Difference between revisions of "Jcat"

From SleuthKitWiki
Jump to: navigation, search
m (Reformatted)
(Updated man page link.)
 
Line 1: Line 1:
 
Back to [[Help Documents]]
 
Back to [[Help Documents]]
  
==jcat==
+
jcat shows the contents of a journal block in the file system  journal.
Version 2.09
+
  
 
+
* [http://www.sleuthkit.org/sleuthkit/man/jcat.html Automatically Updated man Page]
===Purpose===
+
Shows the contents of a journal block in the file system  journal. The  inode  address of the journal can be given or the default location will be used. Note that the block address is a journal  block  address and not a file system block.  The raw output is given to STDOUT.
+
 
+
 
+
===Usage===
+
jcat [-f fstype ] [-vV] [-i imgtype] [-o imgoffset] image [images] ] [inode] jblk
+
 
+
 
+
===Options===
+
 
+
{| border="1" cellpadding="5"
+
!Switch
+
!Purpose
+
|-
+
| -f ftype || Specify the file system type. Use -? to get a list of supported types.
+
|-
+
| -i imgtype || Identify the type of image file, such as raw or split. Raw is the default.
+
|-
+
| -o imgoffset || The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using ’@’ (32@2048).
+
|-
+
| -V || Display version
+
|-
+
| -v || verbose output
+
|-
+
| image || One (or more if split) disk or partition images whose format is given with ’-i’.
+
|-
+
| [inode] || The inode where the file system journal can be found.
+
|-
+
| jblk || The journal block to display.
+
|}
+
 
+
 
+
===Example===
+
''No example available.''
+
 
+
 
+
===History===
+
jcat first appeared in The Sleuth Kit v1.73.
+
 
+
 
+
===Author===
+
Brian Carrier <carrier@sleuthkit.org>
+

Latest revision as of 19:34, 11 September 2008

Back to Help Documents

jcat shows the contents of a journal block in the file system journal.