xenial (1) fiwalk.1.gz

Provided by: sleuthkit_4.2.0-3_amd64 bug

NAME

       fiwalk - print the filesystem statistics and exit

SYNOPSIS

        fiwalk [options] iso-name

DESCRIPTION

       fiwalk  is  a  program that processes a disk image using the SleuthKit library and outputs its results in
       Digital Forensics XML, the Attribute Relationship File Format (ARFF) format used by the  Weka  Datamining
       Toolkit, or an easy-to-read textual format.

       This  application  uses SleuthKit to generate a report of all of the files and orphaned inodes found in a
       disk image. It can optionally compute the MD5 of any objects, save those objects  into  a  directory,  or
       both.

OPTIONS

       -c config.txt
              read config.txt for metadata extraction tools

       -C nn  only process nn files, then do a clean exit

       Include/exclude parameters; may be repeated:

              -n pattern
                     only match files for which the filename matches the pattern. Example: -n .jpeg -n .jpg will
                     find all JPEG files.  Case is ignored. Will not match orphan files.

       Ways to make this program run faster:

              -I     ignore NTFS system files

              -g     just report the file objects - don't get the data

              -O     only walk allocated files

              -b     do not report byte runs if data not accessed

              -z     do not calculate MD5 or SHA1 values

              -Gnn   Only process the contents of files smaller than nn gigabytes (default 2). Use -G0 to remove
                     space restrictions.

       Ways to make this program run slower:

              -M     Report MD5 for each file (default on)

              -1     Report SHA1 for each file (default on)

              -f     Report the output of the 'file' command for each

       Output options: -m = Output in SleuthKit 'Body file' format

              -A<file>
                     ARFF output to <file>

              -X<file>
                     XML output to a <file> (full DTD)

              -X0    Write output to filename.xml

              -Z     zap (erase) the output file

              -x     XML output to stdout (no DTD)

              -T<file>
                     Walkfile output to <file>

              -a <audit.txt>
                     Read the scalpel audit.txt file

       Misc:

              -d     debug this program

              -v     Enable SleuthKit verbose flag

AUTHOR

       The Sleuth Kit was written by Brian Carrier <carrier@sleuthkit.org>.

       This  manual  page  was  written by Joao Eriberto Mota Filho <eriberto@debian.org> for the Debian project
       (but may be used by others).