mactime man page on Kali

Man page or keyword search:  
man Server   9211 pages
apropos Keyword Search (all sections)
Output format
Kali logo
[printable version]

MACTIME(1)							    MACTIME(1)

NAME
       mactime - Create an ASCII time line of file activity

SYNOPSIS
       mactime	[-b body ] [-g group file ] [-p password file ] [-i (day|hour)
       index file ] [-dhmVy] [-z TIME_ZONE ] [DATE_RANGE]

DESCRIPTION
       mactime creates an ASCII time line of file activity based on  the  body
       file specified by '-b' or from STDIN.  The time line is written to STD‐
       OUT.  The body file must be in the time machine format that is  created
       by 'ils -m', 'fls -m', or the mac-robber tool.

ARGUMENTS
       -b body
	      Specify  the  location of a body file.  This file must be gener‐
	      ated by a tool such as 'fls -m' or 'ils -m'.   The  'mac-robber'
	      and 'grave-robber' tools can also be used to generate the file.

       -g group file
	      Specify  the  location  of the group file.  mactime will display
	      the group name instead of the GID if this is given.

       -p password file
	      Specify the location of the passwd file.	mactime	 will  display
	      the user name instead of the UID of this is given.

       -i day|hour index file
	      Specify  the  location  of an index file to write to.  The first
	      argument specifies the granularity, either an hourly summary  or
	      daily.  If the ´-d´ flag is given, then the summary will be sep‐
	      arated by a ',' to import into a spread sheet.

       -d     Display timeline and index  files	 in  comma  delimited  format.
	      This  is used to import the data into a spread sheet for presen‐
	      tations or graphs.

       -h     Display header info about	 the  session  including  time	range,
	      input source, and passwd or group files.

       -V     Display version to STDOUT.

       -m     The  month  is  given as a number instead of name (does not work
	      with -y).

       -y     The date is displayed in ISO8601 format.

       -z TIME_ZONE
	      The timezone from where the data was  collected.	 The  name  of
	      this  argument  is  system  dependent (examples include EST5EDT,
	      GMT+1).  Does not work with -y.

       -z list
	      List valid timezones.

       DATE_RANGE
	      The range of dates to make the time line for.  The standard for‐
	      mat is yyyy-mm-dd for a starting date and no ending date. For an
	      ending date, use yyyy-mm-dd..yyyy-mm-dd.	Date can contain time,
	      use format yyyy-mm-ddThh:mm:ss for starting and/or ending date.

LICENSE
       The changes from mactime in TCT and mac-daddy are distributed under the
       Common Public License, found in the cpl1.0.txt file in the  The	Sleuth
       Kit licenses directory.

HISTORY
       A version of mactime first appeared in The Coroner's Toolkit (TCT) (Dan
       Farmer) and later mac-daddy (Rob Lee).

AUTHOR
       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

								    MACTIME(1)
[top]

List of man pages available for Kali

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net