fls sda.dd (sda is just an example)
.
This will print out the filenames and their corrsponding inode numbers.
You can match the inode to their corresponsing file numbers using
ils -e sda.dd
You can use the following command to find out the MAC times(Modified, Accessed, Changed)
fls -l sda.dd
For recovering a file,
icat sda.dd [inode number] > file.extension
For recovering everything at once,
tsk_recover sda.dd [Folder]
Posts
No comments:
Post a Comment