ffind

command
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 29, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Find forensic artifacts in mount points or on the live system.

Usage:

ffind [-rsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-Z ARCHIVE] [-L FILE] [MOUNT ...]

The flags are:

 -H algorithm
 	The hash algorithm to use.
 -Z archive
	The artifacts archive name.
 -L file
	The artifacts listing name.
 -r
	Output relative paths.
 -s
	System artifacts only.
 -u
	User artifacts only.
 -q
	Quiet mode.
 -h
	Show usage.
 -v
	Show version.

The arguments are:

 mount
	The image mount point(s) or the system root path(s).
	Defaults to STDIN, then %SYSTEMDRIVE% if not given.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL