API tools faq
paste
Advertisement
xe1phix

Xe1phix-[Sleuthkit]-Cheatsheet-[v4.5.84].sh

xe1phix
Oct 6th, 2022 (edited)
873
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.89 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  4.         fsstat $Image.dd                            ## fsstat - Displays details about the file system
  5. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  6.         blkcat $Image.dd $BlockNum                  ## blkcat - Displays the contents of a disk block
  7. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  8.         blkls $Image.dd > $Imagefile.blkls          ## blkls - Lists contents of deleted disk blocks
  9. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  10.         blkcalc $Image.dd -u $BlklsNum              ## blkcalc - Maps between dd images and blkls results
  11. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  12.         blkstat $Image.dd $ClusterNum               ## blkstat - Display allocation status of block
  13. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  14.         istat $Image.dd $InodeNum                   ## istat - Displays information about a specific inode
  15. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  16.         icat $Image.dd $InodeNum                    ## icat - Displays contents of blocks allocated to an inode
  17. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  18.         istat /dev/$Disk                            ## Use The Sleuth Kit to view file informaMon
  19. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  20.         ifind $Image.dd –d $InodeNum              ## ifind - Determine which inode contains a specific block
  21. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  22.         ils $Image.dd                               ## ils - Displays inode details
  23. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  24.         fls -rpd $Image.dd                          ## fls - Displays deleted file entries in a directory inode
  25. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  26.         ffind $Image.dd $InodeNum                   ## ffind - Find the filename that using the inode
  27. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  28.         sigfind $HexValue -o $Offset                ## sigfind - search for a binary value at a given offset (-o)
  29. ## ---------------------------------------------------------------------------------------------------------------------------- ##
  30.  
  31.  
Tags: ParrotSec forensics DFIR sleuthkit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!