Finetuning forensics entries

2025-10-29 16:59:26 +00:00 · 2014-04-24 09:07:38 -05:00 · 2014-04-24 09:07:38 -05:00 · 4b1192fceb
commit 4b1192fceb
parent 7ba357c543
8 changed files with 39 additions and 10 deletions
--- a/forensics/index.md
+++ b/forensics/index.md
@ -107,7 +107,7 @@ Forensic Imaging Tools
 * [guymager](../tools/guymager.md)
 * [img_cat](../tools/img_cat.md)
 * [img_stat](../tools/img_stat.md)
- * [mmls](../tools/mmls.md) <------ I STOPPED HERE !!!
+ * [mmls](../tools/mmls.md)
 * [mmstat](../tools/mmstat.md)
 * [tsk_gettimes](../tools/tsk_gettimes.md)

--- a/tools/affstats.md
+++ b/tools/affstats.md
@ -1,4 +1,4 @@
-# Template placeholder
+# affstats

 Notes
 -------
--- a/tools/autopsy.md
+++ b/tools/autopsy.md
@ -7,7 +7,13 @@ Autopsy® is a digital forensics platform and graphical interface to The Sleuth
 Help Text
 -------
 ```
-
+usage: /usr/bin/autopsy [-c] [-C] [-d evid_locker] [-i device filesystem mnt] [-p port] [remoteaddr]
+  -c: force a cookie in the URL
+  -C: force NO cookie in the URL
+  -d dir: specify the evidence locker directory
+  -i device filesystem mnt: Specify info for live analysis
+  -p port: specify the server port (default: 9999)
+  remoteaddr: specify the host with the browser (default: localhost)
 ```

 Example Usage
--- a/tools/blkcat.md
+++ b/tools/blkcat.md
@ -1,16 +1,39 @@
-# Template placeholder
+# blkcat

 Notes
 -------
+blkcat displays num data units (default is one) starting at the unit address unit_addr from image to stdout in different formats (default is raw). blkcat was called dcat in TSK versions prior to 3.0.0.
+

 Help Text
 -------
 ```
+usage: blkcat [-ahsvVw] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] [-u usize] image [images] unit_addr [num]
+	-a: displays in all ASCII 
+	-h: displays in hexdump-like fashion
+	-i imgtype: The format of the image file (use '-i list' for supported types)
+	-b dev_sector_size: The size (in bytes) of the device sectors
+	-o imgoffset: The offset of the file system in the image (in sectors)
+	-f fstype: File system type (use '-f list' for supported types)
+	-s: display basic block stats such as unit size, fragments, etc.
+	-v: verbose output to stderr
+	-V: display version
+	-w: displays in web-like (html) fashion
+	-u usize: size of each data unit in image (for raw, blkls, swap)
+	[num] is the number of data units to display (default is 1)
+

 ```

 Example Usage
 -------
+```
+ # blkcat -hw image 264 4
+```
+or 
+```
+ # blkcat -hw image 264
+```

 Links
 -------
--- a/tools/dff-gui.md
+++ b/tools/dff-gui.md
@ -6,6 +6,7 @@ Notes
 Help Text
 -------
 ```
+GUI for the Digital Forensics Framework.
 ```

 Example Usage
@ -14,4 +15,4 @@ Just execute "dff-gui" to open the GUI environment

 Links
 -------
-
+[1] http://www.digital-forensic.org/
--- a/tools/ffind.md
+++ b/tools/ffind.md
@ -5,7 +5,8 @@ Notes

 Help Text
 -------
-`usage: ffind [-aduvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] image [images] inode
+```
+usage: ffind [-aduvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] image [images] inode
 	-a: Find all occurrences
 	-d: Find deleted entries ONLY
 	-u: Find undeleted entries ONLY
@ -15,7 +16,6 @@ Help Text
 	-o imgoffset: The offset of the file system in the image (in sectors)
 	-v: Verbose output to stderr
 	-V: Print version
-``

 ```

--- a/tools/fsstat.md
+++ b/tools/fsstat.md
@ -19,7 +19,7 @@ usage: fsstat [-tvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset

 Example Usage
 -------
-Example from wiki.sleithkit.org [2]
+Example from wiki.sleuthkit.org [2]
 ```
    # fsstat images/hda1.dd
    FILE SYSTEM INFORMATION
--- a/tools/guymager.md
+++ b/tools/guymager.md
@ -7,8 +7,7 @@ GUYMAGER is a Linux-based GUI forensic imaging tool
 Help Text
 -------
 ```
-
-
+A GUI based forensic imaging tool.
 ```

 Example Usage