Difference between revisions of "The Sleuth Kit commands"

From SleuthKitWiki
Jump to: navigation, search
(Get a refreshed list)
(Get a refreshed list)
Line 35: Line 35:
  
 
You should use the above command to refresh the list.
 
You should use the above command to refresh the list.
 +
<br><br>
 +
== Short-cut ==
 +
 +
This page can be accessed through the following short url: http://bit.ly/tsk-commands.
 
<br><br>
 
<br><br>

Revision as of 07:16, 31 March 2011

The TSK commands list

  • blkcalc - Converts between unallocated disk unit numbers and regular disk unit numbers.
  • blkcat - Display the contents of file system data unit in a disk image.
  • blkls - List or output file system data units.
  • blkstat - Display details of a file system data unit (i.e. block or sector).
  • ffind - Finds the name of the file or directory using a given inode.
  • fls - List file and directory names in a disk image.
  • fsstat - Display general details of a file system.
  • hfind - Lookup a hash value in a hash database.
  • icat-sleuthkit - Output the contents of a file based on its inode number.
  • ifind - Find the meta-data structure that has allocated a given disk unit or file name.
  • ils-sleuthkit - List inode information.
  • img_cat - Output contents of an image file.
  • img_stat - Display details of an image file.
  • istat - Display details of a meta-data structure (i.e. inode).
  • jcat - Show the contents of a block in the file system journal.
  • jls - List the contents of a file system journal.
  • mactime-sleuthkit - Create an ASCII time line of file activity.
  • mmcat - Output the contents of a partition to stdout.
  • mmls - Display the partition layout of a volume system (partition tables).
  • mmstat - Display details about the volume system (partition tables).
  • sigfind - Find a binary signature in a file.
  • sorter - Sort files in an image into categories based on file type.
  • srch_strings - Display printable strings in files.


Get a refreshed list

The list put in this page was created by a shell Bash command to show the basic function of the each TSK command.

The command used (in Debian) was:

eriberto@canopus~$ dpkg -L sleuthkit | grep /usr/bin/ | cut -d"/" -f4 | sort | xargs whatis -l | sed 's/^/*<strong>/; s/ (1)/<\/strong>/; s/$/./' | tr -s . | tr -s " "

You should use the above command to refresh the list.

Short-cut

This page can be accessed through the following short url: http://bit.ly/tsk-commands.