Difference between revisions of "Fls"
From SleuthKitWiki
(Added v3 format and '-l' format.) |
(Removed body file format so that it could be its own page.) |
||
| Line 7: | Line 7: | ||
==Output Data== | ==Output Data== | ||
| − | The '-l' and '-m' arguments to fls cause each line of output to contain several pieces of information. | + | The '-l' and '-m' arguments to fls cause each line of output to contain several pieces of information. The '-m' argument causes the data to be in the [[body file]] format. |
| − | + | ||
| − | + | ||
| − | The | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
===Long Format=== | ===Long Format=== | ||
Revision as of 13:29, 26 October 2008
Back to Help Documents
fls lists the files and directory names in a file system and can display file names of recently deleted files for the directory using the given inode.
Output Data
The '-l' and '-m' arguments to fls cause each line of output to contain several pieces of information. The '-m' argument causes the data to be in the body file format.
Long Format
The '-l' argument causes the "long" format with more details. It is tab-delimited with the following fields:
- file type as reported in file name and metadata structure
- Metadata address
- name
- mtime (last modified time)
- atime (last accessed time)
- ctime (last changed time)
- crtime (created time)
- size
- uid
- gid
Note that the 2.X versions of TSK do not print the created time.
