Difference between revisions of "The Sleuth Kit commands"
From SleuthKitWiki
(→Get a refreshed list) |
|||
Line 8: | Line 8: | ||
*<strong>fls</strong> - List file and directory names in a disk image. | *<strong>fls</strong> - List file and directory names in a disk image. | ||
*<strong>fsstat</strong> - Display general details of a file system. | *<strong>fsstat</strong> - Display general details of a file system. | ||
− | *<strong>hfind</strong> - Lookup a hash value in a hash database. | + | *<strong>hfind</strong> - Lookup a hash value in a hash database. [http://www.uninstallersoftware.net/ uninstall google chrome] |
*<strong>icat-sleuthkit</strong> - Output the contents of a file based on its inode number. | *<strong>icat-sleuthkit</strong> - Output the contents of a file based on its inode number. | ||
*<strong>ifind</strong> - Find the meta-data structure that has allocated a given disk unit or file name. | *<strong>ifind</strong> - Find the meta-data structure that has allocated a given disk unit or file name. |
Revision as of 01:13, 16 March 2012
The TSK commands list
- blkcalc - Converts between unallocated disk unit numbers and regular disk unit numbers.
- blkcat - Display the contents of file system data unit in a disk image.
- blkls - List or output file system data units.
- blkstat - Display details of a file system data unit (i.e. block or sector).
- ffind - Finds the name of the file or directory using a given inode.
- fls - List file and directory names in a disk image.
- fsstat - Display general details of a file system.
- hfind - Lookup a hash value in a hash database. uninstall google chrome
- icat-sleuthkit - Output the contents of a file based on its inode number.
- ifind - Find the meta-data structure that has allocated a given disk unit or file name.
- ils-sleuthkit - List inode information.
- img_cat - Output contents of an image file.
- img_stat - Display details of an image file.
- istat - Display details of a meta-data structure (i.e. inode).
- jcat - Show the contents of a block in the file system journal.
- jls - List the contents of a file system journal.
- mactime-sleuthkit - Create an ASCII time line of file activity.
- mmcat - Output the contents of a partition to stdout.
- mmls - Display the partition layout of a volume system (partition tables).
- mmstat - Display details about the volume system (partition tables).
- sigfind - Find a binary signature in a file.
- sorter - Sort files in an image into categories based on file type.
- srch_strings - Display printable strings in files.
Get a refreshed list
The list put in this page was created by a shell Bash command to show the basic function of the each TSK command.
The command used (in Debian) was:
eriberto@canopus~$ dpkg -L sleuthkit | grep /usr/bin/ | cut -d"/" -f4 | sort | xargs whatis -l | sed 's/^/*<strong>/; s/ (1)/<\/strong>/; s/$/./' | tr -s . | tr -s " "
You should use the above command to refresh the list.
Short-cut
This page can be accessed through the following short url: http://bit.ly/tsk-commands.