This repository contains two shell scripts designed to assist in digital forensics investigations:
dd.shβ Securely create a bit-by-bit image of a USB device.john.shβ Extract password hashes from protected Microsoft Office documents and prepare them for cracking using John the Ripper.
dd.sh: A bash script for imaging USB drives using theddutility.john.sh: A bash script for extracting password hashes from protected.docor.docxfiles usingoffice2john.py.
These tools are designed to be run on Linux systems and require root privileges for some operations.
- Bash
lsblk,dd,umount,wget,python3- Internet connection (for downloading
office2john.py)
- John the Ripper
office2john.pyfrom the John the Ripper GitHub repo
Purpose: Create a raw disk image (.img) of a USB device using dd.
- Prompts for the USB device label.
- Identifies the device using
lsblk. - Unmounts the USB.
- Asks for an output path.
- Performs a bit-by-bit copy using
dd.
sudo ./dd.shπ Output: A
.imgfile stored at your specified location.
Purpose: Automates extraction of password hashes from Microsoft Word documents using office2john.py, preparing them for cracking with John the Ripper.
- Installs John the Ripper (via APT).
- Downloads
office2john.py. - Prompts for the Word document path.
- Extracts the hash to
hash.txt(suitable for cracking with John).
./john.shπ Result: A
hash.txtfile containing the extracted hash (ready for cracking).
These tools are intended for educational and legal forensic investigation purposes only.
Do not use them on devices or files without explicit permission. Unauthorised use may violate privacy laws and result in legal consequences.