Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9211 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

FIWALK(1)	   Print the file system statistics and exit	     FIWALK(1)

NAME
       fiwalk - print the filesystem statistics and exit

SYNOPSIS
	fiwalk [options] iso-name

DESCRIPTION
       fiwalk  is  a  program  that processes a disk image using the SleuthKit
       library and outputs its results in Digital Forensics XML, the Attribute
       Relationship  File  Format  (ARFF)  format  used by the Weka Datamining
       Toolkit, or an easy-to-read textual format.

       This application uses SleuthKit to generate a  report  of  all  of  the
       files and orphaned inodes found in a disk image. It can optionally com‐
       pute the MD5 of any objects, save those objects into  a	directory,  or
       both.

OPTIONS
       -c config.txt
	      read config.txt for metadata extraction tools

       -C nn  only process nn files, then do a clean exit

Include/exclude parameters; may be repeated:

       -n pattern
	      only  match  files  for  which the filename matches the pattern.
	      Example: -n .jpeg -n .jpg will find all  JPEG  files.   Case  is
	      ignored. Will not match orphan files.

Ways to make this program run faster:

       -I     ignore NTFS system files

       -g     just report the file objects - don't get the data

       -O     only walk allocated files

       -b     do not report byte runs if data not accessed

       -z     do not calculate MD5 or SHA1 values

       -Gnn   Only  process  the  contents  of files smaller than nn gigabytes
	      (default 2). Use -G0 to remove space restrictions.

Ways to make this program run slower:

       -M     Report MD5 for each file (default on)

       -1     Report SHA1 for each file (default on)

       -f     Report the output of the 'file' command for each

Output options: -m = Output in SleuthKit 'Body file' format

       -A<file>
	      ARFF output to <file>

       -X<file>
	      XML output to a <file> (full DTD)

       -X0    Write output to filename.xml

       -Z     zap (erase) the output file

       -x     XML output to stdout (no DTD)

       -T<file>
	      Walkfile output to <file>

       -a <audit.txt>
	      Read the scalpel audit.txt file

Misc:

       -d     debug this program

       -v     Enable SleuthKit verbose flag

AUTHOR
       The Sleuth Kit was written by Brian Carrier <carrier@sleuthkit.org>.

       This manual page	 was  written  by  Joao	 Eriberto  Mota	 Filho	<erib‐
       erto@debian.org> for the Debian project (but may be used by others).

FIWALK				   Dec 2013			     FIWALK(1)

Vote for polarhome