Fiwalk

From ForensicsWiki
Revision as of 14:15, 2 December 2008 by Simsong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

fiwalk is a batch forensics analysis program written in C that uses SleuthKit.

XML Schema

<fileobject><orphan>YES</orphan> <filesize>3210</filesize> <unalloc>1</unalloc> <used>1</used> <mtime>1114172320</mtime> <ctime>1195819392</ctime> <atime>1195794000</atime> <byte_runs>121130496:3210</byte_runs> <fragments>1</fragments> <md5>c27c0730b858bc60c8894300a98bba55</md5> <sha1>0277680d624e609f23aec9e4265c2d7d24bd3824</sha1> <partition>1</partition> <frag1startsector>236583</frag1startsector> </fileobject>