Difference between revisions of "Jcat"
From SleuthKitWiki
(New page: Version 2.09 Man Page NAME jcat - Show the contents of a block in the file system journal. SYNOPSIS jcat [-f fstype ] [-vV] [-i imgtype] [-o imgoffset] image [images] ] [ ...) |
m (Reformatted) |
||
| Line 1: | Line 1: | ||
| − | + | Back to [[Help Documents]] | |
| − | + | ==jcat== | |
| − | + | Version 2.09 | |
| − | |||
| − | |||
| − | |||
| − | + | ===Purpose=== | |
| − | + | Shows the contents of a journal block in the file system journal. The inode address of the journal can be given or the default location will be used. Note that the block address is a journal block address and not a file system block. The raw output is given to STDOUT. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | |||
| − | + | ===Usage=== | |
| − | + | jcat [-f fstype ] [-vV] [-i imgtype] [-o imgoffset] image [images] ] [inode] jblk | |
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | + | ===Options=== | |
| − | + | ||
| − | + | ||
| − | + | {| border="1" cellpadding="5" | |
| + | !Switch | ||
| + | !Purpose | ||
| + | |- | ||
| + | | -f ftype || Specify the file system type. Use -? to get a list of supported types. | ||
| + | |- | ||
| + | | -i imgtype || Identify the type of image file, such as raw or split. Raw is the default. | ||
| + | |- | ||
| + | | -o imgoffset || The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using ’@’ (32@2048). | ||
| + | |- | ||
| + | | -V || Display version | ||
| + | |- | ||
| + | | -v || verbose output | ||
| + | |- | ||
| + | | image || One (or more if split) disk or partition images whose format is given with ’-i’. | ||
| + | |- | ||
| + | | [inode] || The inode where the file system journal can be found. | ||
| + | |- | ||
| + | | jblk || The journal block to display. | ||
| + | |} | ||
| − | |||
| − | + | ===Example=== | |
| − | + | ''No example available.'' | |
| − | |||
| − | |||
| − | + | ===History=== | |
| + | jcat first appeared in The Sleuth Kit v1.73. | ||
| − | |||
| − | |||
| − | + | ===Author=== | |
| − | + | Brian Carrier <carrier@sleuthkit.org> | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
Revision as of 08:34, 18 November 2007
Back to Help Documents
jcat
Version 2.09
Purpose
Shows the contents of a journal block in the file system journal. The inode address of the journal can be given or the default location will be used. Note that the block address is a journal block address and not a file system block. The raw output is given to STDOUT.
Usage
jcat [-f fstype ] [-vV] [-i imgtype] [-o imgoffset] image [images] ] [inode] jblk
Options
| Switch | Purpose |
|---|---|
| -f ftype | Specify the file system type. Use -? to get a list of supported types. |
| -i imgtype | Identify the type of image file, such as raw or split. Raw is the default. |
| -o imgoffset | The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using ’@’ (32@2048). |
| -V | Display version |
| -v | verbose output |
| image | One (or more if split) disk or partition images whose format is given with ’-i’. |
| [inode] | The inode where the file system journal can be found. |
| jblk | The journal block to display. |
Example
No example available.
History
jcat first appeared in The Sleuth Kit v1.73.
Author
Brian Carrier <carrier@sleuthkit.org>
