Difference between revisions of "Jls"

Latest revision as of 18:36, 11 September 2008

jls lists the records and entries in a file system journal.

@@ Line 1: / Line 1: @@
 Back to [[Help Documents]]
-==jls==
+jls lists the records and entries in a file system journal.
-Version 2.09
-===Purpose===
+* [http://www.sleuthkit.org/sleuthkit/man/jls.html Automatically Updated man Page]
-Lists the records and entries in a file system journal.   If  inode is  given,  then  it will look there for a journal.  Otherwise, it will use the default location.  The output lists the  journal  block  number and a description.
-===Usage===
- jls  [-f fstype]  [-vV]  [-i imgtype] [-o imgoffset] image [images] [inode]
-===Options===
-{| border="1" cellpadding="5"
-!Switch
-!Purpose
-|-
-| -f ftype || Specify the file system type. Use -? to get a list of supported types.
-|-
-| -i imgtype || Identify the type of image file, such as raw or split. Raw is the default.
-|-
-| -o imgoffset || The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using ’@’ (32@2048).
-|-
-| -V || Display version
-|-
-| -v || verbose output
-|-
-| image [images] || One (or more if split) disk or partition images whose format is given with ’-i’.
-|-
-| [inode] || The inode where the file system journal can be found.
-|}
-===Example===
- jls -f linux-ext3 image.dd
-===History===
-jls first appeared in The Sleuth Kit v1.73.
-===Author===
-Brian Carrier <carrier@sleuthkit.org>