ffind

command
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Find forensic artifacts in a mount point or on the live system.

Usage: 

ffind [-rsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-Z ARCHIVE] [-F FILE] [SYSROOT]

The flags are: 

 -H algorithm
 	The hash algorithm to use.
 -Z archive
	The artifacts archive name.
 -F file
	The filename to write also.
 -r
	Output relative paths.
 -s
	System artifacts only.
 -u
	User artifacts only.
 -q
	Quiet mode.
 -h
	Show usage.
 -v
	Show version.

The arguments are: 

 sysroot
	The systems root path or image mount point.
	Defaults to STDIN, then %SYSTEMDRIVE% if not given.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.