man jcat (Commandes) - Show the contents of a block in the file system journal.

NAME

jcat - Show the contents of a block in the file system journal.

SYNOPSIS

jcat [-f fstype ] [-vV] [-i imgtype] [-o imgoffset] image [images] ] [ inode ] jblk

DESCRIPTION

jcat shows the contents of a journal block in the file system journal. The inode address of the journal can be given or the default location will be used. Note that the block address is a journal block address and not a file system block. The raw output is given to STDOUT.

The options are as follows:

-f ftype: Specify the file system type. Use -? to get a list of supported types.
-i imgtype: Identify the type of image file, such as raw or split. Raw is the default.
-o imgoffset: The sector offset where the file system starts in the image. Non-512 byte sectors can be specified using '@' (32@2048).
-V: Display version
-v: verbose output
image: One (or more if split) disk or partition images whose format is given with '-i'.
[inode]: The inode where the file system journal can be found.
jblk: The journal block to display.

EXAMPLES

jcat -f linux-ext3 img.dd 34 | xxd

HISTORY

jcat first appeared in The Sleuth Kit v1.73.

AUTHOR

Brian Carrier <carrier@sleuthkit.org>

Sections du manuel

Commandes
- rtl
- sr
- p
- WN
- l
- L
- fun
- emacs21
- m
- cn
- emacs-snapshot
- X
- gmt
- grass
- ssl
- 7
- a
- x
- osd_clock
- posix
- nas
- PVM
- pccts
Appels systèmes
Fonctions bibliothèques
Fichiers spéciaux
Formats
Jeux
Conventions
Administration système
Fonctions noyau
Nouveau

cd ~tigrou/pwet.fr/man/linux/Commandes/jcat