restoretools pkg new --name nginx-running --pid 1234 --include-open-files This is invaluable for capturing ephemeral containers or in-memory executables during an incident investigation. When analyzing a mounted forensic image ( /mnt/evidence ), maintain chain-of-custody:
In the world of digital forensics, data recovery, and system administration, the ability to create, manage, and restore software packages efficiently is critical. One tool that has gained significant traction among professionals is RestoreTools —a suite designed to simplify backup, restoration, and package management across Unix-like systems. restoretools pkg new
#!/bin/bash # auto-package.sh DATE=$(date +%Y%m%d) PACKAGE_NAME="$1" SOURCE_DIR="$2" restoretools pkg new --name "$PACKAGE_NAME" --version "$DATE" --source "$SOURCE_DIR" --include-deps --output-dir "/var/restoretools/packages" --compression lz4 and system administration
restoretools pkg new [OPTIONS] --name PACKAGE_NAME --source SOURCE_PATH | Argument | Description | |----------|-------------| | --name | Unique identifier for the package (e.g., apache2_custom , libssl_1.1.1 ) | | --source | Absolute path to the directory or binary to package | Common Options | Option | Purpose | |--------|---------| | --output-dir | Destination folder for the .rtpkg file (default: current directory) | | --include-deps | Scan and embed dynamic library dependencies | | --compression | gzip , lz4 , or none (default: gzip) | | --hash-algo | sha256 , sha512 , md5 (default: sha256) | | --version | Assign a semantic version to the package | | --exclude | Pattern to exclude files (e.g., *.log , tmp/* ) | Basic Example To create a package of a custom web application located in /opt/myapp : the ability to create