JLS

Description

jls lists the records and entries in a file system journal. If inode is given, then it will look there for a journal. Otherwise, it will use the default location. The output lists the journal block number and a description.It is a part of The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command  line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive  fashion. Because the tools do not rely on the operating system to process the  file systems, deleted and hidden content is shown. The volume system (media management) tools allow you to examine the layout of  disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions  (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and  extract them so that they can be analyzed with file system analysis tools.

Usage

Syntax

jls [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] [-vV] image [inode]

Options

        -i imgtype: The format of the image file (use '-i list' for supported types)
	-b dev_sector_size: The size (in bytes) of the device sectors
	-f fstype: File system type (use '-f list' for supported types)
	-o imgoffset: The offset of the file system in the image (in sectors)
	-v: verbose output to stderr
	-V: print version jls 

Example

cyborg@cyborg:~$ sudo jls -v  -f ntfs /dev/sda1 10
tsk_img_open: Type: 0   NumImg: 1  Img1: /dev/sda1
raw_read: byte offset: 0 len: 65536
ntfs_dinode_lookup: Processing MFT 0
raw_read: byte offset: 34951168 len: 65536
ntfs_proc_attrseq: Processing extended entry for primary entry 0
ntfs_proc_attrseq: Resident Attribute in Type: 16 Id: 0 IdNew: 0 Name: 
ntfs_proc_attrseq: Resident Attribute in Type: 48 Id: 3 IdNew: 3 Name: 
ntfs_proc_attrseq: Non-Resident Attribute Type: 128 Id: 1 IdNew: 1 Name:   Start VCN: 0
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?