|
|
| (3 intermediate revisions by one user not shown) |
| Line 1: |
Line 1: |
| | Back to [[Help Documents]] | | Back to [[Help Documents]] |
| | | | |
| − | ==dcat==
| + | blkcat is used to output the contents of a specific [[data unit]] in a file system. It takes a data unit address as input and outputs the contents to STDOUT. It used to be called dcat. |
| − | Version 2.09
| + | |
| | | | |
| − | | + | * [http://www.sleuthkit.org/sleuthkit/man/blkcat.html Automatically Updated man Page] |
| − | ===Purpose===
| + | |
| − | Displays num data units (default is one) starting at the unit address unit_addr from image to stdout in different formats (default is raw). The image should be created using dd(1).
| + | |
| − | | + | |
| − | | + | |
| − | ===Usage===
| + | |
| − | | + | |
| − | dcat [-ahswvV] [-f fstype] [-u unit_size] [-i imgtype] [-o imgoffset] image [images] unit_addr [num]
| + | |
| − | | + | |
| − | ===Options===
| + | |
| − | | + | |
| − | {| border="1" cellpadding="5"
| + | |
| − | !Switch
| + | |
| − | !Purpose
| + | |
| − | |-
| + | |
| − | | -a || Display the contents in ASCII
| + | |
| − | |-
| + | |
| − | | -f || Specify image as a specific file type. If ’swap’ is given here, the image will be displayed in pages of size 4096 bytes. If ’raw’ is given, then 512-bytes is used as the default size. The ’-u’ flag can change the default size. Use the -? argument to display supported types. If not given, the default type for the platform is used.
| + | |
| − | |-
| + | |
| − | | -h || Display the contents in hexdump
| + | |
| − | |-
| + | |
| − | | -s || Display statistics on the image (unit size, file block size, and number of fragments).
| + | |
| − | |-
| + | |
| − | | -u || Specify the size of the default data unit for raw, dls, and swap images.
| + | |
| − | |-
| + | |
| − | | -i imgtype || Identify the type of image file, such as raw or split. Raw is the default.
| + | |
| − | |-
| + | |
| − | | -o imgoffset || The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using ’@’ (32@2048).
| + | |
| − | |-
| + | |
| − | | -v || Verbose output to stderr.
| + | |
| − | |-
| + | |
| − | | -V || Display version.
| + | |
| − | |-
| + | |
| − | | -w || Display the contents in an HTML table format.
| + | |
| − | |-
| + | |
| − | | image [images] || One (or more if split) disk or partition images whose format is given with ’-i’.
| + | |
| − | |-
| + | |
| − | | unit_addr || Address of the disk unit to display. The size of a unit on this file system can be determined using the -s option.
| + | |
| − | |-
| + | |
| − | | num || Number of data units to display.
| + | |
| − | |}
| + | |
| − | | + | |
| − | | + | |
| − | ===Example===
| + | |
| − | # dcat -hw image 264 4
| + | |
| − | or
| + | |
| − | # dcat -hw image 264
| + | |
| − | | + | |
| − | | + | |
| − | ===History===
| + | |
| − | dcat first appeared in TCTUTILs v1.0 as bcat.
| + | |
| − | | + | |
| − | | + | |
| − | ===Author===
| + | |
| − | Brian Carrier <carrier@sleuthkit.org>
| + | |
