weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
kaliwiki/tools/tsk_gettimes.md
Stefan Molls 788305a83e Added forensics section
2014-04-23 10:38:32 -05:00

32 lines
968 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# tsk_gettimes
Notes
-------
tsk_gettimes examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls -m' on each file system). The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file.
Help Text
-------
```
usage: tsk_gettimes [-vV] [-i imgtype] [-b dev_sector_size] [-z zone] [-s seconds] image [image]
-i imgtype: The format of the image file (use '-i list' for supported types)
-b dev_sector_size: The size (in bytes) of the device sectors
-v: verbose output to stderr
-V: Print version
-z: Time zone of original machine (i.e. EST5EDT or GMT) (only useful with -l)
-s seconds: Time skew of original machine (in seconds) (only useful with -l & -m)
```
Example Usage
-------
To collect data about image image.dd:
```
# tsk_gettimes ./image.dd > body.txt
```
Links
-------
Reference in New Issue View Git Blame Copy Permalink