Difference between revisions of "Tsk comparedir"

From SleuthKitWiki
Jump to: navigation, search
(Created page with "Back to Help Documents tsk_comparedir will compare a local directory with an image or raw device. This is useful for detecting when a rootkit is hiding a file from the loca...")
 
(No difference)

Latest revision as of 19:23, 27 October 2010

Back to Help Documents

tsk_comparedir will compare a local directory with an image or raw device. This is useful for detecting when a rootkit is hiding a file from the local directory hierarchy. TSK will be able to see the hidden files by parsing the raw content from the raw device. This can also be used for testing.

Retrieved from "https://wiki.sleuthkit.org/index.php?title=Tsk_comparedir&oldid=507"