Tsk comparedir

From SleuthKitWiki
Jump to: navigation, search

Back to Help Documents

tsk_comparedir will compare a local directory with an image or raw device. This is useful for detecting when a rootkit is hiding a file from the local directory hierarchy. TSK will be able to see the hidden files by parsing the raw content from the raw device. This can also be used for testing.