filedriller

Steffen Fritz fd1a536dc0 Merge branch 'main' of github.com:dla-marbach/filedriller		2 weeks ago
.github/ISSUE_TEMPLATE	Update feature_request.md	1 year ago
cmd	Merge branch 'main' of github.com:dla-marbach/filedriller	2 weeks ago
testdata	added test case	1 year ago
third_party	Updated pronom.sig and Makefile files	2 weeks ago
.gitignore	Updated pronom.sig and Makefile files	2 weeks ago
LICENSE	added license	1 year ago
Makefile	fixed test and benchmark	7 months ago
README.md	Update README.md	1 year ago
download.go	Refactoring for second transition, added additional unit tests, changed badge URIs	1 year ago
download_test.go	fmted some source files	1 year ago
entropy.go	local maxfilesize	1 year ago
entropy_test.go	Refactoring for second transition, added additional unit tests, changed badge URIs	1 year ago
err.go	basically working with a lot of work ahead	12 months ago
friller.1	Update friller.1	1 year ago
go.mod	working copy	12 months ago
go.sum	working copy	12 months ago
hash.go	fmted some source files	1 year ago
hash_test.go	fmted the project	1 year ago
logger.go	close #10 : added an error logger and an error log and platform info is written to a log file	1 year ago
output.go	working copy	12 months ago
process.go	working copy and sync to codeberg	2 weeks ago
process_bench.go	fixed test and benchmark	7 months ago
process_test.go	fixed test and benchmark	7 months ago
redis.go	working copy	12 months ago
siegfried.go	v1.0-BETA-6	1 year ago
types.go	fixed test and benchmark	7 months ago
uuid.go	fmted the project	1 year ago
uuid_test.go	Refactoring for second transition, added additional unit tests, changed badge URIs	1 year ago

README.md

filedriller

filedriller walks a directory tree and identifies all regular files by type with siegfried. Furthermore it creates UUIDv4s, hash sums (md5, sha1, sha256, sha512 or blake2b-512) and filedriller can check if the file is in the NSRL.

The NSRL check expects a Redis server that serves NSRL SHA-1 hashes. You can use a team member's docker image

Status

v1.0-BETA

For issues see the issue tab.

Installation

Binary release

Download the file for your platform and execute it. The executables are named friller.

Note: If the build badge above is green and says passing, it is a good idea to install from source.

From source

 go get github.com/dla-marbach/filedriller/cmd/friller

then

Download signature file
```
friller -download
```

Optional NSRL:

 - docker pull ampoffcom/nslredis:032020

 - docker images

 - docker run -p 6379:6379 $IMAGEID

When you pass the -redisserv flag, friller sends a SHA-1 hash to the specified server.

Usage Examples

Fetch the pronom.sig file
```
 friller --download
```
Without Redis / NSRL
```
 friller --in SOMEDIRECTORY
```

With Redis / NSRL

 friller --in SOMEDIRECTORY --redisserv localhost

With alternate output file

 friller --in SOMEDIRECTORY -output foo.csv

asciinema recording: https://asciinema.org/a/ZPAW3ovkYNR4flK5C5wmi2GAA

Output

The output is written to a CSV file. Schema of the file:

Filename, SizeInByte, Registry, PUID, Name, Version, MIME, ByteMatch, IdentificationNote, Hash Name, UUID, inNSRL, Entropy

Flags

Usage of ./friller:

--download, -d

	Download siegfried's signature file

--entropy, -e

	Calculate the entropy of files. Limited to file sizes up to 1GB

--errlog, -w

    Error log file (default "errorlogs.txt")

--hash, -h string

	The hash algorithm to use: md5, sha1, sha256, sha512, blake2b-512 (default "sha256")

--in, -i string

	Root directory to work on

--log, -l string

     Log file (default "logs.txt")

--output, -o string

	Output file (default "info.csv")

--redisport, -s string

	Redis port number for a NSRL database (default "6379")

--redisserv, -p string

	Redis server address for a NSRL database

--version, -v

	Print version and build info