mirror of
https://github.com/mubix/kaliwiki.git
synced 2025-10-29 16:59:26 +00:00
2.3 KiB
2.3 KiB
mactime-sleuthkit
Notes
mactime - Create an ASCII time line of file activity
Help Text
SYNOPSIS
mactime [-b body ] [-g group file ] [-p password file ] [-i (day|hour) index file ] [-dhmVy] [-z TIME_ZONE ] [DATE_RANGE]
DESCRIPTION
mactime creates an ASCII time line of file activity based on the body file specified by '-b' or from STDIN. The time line is written to STDOUT. The body file must be in the time machine format
that is created by 'ils -m', 'fls -m', or the mac-robber tool.
ARGUMENTS
-b body
Specify the location of a body file. This file must be generated by a tool such as 'fls -m'
or 'ils -m'.
The 'mac-robber' and 'grave-robber' tools can also be used to generate the file.
-g group file
Specify the location of the group file. mactime will display the group name instead
of the GID if this is given.
-p password file
Specify the location of the passwd file. mactime will display the user name instead
of the UID of this is given.
-i day|hour index file
Specify the location of an index file to write to. The first argument specifies the
granularity, either an hourly summary or daily. If the ´-d´ flag is given, then the summary
will be separated by a ',' to import into a spread sheet.
-d Display timeline and index files in comma delimited format. This is used to
import the data into a spread sheet for presentations or graphs.
-h Display header info about the session including time range, input source,
and passwd or group files.
-V Display version to STDOUT.
-m The month is given as a number instead of name.
-y The date range is given with the year first.
-z TIME_ZONE
The timezone from where the data was collected. The name of this argument is system
dependent (examples include EST5EDT, GMT+1).
DATE_RANGE
The range of dates to make the time line for. The standard format is yyyy-mm-dd
for a starting date and no ending date. For an ending date, use yyyy-mm-dd..yyyy-mm-dd.