Body file

From ForensicsWiki
Jump to: navigation, search

Body file is a timeline format introduced by the SleuthKit.

Version 2 (used by SleuhtKit 2):

MD5 | path/name | device | inode | mode_as_value | mode_as_string | num_of_links | UID | GID | rdev | size | atime | mtime | ctime | block_size | num_of_blocks

Version 3 (used by SleuhtKit 3 and later):

MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime

The times are reported in a POSIX (or UNIX) timestamp.

Also see

External Links