1

The following script takes a user input (path to a mounted macOS volume such as /Volumes/Macintosh\ HD/)

#!/bin/bash
# Author: Swasti Bhushan Deb
# macOS 10.13.3
# kMDItemWhereFroms.sh

read -e -p "Enter the full path to the Mounted Volume (e.g /Volume /Macintosh HD):   " path
 var=$(mdfind -name 'kMDItemWhereFroms="*"' -onlyin "$path")
 echo "$var"

Output:

/Users/swastibhushandeb/Documents/encase_examiner_v710_release_notes.pdf
/Users/swastibhushandeb/Desktop/AirPrint Forensics.pdf

As a next step I would like the script to perform mdls (prints the values of all the metadata attributes associated with the files) on each output from kMDItemWhereFroms.sh,which can also be perfromed manually by:

 mdls /Users/swastibhushandeb/Documents/encase_examiner_v710_release_notes.pdf

However if such processing is to be automated,what are the available bash coding strategies/options available?How can the output be directed to a csv file so that each column contains fields from mdls command output?

Improve this question
5
  • Are you sure about the CSV part? What do you want to do with the content of the CSV afterwards? Commented Apr 16, 2019 at 16:14
  • @ nohillside ,the idea is to generate a ccv file which contains all the macOS extended attribute names and corresponding value.Hoever thiscan be optional :) Commented Apr 16, 2019 at 16:37
  • The first part (running mdls on the result of mdfind) is easy, see answer below. Turning that into a CSV is much harder, that's why it might help to know what you intend to do with the CSV afterwards (as there may be other ways to accomplish this). Commented Apr 16, 2019 at 16:56
  • @nohillside mdfind -0 -name 'kMDItemWhereFroms=""' -onlyin "$path" | \ xargs -0 -n 1 sh -c 'echo "$1" && mdls "$1"' _ works fine & lists the extended attributes of the files found by mdfind . Q:what does the "_" at the end of the command imply?. If a report for the output of mdfind -0 -name 'kMDItemWhereFroms=""' -onlyin "$path" | \ xargs -0 -n 1 sh -c 'echo "$1" && mdls "$1"' _ is to be created what are the available options? Commented Apr 17, 2019 at 15:57
  • See updated answer. Regarding options to process the output: You would need to split each line into the keyword and the value (taking into account that some values span multiple lines), and then assign the values to columns based on the keyword. It's for sure doable in perl, or python, or ruby, but will require some programming Commented Apr 17, 2019 at 16:05

1 Answer 1

Reset to default
1

You can make use of mdfind's -0 option together with xargs to have the names found terminated by a NUL character (and therefore not having to worry about space/tab/newlines etc).

read -e -p 'Path? ' path
mdfind -0 -name 'kMDItemWhereFroms="*"' -onlyin "$path" | xargs -0 mdls

If you want to see the path/file names as well (and not only the output of mdls) it becomes a bit more elaborate:

mdfind -0 -name 'kMDItemWhereFroms="*"' -onlyin "$path" | \
    xargs -0 -n 1 sh -c 'echo "$1" && mdls "$1"' _

(The _ at the end is just syntactical sugar for sh which will assign the first argument, typically the name of the command, to $0)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.