This is where I will put stuff I need to remember and have access to from anywhere. I don't expect anyone else to find it interesting.
I keep most of my notes on Linux-based forensics in my blog, Linux Sleuthing. Most of the scripts I have below flow from issues I've discussed in my blog.
I am in the process of migrating my code to my Google Code project hosting site (linuxsleuthing) so that updates can be tracked and bug reports made. Please check there for the latest code. I will be removing the downloads on this site as I migrate, but it is a good idea to check there in any event.
parse_android_sms is a tool to convert the PRTime date stamps in the Android mmssms.db file and export the tables to csv files. More information here.
tsk_hashfiles reads a Sleuthkit database, determines the file systems, and then creates a sha-1 and md5 hash digest of each file in the file systems. It creates a new table in the database called tsk_fs_hashes to store the digests. "Good" and "bad" fields are added to each record so files can be flagged using hashing techniques.
tsk_filetype reads a Sleuthkit database, determines the file systems, and then determines the file type and mime type for each file in the file systems. It creates a new table in the database called tsk_fs_types to store the information.
mknsrl creates a SQLite database from the NRSL hash set, which comes in four ISOs. The NSRLFile.txt files do not need to be concatenated (in fact, should not be) to work with mknsrl. The script takes five arguments, the first being the name of the db you want to create, the next four are the paths to the NSRLFile.txt csv files from each ISO.
getnsrl automatically extracts the NSRLFile.txt csv files from NSRL Reference Data Set iso's and prepares them for use. The NSRLFile.txt csv files are appended with the reference set identification [abcd]. 'mknsrl' or another processing method can then be used on the hash sets. Currently, the iso's must be downloaded separately. I may be persuaded to automate downloading in the future, since there are new releases every quarter.