Making a list of all files

Get creative. Take the above command and redirect the output to your evidence directory. With that you will have a list of all the files and their owners and permissions on the suspect disk. This is a very important command. Check themanpage for various uses and options. For example, you could use the–ioption to include the inode in the list, the–uoption can be used so that the output will include and sort by access time (when used with the–toption).

ls –laiRtu > /root/evidence/file.list

You could also get a list of the files, one per line, using the find command and redirecting the output to another list file:

find . -type f -print > /root/evidence/filelist.list.2

Have a look at the above commands, and compare their output. Which do you like better? Remember the syntax assumes you are issuing the command from the_/mnt/analysis_directory (usepwdif you don’t know where you are).

Now use thegrepcommand on either of the file lists for whatever strings or extensions you want to look for.

grep -i jpg filelist.list

This command looks for the pattern “jpg” in the list of files, using the filename extension to alert us to a JPEG file.

Making a list of all files

Making a list of all files

results matching ""

No results matching ""