Re: probing operating sytem



"poncenby" <buzzinfly@xxxxxx> (06-11-21 14:19:53):

I'd be suprised if there were not tools already out there for this
but, with a simple bit of scripting you could use fdisk to find out
the filesystem type and using mount, ls and grep you should be able
to get a good idea of the OS in use. You could even use a hashing
algorithm to check file versions and hence work out what OS version
is in use.

Would that be any use to you?

I'm using a few of the sleuthkit tools but I'm not that keen on having
to mount basically every partition node under /dev. Just hoping
someone knew of a tool that already has the OS identification
functionality that works on /dev block devices/dd images etc etc.

You will be searching forever. Script it yourself, it's easy. Just
mount the partition with '-t auto', and check some files' hash values,
as Bogwitch already suggested. An appropriate shell script should not
exceed 15 lines. You will find the '-c' option to 'sha1sum'
particularly useful.

However, this is not a security related problem.


Regards,
E.S.
.