Code Dump: Format Autopsy Results


#!/bin/bash
DATE=""
cat timeline.txt | while read line;
do
if [[ $(echo $line | egrep "[A-Z][a-z]+ [A-Z][a-z]+ [0-9]+ [0-9]+ [0-9]+:[0-9]+:[0-9]+" | wc -l) -gt 0 ]]
then
DATE=$(echo $line| sed "s/\([A-Z][a-z]* [A-Z][a-z]* [0-9]* [0-9]* [0-9]*:[0-9]*:[0-9]*\).*/\1/" )
echo $line >> timelinefixed.txt
echo $line
else
echo "$DATE $line" >> timelinefixed.txt
echo "$DATE $line"
fi
done