasco \
&& apt -y install npm \
&& apt -y install binwalk \
&& apt -y install foremost \
&& apt -y install hashdeep \
&& apt -y install ewf-tools \
&& apt -y install nautilus
# Install pff-tools
RUN sudo apt-get update \
&& sudo apt-get -y install pff-tools
# Install libesedb-utils
RUN sudo apt-get update \
&& sudo apt-get -y install libesedb-utils
# Install liblnk-utils
RUN sudo apt-get update
RUN sudo apt-get install -y liblnk-utils || { echo 'Package installation failed'; exit 1; }
# Install usncarve
RUN sudo sudo apt-get update \
&& pip install usncarve
# Install usnparser
RUN sudo apt-get update \
&& pip install usnparser
# Install RegRipper
WORKDIR /tools
#Update the default repository first
RUN sudo apt-get update -y \
&& apt-get install curl \
&& apt-get update && apt-get install -y git
# Install necessary dependencies
RUN sudo apt-get update && apt-get install -y \
dos2unix
# Clone the RegRipper repository
RUN git clone https://github.com/keydet89/RegRipper3.0.git /tools/RegRipper30
# Download the RegRipper installer script
RUN curl -sSL https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/scripts/RegRipper30-apt-git-Install.sh -o /tools/RegRipper30/RegRipper30-apt-git-Install.sh
# Convert the line endings to Unix format
RUN dos2unix /tools/RegRipper30/RegRipper30-apt-git-Install.sh
# Set the permissions for the installer script
RUN chmod +x /tools/RegRipper30/RegRipper30-apt-git-Install.sh
# Run the installer script
RUN /tools/RegRipper30/RegRipper30-apt-git-Install.sh
# Add RegRipper to the PATH
ENV PATH="/tools/RegRipper30:$PATH"
# Install Vinetto for Thumbcache
# Install Vinetto
RUN sudo apt-get update \
&& sudo apt-get -y install vinetto
# Install time_decode
# Set the working directory
WORKDIR /tools/lab
# Install colorama
RUN sudo pip install colorama
# Clone the time_decode repository
RUN git clone https://github.com/digitalsleuth/time_decode.git tools/time_decode
# Move the time_decode.py script to /usr/local/bin
RUN mv tools/time_decode/time_decode/time_decode.py /usr/local/bin/
# Set the working directory to the lab directory
WORKDIR /tools/lab
# Install INDXParse
# Set the working directory
WORKDIR /tools/INDXParse
# Download the INDXParse.py script
RUN sudo wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/NIST_Data_Leakage_Case/tools/INDXParse.7z -P tools
RUN sudo 7z x tools/INDXParse.7z -aoa -otools
RUN sudo sh -c 'chmod +x tools/INDXParse/*.py'
RUN sudo sh -c 'mv tools/INDXParse/*.py /usr/local/bin/.'
# Clone the INDXParse repository
RUN sudo apt-get update \
&& git clone https://github.com/williballenthin/INDXParse.git
# Install the required Python packages
RUN sudo pip install construct
# Set the working directory
WORKDIR /tools
# Clone the analyzeMFT repository
RUN git clone https://github.com/dkovar/analyzeMFT.git analyzeMFT \
&& cd analyzeMFT \
&& apt-get update \
&& apt-get install -y python3 \
&& python3 setup.py install
# Install imgclip
# Set the working directory
WORKDIR /tools/lab
# Update and install imgclip dependencies
RUN sudo apt-get update \
&& apt-get install -y npm \
&& npm install -g imgclip
# Copy the necessary files to the container
# Set the working directory to the location of the index.js file
WORKDIR /usr/local/lib/node_modules/imgclip/node_modules/copy-paste
# Use the sed command to modify the file
RUN sed -i '58s/if(text?.pipe)/if(text \&\& pipe)/' /usr/local/lib/node_modules/imgclip/node_modules/copy-paste/index.js
# Continue with the rest of your Dockerfile
# Install libvshadow-alpha-20210425
# Update the package repository and install required dependencies
RUN sudo apt-get update \
&& apt-get install -y libfuse-dev git autoconf automake autopoint libtool pkg-config
# Download libvshadow
# Set the working directory
WORKDIR /tools
# Install required packages
RUN sudo apt-get update && apt-get install -y wget autoconf automake libtool
# Download libvshadow-alpha-20210425.tar.gz
RUN wget -q https://github.com/libyal/libvshadow/releases/download/20221030/libvshadow-alpha-20221030.tar.gz
# Extract the tar.gz file
RUN tar -xzf libvshadow-alpha-20221030.tar.gz
# Cleanup unnecessary files
RUN rm libvshadow-alpha-20221030.tar.gz
# Change directory to libvshadow-20210425
WORKDIR /tools/libvshadow-20221030
# Install dependencies
# RUN ./configure
# Generate the configure script and Configure, build, and install libvshadow
RUN ./configure && make && make install
# Configure library installation prefix
RUN ./configure --prefix=/usr
# Update library cache
RUN ldconfig
# Install Windows--PerserPrefetch and required packages
# Set the working directory
WORKDIR /tools
# Update package repository and install required packages
RUN sudo apt-get update && apt-get install -y python3-evtx
# Update the package repository and install required dependencies
RUN sudo apt-get update \
&& apt-get install -y python3-pip
# Clone Windows-Prefetch Parser repository
RUN git clone https://github.com/williballenthin/python-evtx.git
# Change directory to python-evtx
WORKDIR /tools/python-evtx
# Install python-evtx library
RUN sudo python3 setup.py install
# Install windowsprefetch
RUN sudo pip install windowsprefetch
# Install undark for carving sqlite .db
WORKDIR /tools
RUN sudo git clone https://github.com/inflex/undark.git ./undark
WORKDIR /tools/undark
RUN sudo make
RUN sudo mv undark /usr/local/bin/.
WORKDIR /tools
# Install LogFileParser
# Set the working directory
WORKDIR /tools/lab
# Update the package repository and install git
RUN sudo apt-get update && apt-get install -y git
# Clone LogFileParser repository
RUN git clone https://github.com/jschicht/LogFileParser.git
# Install UsnJrnl2Csv
# Set the working directory
WORKDIR /tools/lab
# Update the package repository and install git
# RUN apt-get update && apt-get install -y git
# Clone UsnJrnl2Csv repository
RUN git clone https://github.com/jschicht/UsnJrnl2Csv.git
# Install JLECmd
# Set the working directory
WORKDIR /tools
# Update the package repository and install wget and unzip
RUN sudo apt-get update && apt-get install -y wget unzip
# Download JLECmd.zip
RUN wget -q https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
# Unzip JLECmd.zip
RUN unzip JLECmd.zip
# Remove the JLECmd.zip file
RUN rm JLECmd.zip
# Install volitility 2
# Update the system first
RUN apt-get update && apt-get full-upgrade -y
# Install dependencies for Volitility2
RUN sudo apt update \
&& sudo apt install -y software-properties-common \
&& sudo add-apt-repository ppa:deadsnakes/ppa \
&& sudo apt update \
&& sudo apt install -y python2.7
# Install pip for Python 2
RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
RUN python2.7 get-pip.py
# Install Dependencies for pip modules
RUN sudo apt-get update && apt-get install -y \
build-essential \
libssl-dev \
libffi-dev \
python2.7-dev
# Install pip modules which are needed to install some other packages
RUN sudo pip2 install --no-binary :all: pycrypto
RUN sudo pip2 install cryptography
RUN sudo pip2 install yara-python
RUN sudo pip2 install distorm3==3.4.4
# In case it was not properly installed previously, uninstall it first
RUN sudo pip uninstall pycryptodomex
# Reinstall it again
RUN sudo pip install pycryptodomex
# Install additional tools and dependencies for Python2
RUN sudo apt-get install -y python2 python2-dev dwarfdump build-essential yara zip curl
# Download and set up the latest version of Volatility 2
RUN git clone https://github.com/volatilityfoundation/volatility.git
RUN cd volatility && python2 setup.py install
# Install volitility 3
# Update the system
RUN sudo apt-get update && apt-get full-upgrade -y
# Install system dependencies
RUN sudo apt-get install -y python3 python3-pip dwarfdump yara zip git
# Install Volatility 3 from GitHub
RUN git clone https://github.com/volatilityfoundation/volatility3.git /tools/volatility3
# Install Volatility 3 dependencies
RUN sudo pip3 install -r /tools/volatility3/requirements.txt
# Add Volatility 3 to the PATH
ENV PATH="/opt/volatility3:${PATH}"
# Install stego-toolkit
# Update the system
#RUN apt-get update && apt-get full-upgrade -y
# Install required dependencies for stego-toolkit
RUN sudo apt-get update && apt-get install -y steghide
# Clone the stego-toolkit repository
RUN git clone https://github.com/DominicBreuker/stego-toolkit.git /tools/stego-toolkit
# Change directory to the stego-toolkit installation directory
WORKDIR /tools/stego-toolkit/install
# Make jphide.sh executable
RUN chmod +x /tools/stego-toolkit/install/jphide.sh
# Run jphide.sh installation script
RUN /tools/stego-toolkit/install/jphide.sh
# Install stegdetect
# Set the working directory
WORKDIR /tools
# Update the system and install necessary dependencies
RUN sudo apt-get update && apt-get install -y wget p7zip-full
# Download and extract stegdetect
RUN wget -q https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Illegal_Possession_Images/tools/stegdetect.7z -P tools \
&& 7z x tools/stegdetect.7z -aoa -otools \
&& rm -f tools/stegdetect.7z
# Copy stegdetect and stegbreak binaries to /usr/bin
RUN cp tools/stegdetect/stegdetect /usr/bin/. \
&& cp tools/stegdetect/stegbreak /usr/bin/.
WORKDIR /
# Verify installations
RUN wine --version
RUN imgclip -h
RUN pffexport -h
RUN esedbexport -h
RUN lnkinfo -h
RUN usncarve.py -h
RUN usn.py -h
RUN rip.pl -h
RUN vinetto -h
RUN time_decode.py -h
RUN prefetch.py -h
RUN evtx_dump.py -h
RUN INDXParse.py -h
RUN analyzeMFT.py -h
RUN vshadowinfo -h
RUN undark -h
RUN true || jphide
RUN true || jpseek
RUN vol.py -h
RUN stegdetect -V || true
RUN stegbreak -V || true
# Set up environmental variables
ENV COLOR_GREEN='\e[1;32m'
ENV COLOR_RED='\e[1;31m'
ENV COLOR_RESET='\e[0m'
# Create an installation report directory
WORKDIR /installation_report
# Run tools' help commands to check installation status
RUN wine --version | grep -iq "wine32,Wine64" &>/dev/null \
&& echo "${COLOR_GREEN}Tool wine: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool wine: Installation failed" >> /installation_report/installation_report.txt
RUN imgclip -h | grep -iq "imgclip" &>/dev/null \
&& echo "${COLOR_GREEN}Tool imgclip: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool imgclip: Installation failed" >> /installation_report/installation_report.txt
RUN pffexport -h | grep -iq "pff-tools" &>/dev/null \
&& echo "${COLOR_GREEN}Tool pff-tools: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool pff-tools: Installation failed" >> /installation_report/installation_report.txt
RUN esedbexport -h | grep -iq "libesedb-utils" &>/dev/null \
&& echo "${COLOR_GREEN}Tool libesedb-utils: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool libesedb-utils: Installation failed" >> /installation_report/installation_report.txt
RUN lnkinfo -h | grep -iq "liblnk-utils" &>/dev/null \
&& echo "${COLOR_GREEN}Tool liblnk-utils: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool liblnk-utils: Installation failed" >> /installation_report/installation_report.txt
RUN usncarve.py -h | grep -iq "usncarve" &>/dev/null \
&& echo "${COLOR_GREEN}Tool usncarve: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool usncarve: Installation failed" >> /installation_report/installation_report.txt
RUN usn.py -h | grep -iq "usnparse" &>/dev/null \
&& echo "${COLOR_GREEN}Tool usnparse: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool usnparse: Installation failed" >> /installation_report/installation_report.txt
RUN rip.pl -h | grep -iq "RegRipper30" &>/dev/null \
&& echo "${COLOR_GREEN}Tool RegRipper30: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool RegRipper30: Installation failed" >> /installation_report/installation_report.txt
RUN vinetto -h | grep -iq "vinetto" &>/dev/null \
&& echo "${COLOR_GREEN}Tool vinetto: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool vinetto: Installation failed" >> /installation_report/installation_report.txt
RUN prefetch.py -h | grep -iq "windowsprefetch" &>/dev/null \
&& echo "${COLOR_GREEN}Tool windowsprefetch: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool windowsprefetch: Installation failed" >> /installation_report/installation_report.txt
RUN time_decode.py -h | grep -iq "time_decoder" &>/dev/null \
&& echo "${COLOR_GREEN}Tool time_decoder: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool time_decoder: Installation failed" >> /installation_report/installation_report.txt
RUN evtx_dump.py -h | grep -iq "evtx_dump" &>/dev/null \
&& echo "${COLOR_GREEN}Tool evtx_dump: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool evtx_dump: Installation failed" >> /installation_report/installation_report.txt
RUN INDXParse.py -h | grep -iq "INDXParser" &>/dev/null \
&& echo "${COLOR_GREEN}Tool INDXParser: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool INDXParser: Installation failed" >> /installation_report/installation_report.txt
RUN analyzeMFT.py -h | grep -iq "analyzeMFT" &>/dev/null \
&& echo "${COLOR_GREEN}Tool analyzeMFT: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool analyzeMFT: Installation failed" >> /installation_report/installation_report.txt
RUN vshadowinfo -h | grep -iq "libvshadow" &>/dev/null \
&& echo "${COLOR_GREEN}Tool libvshadow: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool libvshadow: Installation failed" >> /installation_report/installation_report.txt
RUN undark -h | grep -iq "undark" &>/dev/null \
&& echo "${COLOR_GREEN}Tool lundark: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool undark: Installation failed" >> /installation_report/installation_report.txt
RUN true || jphide | grep -iq "undark" &>/dev/null \
&& echo "${COLOR_GREEN}Tool jphide: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool jphide: Installation failed" >> /installation_report/installation_report.txt
RUN true || jpseek | grep -iq "jpseek" &>/dev/null \
&& echo "${COLOR_GREEN}Tool jpseek: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool jpseek: Installation failed" >> /installation_report/installation_report.txt
RUN vol.py -h | grep -iq "jpseek" &>/dev/null \
&& echo "${COLOR_GREEN}Tool volatilty2, volatility3: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Toolvolatilty2, volatility3: Installation failed" >> /installation_report/installation_report.txt
RUN stegdetect -V || true | grep -iq "jpseek" &>/dev/null \
&& echo "${COLOR_GREEN}Tool stegdetect: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool stegdetect: Installation failed" >> /installation_report/installation_report.txt
RUN stegbreak -V || true | grep -iq "stegbreak" &>/dev/null \
&& echo "${COLOR_GREEN}Tool stegbreak: Installation successful" >> /installation_report/installation_report.txt \
|| echo "${COLOR_RED}Tool stegbreak: Installation failed" >> /installation_report/installation_report.txt
# Display the installation report
RUN cat /installation_report/installation_report.txt
# Installation summary report
# Display summary information
# Copy the script into the current directory
# COPY entrypoint.sh .
# Make the script executable
# RUN chmod +x entrypoint.sh
# Execute the script
# RUN /entrypoint.sh
# Mount an inteactive terminal when container starts
CMD ["/bin/bash"]
# End of the Dockerfile
Reference in New Issue View Git Blame Copy Permalink