diff --git a/forensics/index.md b/forensics/index.md index 2e71ecc..0a62aff 100644 --- a/forensics/index.md +++ b/forensics/index.md @@ -107,7 +107,7 @@ Forensic Imaging Tools * [guymager](../tools/guymager.md) * [img_cat](../tools/img_cat.md) * [img_stat](../tools/img_stat.md) - * [mmls](../tools/mmls.md) <------ I STOPPED HERE !!! + * [mmls](../tools/mmls.md) * [mmstat](../tools/mmstat.md) * [tsk_gettimes](../tools/tsk_gettimes.md) diff --git a/tools/affstats.md b/tools/affstats.md index 92ad8d4..cf898c7 100644 --- a/tools/affstats.md +++ b/tools/affstats.md @@ -1,4 +1,4 @@ -# Template placeholder +# affstats Notes ------- diff --git a/tools/autopsy.md b/tools/autopsy.md index 65d1ca4..5fc14c3 100644 --- a/tools/autopsy.md +++ b/tools/autopsy.md @@ -7,7 +7,13 @@ Autopsy® is a digital forensics platform and graphical interface to The Sleuth Help Text ------- ``` - +usage: /usr/bin/autopsy [-c] [-C] [-d evid_locker] [-i device filesystem mnt] [-p port] [remoteaddr] + -c: force a cookie in the URL + -C: force NO cookie in the URL + -d dir: specify the evidence locker directory + -i device filesystem mnt: Specify info for live analysis + -p port: specify the server port (default: 9999) + remoteaddr: specify the host with the browser (default: localhost) ``` Example Usage diff --git a/tools/blkcat.md b/tools/blkcat.md index 26a4e8b..d9bd0f9 100644 --- a/tools/blkcat.md +++ b/tools/blkcat.md @@ -1,16 +1,39 @@ -# Template placeholder +# blkcat Notes ------- +blkcat displays num data units (default is one) starting at the unit address unit_addr from image to stdout in different formats (default is raw). blkcat was called dcat in TSK versions prior to 3.0.0. + Help Text ------- ``` +usage: blkcat [-ahsvVw] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] [-u usize] image [images] unit_addr [num] + -a: displays in all ASCII + -h: displays in hexdump-like fashion + -i imgtype: The format of the image file (use '-i list' for supported types) + -b dev_sector_size: The size (in bytes) of the device sectors + -o imgoffset: The offset of the file system in the image (in sectors) + -f fstype: File system type (use '-f list' for supported types) + -s: display basic block stats such as unit size, fragments, etc. + -v: verbose output to stderr + -V: display version + -w: displays in web-like (html) fashion + -u usize: size of each data unit in image (for raw, blkls, swap) + [num] is the number of data units to display (default is 1) + ``` Example Usage ------- +``` + # blkcat -hw image 264 4 +``` +or +``` + # blkcat -hw image 264 +``` Links ------- diff --git a/tools/dff-gui.md b/tools/dff-gui.md index 9969d87..56652d8 100644 --- a/tools/dff-gui.md +++ b/tools/dff-gui.md @@ -6,6 +6,7 @@ Notes Help Text ------- ``` +GUI for the Digital Forensics Framework. ``` Example Usage @@ -14,4 +15,4 @@ Just execute "dff-gui" to open the GUI environment Links ------- - +[1] http://www.digital-forensic.org/ diff --git a/tools/ffind.md b/tools/ffind.md index 24aa5bb..9936e95 100644 --- a/tools/ffind.md +++ b/tools/ffind.md @@ -5,7 +5,8 @@ Notes Help Text ------- -`usage: ffind [-aduvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] image [images] inode +``` +usage: ffind [-aduvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] image [images] inode -a: Find all occurrences -d: Find deleted entries ONLY -u: Find undeleted entries ONLY @@ -15,7 +16,6 @@ Help Text -o imgoffset: The offset of the file system in the image (in sectors) -v: Verbose output to stderr -V: Print version -`` ``` diff --git a/tools/fsstat.md b/tools/fsstat.md index 9459c5b..ff7c611 100644 --- a/tools/fsstat.md +++ b/tools/fsstat.md @@ -19,7 +19,7 @@ usage: fsstat [-tvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset Example Usage ------- -Example from wiki.sleithkit.org [2] +Example from wiki.sleuthkit.org [2] ``` # fsstat images/hda1.dd FILE SYSTEM INFORMATION diff --git a/tools/guymager.md b/tools/guymager.md index a96f350..3f1211e 100644 --- a/tools/guymager.md +++ b/tools/guymager.md @@ -7,8 +7,7 @@ GUYMAGER is a Linux-based GUI forensic imaging tool Help Text ------- ``` - - +A GUI based forensic imaging tool. ``` Example Usage