ILS

Description

ils opens the named image(s) and lists inode information. By default, it lists only the inodes of removed files. It is a part of The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command  line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive  fashion. Because the tools do not rely on the operating system to process the  file systems, deleted and hidden content is shown.

Usage

Syntax

ils [-emOpvV] [-aAlLzZ] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] [-s seconds] image [images] [inum[-end]]

Options

        -e: Display all inodes
	-m: Display output in the mactime format
	-O: Display inodes that are unallocated, but were sill open (UFS/ExtX only)
	-p: Display orphan inodes (unallocated with no file name)
	-s seconds: Time skew of original machine (in seconds)
	-a: Allocated inodes
	-A: Unallocated inodes
	-l: Linked inodes
	-L: Unlinked inodes
	-z: Unused inodes (ctime is 0)
	-Z: Used inodes (ctime is not 0)
	-i imgtype: The format of the image file (use '-i list' for supported types)
	-b dev_sector_size: The size (in bytes) of the device sectors
	-f fstype: File system type (use '-f list' for supported types)
	-o imgoffset: The offset of the file system in the image (in sectors)
	-v: verbose output to stderr
	-V: Display version number

Example

cyborg@cyborg:~$ ils -e image.dd 
class|host|device|start_time
ils|cyborg||1446032445
st_ino|st_alloc|st_uid|st_gid|st_mtime|st_atime|st_ctime|st_crtime|st_mode|st_nlink|st_size
0|a|0|0|1339087621|1339087621|1339087621|1339087621|555|1|262144
1|a|0|0|1339087621|1339087621|1339087621|1339087621|555|1|4096
2|a|0|0|1339087621|1339087621|1339087621|1339087621|555|1|2097152
3|a|48|0|1339087621|1339087621|1339087621|1339087621|555|1|0
4|a|48|0|1339087621|1339087621|1339087621|1339087621|555|1|2560
5|a|48|0|1434949085|1434949085|1434949085|1339087621|555|1|56
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?