MacTime

Description

mactime creates an ASCII time line of file activity based on the body file specified by ’-b’ or from STDIN. The time line is written to STDOUT. The body file must be in the time machine format that is created by ’ils -m’, ’fls -m’, or the mac-robber tool.

Usage

Syntax

mactime [-b body_file] [-p password_file] [-g group_file] [-i day|hour idx_file] [-d] [-h] [-V] [-y] [-z TIME_ZONE] [DATE]

Options

        -b: Specifies the body file location, else STDIN is used
	-d: Output timeline and index file in comma delimited format
	-h: Display a header with session information
	-i [day | hour] file: Specifies the index file with a summary of results
	-g: Specifies the group file location, else GIDs are used
	-p: Specifies the password file location, else UIDs are used
	-V: Prints the version to STDOUT
	-y: Dates have year first (yyyy/mm/dd) instead of (mm/dd/yyyy)
	-m: Dates have month as number instead of word (can be used with -y)
	-z: Specify the timezone the data came from (in the local system format)
	[DATE]: starting date (yyyy-mm-dd) or range (yyyy-mm-dd..yyyy-mm-dd)

Example

cyborg@cyborg:~$ mactime -h
The Sleuth Kit mactime Timeline
Input Source: STDIN
Use of uninitialized value $ENV{"TZ"} in string eq at /usr/local/bin/mactime line 432.
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?