ffind

command
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Find forensic artifacts in mount points or on the live system.

Usage: 

ffind [-rsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-Z ARCHIVE] [-L FILE] [MOUNT ...]

The flags are: 

 -H algorithm
 	The hash algorithm to use.
 -Z archive
	The artifacts archive name.
 -L file
	The artifacts listing name.
 -r
	Output relative paths.
 -s
	System artifacts only.
 -u
	User artifacts only.
 -q
	Quiet mode.
 -h
	Show usage.
 -v
	Show version.

The arguments are: 

 mount
	The image mount point(s) or the system root path(s).
	Defaults to STDIN, then %SYSTEMDRIVE% if not given.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.