Provided by: sleuthkit_4.2.0-3_amd64 bug

NAME

       fiwalk - print the filesystem statistics and exit

SYNOPSIS

        fiwalk [options] iso-name

DESCRIPTION

       fiwalk  is  a  program that processes a disk image using the SleuthKit library and outputs
       its results in Digital Forensics XML, the Attribute Relationship File Format (ARFF) format
       used by the Weka Datamining Toolkit, or an easy-to-read textual format.

       This  application  uses  SleuthKit  to  generate a report of all of the files and orphaned
       inodes found in a disk image. It can optionally compute the MD5 of any objects, save those
       objects into a directory, or both.

OPTIONS

       -c config.txt
              read config.txt for metadata extraction tools

       -C nn  only process nn files, then do a clean exit

       Include/exclude parameters; may be repeated:

              -n pattern
                     only  match  files  for  which the filename matches the pattern. Example: -n
                     .jpeg -n .jpg will find all JPEG files.  Case is  ignored.  Will  not  match
                     orphan files.

       Ways to make this program run faster:

              -I     ignore NTFS system files

              -g     just report the file objects - don't get the data

              -O     only walk allocated files

              -b     do not report byte runs if data not accessed

              -z     do not calculate MD5 or SHA1 values

              -Gnn   Only  process  the  contents of files smaller than nn gigabytes (default 2).
                     Use -G0 to remove space restrictions.

       Ways to make this program run slower:

              -M     Report MD5 for each file (default on)

              -1     Report SHA1 for each file (default on)

              -f     Report the output of the 'file' command for each

       Output options: -m = Output in SleuthKit 'Body file' format

              -A<file>
                     ARFF output to <file>

              -X<file>
                     XML output to a <file> (full DTD)

              -X0    Write output to filename.xml

              -Z     zap (erase) the output file

              -x     XML output to stdout (no DTD)

              -T<file>
                     Walkfile output to <file>

              -a <audit.txt>
                     Read the scalpel audit.txt file

       Misc:

              -d     debug this program

              -v     Enable SleuthKit verbose flag

AUTHOR

       The Sleuth Kit was written by Brian Carrier <carrier@sleuthkit.org>.

       This manual page was written by Joao Eriberto Mota  Filho  <eriberto@debian.org>  for  the
       Debian project (but may be used by others).