FLS Notes on More than one partition

#Sleuthkit - tools for forensics analysis on volume and filesystem
#FLS Notes on More than one partition
sudo apt install sleuthkit

#create empty img file
dd bs=512 count=500 if=/dev/zero of=test.img

#create partitions
#becareful running fdisk like this
echo -e "n\np\n1\n\n+50K\nt\nb\nn\np\n\n\n\nt\n2\nb\nw\n" |fdisk test.img

#list partition info
fdisk -l test.img

#you can see that there are 2 partitions in the image now
#and the sector size is 512
#so we find the "Start" and multiple that by 512
#and now we can mount those as loops with losetup
mkdir mnt{0..1}
sudo losetup -o 512 /dev/loop0 test.img
sudo losetup -o 52224 /dev/loop1 test.img

sudo mkfs.vfat /dev/loop0
sudo mkfs.vfat /dev/loop1

sudo mount /dev/loop0 mnt0
sudo mount /dev/loop1 mnt1

#make files and folder
sudo mkdir mnt0/folder_{1..5}/
sudo touch mnt0/folder_{1..5}/file_{A..G}.txt
sudo mkdir mnt1/folder_{A..M}/
sudo touch mnt1/folder_{A..M}/MyFiles{1..9}.txt

#Unmount the partitions
sudo umount mnt{0..1}

#removed loop devices
sudo losetup -d /dev/loop{0..1}

#view partition files and folders with fls
#use fdisk so get offsets for each partition "Start"
fls -rp -o 1 test.img
fls -rp -o 102 test.img