Name

Synopsis

Description

The arguments are as follows:

-v

verbose output to stderr

-V

Print version

-f fstype

Specify the file system type. Use ’-f list’ to list the supported file system types. If not given, autodetection methods are used.

-i imgtype

The format of the image file, such as raw. Use ’-i list’ to list the supported types. If not given, autodetection methods are used.

-b dev_sector_size

The size (in bytes) of the device sectors. If not given, autodetection methods are used.

-o sector_offset

Sector offset for a volume to recover (recovers only that volume) If not given, will attempt to recover all volumes in image and save them to different folders.

-s seconds

The time skew of the original system in seconds. For example, if the original system was 100 seconds slow, this value would be -100.

-z zone

The ASCII string of the time zone of the original system. For example, EST or GMT. These strings must be defined by your operating system and may vary.

image [images]

The disk or partition image to read, whose format is given with ’-i’. Multiple image file names can be given if the image is split into multiple segments. If only one image file is given, and its name is the first in a sequence (e.g., as indicated by ending in ’.001’), subsequent image segments will be included automatically.

Examples

   # tsk_gettimes ./image.dd > body.txt

Author

Send documentation updates to <doc-updates at sleuthkit dot org>

Table of Contents

• Name
• Synopsis
• Description
• Examples
• Author