logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

tsk_comparedir - compare the contents of a directory with the contents of an image or local device.

Contents

Author

       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

                                                                                               TSK_COMPAREDIR(1)

Description

tsk_comparedir compares the contents of image to the  contents  of  comparison_directory.   This  can  be
       useful  for detecting rootkits and when testing.  Rootkits can be detected by comparing the contents of a
       local directory and a local raw device.  The rootkits typically don't hide data when it is read  directly
       from the raw device.

       The arguments are as follows:

       -o sector_offset
              Sector offset for a partition in the image or device to compare with.

       -n start_inum
              Starting inum for a directory in the image to start the comparison at.

       -v     verbose output to stderr

       -V     Print version

       -f fstype
              Specify  the  file  system  type.   Use '-f list' to list the supported file system types.  If not
              given, autodetection methods are used.

       -i imgtype
              The format of the image file, such as raw.  Use '-i list' to list the  supported  types.   If  not
              given, autodetection methods are used.

       -b dev_sector_size
              The size (in bytes) of the device sectors.  If not given, autodetection methods are used.

       image [images]
              The  disk  or partition image to read, whose format is given with '-i'.  Multiple image file names
              can be given if the image is split into multiple segments.  If only one image file is  given,  and
              its  name  is  the  first in a sequence (e.g., as indicated by ending in '.001'), subsequent image
              segments will be included automatically.

Examples

       To compare the directories in image.dd to those in directory:

            # tsk_comparedir ./image.dd ./directory

Name

       tsk_comparedir - compare the contents of a directory with the contents of an image or local device.

Synopsis

tsk_comparedir[-vV][-nstart_inum][-ffstype][-iimgtype][-bdev_sector_size][-osector_offset]image[images]comparison_directory

See Also

Image
Image PNG Icons
MCP
Directory Mcp
Man Pages
function::MKDEV Man Pages
Man Pages
VOP_READDIR Man Pages
Man Pages
device Man Pages
Man Pages
Bio::Roary::CommandLine::AssemblyStatistics Man Pages
Filing
Filing PNG Icons
Local
Local PNG Icons
Man Pages
compare Man Pages
← View User commands Category← Back to File management🙏  Credits & Acknowledgments