ffind

command
v0.30.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2024 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Find forensic artifacts in mount points or on the live system.

Usage: 

ffind [-rcsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-C CSV] [-Z ZIP] [MOUNT ...]

The flags are: 

 -H algorithm
 	The hash algorithm to use.
 -C file
	The artifacts csv listing name.
 -Z archive
	The artifacts zip archive name.
 -r
	Output relative paths.
 -c
	Use volume shadow copy.
 -s
	System artifacts only.
 -u
	User artifacts only.
 -q
	Quiet mode.
 -h
	Show usage.
 -v
	Show version.

The arguments are: 

 mount
	The image mount point(s) or the system root path(s).
	Defaults to STDIN, then %SYSTEMDRIVE% if not given.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.