|
|
| (3 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | Version 2.09 Man Page
| + | Back to [[Help Documents]] |
| | | | |
| − | NAME
| |
| − | ffind - Find the file or directory name that is using a given inode
| |
| | | | |
| − | SYNOPSIS
| + | ffind is used to map meta data structures to file names. It takes a meta data structure as input and searches for the corresponding file name that points to it. |
| − | ffind [-aduvV] [-f fstype] [-i imgtype] [-o imgoffset] image inode
| + | |
| | | | |
| − | DESCRIPTION
| + | * [http://www.sleuthkit.org/sleuthkit/man/ffind.html Automatically Updated man Page] |
| − | ffind finds the names of files or directories that use inode on image.
| + | |
| − | By default it only will only return the name it finds. This will also
| + | |
| − | show the names of deleted file names in some systems such as Linux and
| + | |
| − | OpenBSD.
| + | |
| − | | + | |
| − | The arguments are as follows:
| + | |
| − | | + | |
| − | image [images]
| + | |
| − | One (or more if split) disk or partition images whose format is
| + | |
| − | given with ’-i’.
| + | |
| − | | + | |
| − | inode Integer of inode to find.
| + | |
| − | | + | |
| − | The optional arguments are:
| + | |
| − | | + | |
| − | -a Find all occurrences of inode.
| + | |
| − | | + | |
| − | -d Find deleted entries only.
| + | |
| − | | + | |
| − | -f fstype
| + | |
| − | Identify the File System type of the image. Use the -? argument
| + | |
| − | for a list of supported file system types. If not given, the
| + | |
| − | default type for the platform is used.
| + | |
| − | | + | |
| − | -u Find undeleted entries only.
| + | |
| − | | + | |
| − | -i imgtype
| + | |
| − | Identify the type of image file, such as raw or split. Raw is
| + | |
| − | the default.
| + | |
| − | | + | |
| − | -o imgoffset
| + | |
| − | The sector offset where the file system starts in the image.
| + | |
| − | Non-512 byte sectors can be specified using ’@’ (32@2048).
| + | |
| − | | + | |
| − | -v Verbose output to stderr.
| + | |
| − | | + | |
| − | -V Display version.
| + | |
| − | | + | |
| − | This program searches all directory entries looking for the given
| + | |
| − | inode. This is useful when an inode has been identified from a disk
| + | |
| − | unit address using find_inode(1).
| + | |
| − | | + | |
| − | EXAMPLE
| + | |
| − | # ffind -a image 212
| + | |
| − | | + | |
| − | SEE ALSO
| + | |
| − | dd(1), ifind(1)
| + | |
| − | | + | |
| − | HISTORY
| + | |
| − | ffind first appeared in TCTUTILs v1.0 as find_file.
| + | |
| − | | + | |
| − | AUTHOR
| + | |
| − | Brian Carrier <carrier@sleuthkit.org>
| + | |
Latest revision as of 19:15, 11 September 2008
Back to Help Documents
ffind is used to map meta data structures to file names. It takes a meta data structure as input and searches for the corresponding file name that points to it.
