Tsk comparedir

From SleuthKitWiki
Revision as of 19:23, 27 October 2010 by Carrier (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Back to Help Documents

tsk_comparedir will compare a local directory with an image or raw device. This is useful for detecting when a rootkit is hiding a file from the local directory hierarchy. TSK will be able to see the hidden files by parsing the raw content from the raw device. This can also be used for testing.

Retrieved from "http://wiki.sleuthkit.org/index.php?title=Tsk_comparedir&oldid=507"