Jls
From SleuthKitWiki
Back to Help Documents
jls
Version 2.09
Purpose
Lists the records and entries in a file system journal. If inode is given, then it will look there for a journal. Otherwise, it will use the default location. The output lists the journal block number and a description.
Usage
jls [-f fstype] [-vV] [-i imgtype] [-o imgoffset] image [images] [inode]
Options
| Switch | Purpose |
|---|---|
| -f ftype | Specify the file system type. Use -? to get a list of supported types. |
| -i imgtype | Identify the type of image file, such as raw or split. Raw is the default. |
| -o imgoffset | The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using ’@’ (32@2048). |
| -V | Display version |
| -v | verbose output |
| image [images] | One (or more if split) disk or partition images whose format is given with ’-i’. |
| [inode] | The inode where the file system journal can be found. |
Example
jls -f linux-ext3 image.dd
History
jls first appeared in The Sleuth Kit v1.73.
Author
Brian Carrier <carrier@sleuthkit.org>
