ffind

command
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Find forensic artifacts in a mount point or on the live system.

Usage:

ffind [-rsuqhv] [-H CRC32|MD5|SHA1|SHA256|SHA512] [-Z ARCHIVE] [-F FILE] [SYSROOT]

The flags are:

 -H algorithm
 	The hash algorithm to use.
 -Z archive
	The artifacts archive name.
 -F file
	The filename to write also.
 -r
	Output relative paths.
 -s
	System artifacts only.
 -u
	User artifacts only.
 -q
	Quiet mode.
 -h
	Show usage.
 -v
	Show version.

The arguments are:

 sysroot
	The systems root path or image mount point.
	Defaults to STDIN, then %SYSTEMDRIVE% if not given.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL