Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

mactime-sleuthkit(1) [debian man page]

MACTIME(1)						      General Commands Manual							MACTIME(1)

NAME

       mactime - Create an ASCII time line of file activity

SYNOPSIS

       mactime [-b body ] [-g group file ] [-p password file ] [-i (day|hour) index file ] [-dhmVy] [-z TIME_ZONE ] [DATE_RANGE]

DESCRIPTION

       mactime	creates  an  ASCII time line of file activity based on the body file specified by '-b' or from STDIN.  The time line is written to
       STDOUT.	The body file must be in the time machine format that is created by 'ils -m', 'fls -m', or the mac-robber tool.

ARGUMENTS

       -b body
	      Specify the location of a body file.  This file must be generated by a tool such as 'fls -m' or  'ils  -m'.   The  'mac-robber'  and
	      'grave-robber' tools can also be used to generate the file.

       -g group file
	      Specify the location of the group file.  mactime will display the group name instead of the GID if this is given.

       -p password file
	      Specify the location of the passwd file.	mactime will display the user name instead of the UID of this is given.

       -i day|hour index file
	      Specify the location of an index file to write to.  The first argument specifies the granularity, either an hourly summary or daily.
	      If the '-d' flag is given, then the summary will be separated by a ',' to import into a spread sheet.

       -d     Display timeline and index files in comma delimited format.  This is used to import the data into a spread sheet	for  presentations
	      or graphs.

       -h     Display header info about the session including time range, input source, and passwd or group files.

       -V     Display version to STDOUT.

       -m     The month is given as a number instead of name.

       -y     The date range is given with the year first.

       -z TIME_ZONE
	      The timezone from where the data was collected.  The name of this argument is system dependent (examples include EST5EDT, GMT+1).

       DATE_RANGE
	      The range of dates to make the time line for.  The standard format is yyyy-mm-dd for a starting date and no ending date. For an end-
	      ing date, use yyyy-mm-dd..yyyy-mm-dd.

LICENSE

       The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the  cpl1.0.txt	file  in  the  The
       Sleuth Kit licenses directory.

HISTORY

       A version of mactime first appeared in The Coroner's Toolkit (TCT) (Dan Farmer) and later mac-daddy (Rob Lee).

AUTHOR

       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

																	MACTIME(1)

Check Out this Related Man Page

DATE(1) 						      General Commands Manual							   DATE(1)

NAME

       date - print or set the date and time

SYNOPSIS

       date [-qsu] [[MMDDYY]hhmm[ss]] [+format]

OPTIONS

       -q     Read the date from stdin

       -s     Set the time (implicit for -q or a date string)

       -u     Print the date as GMT

       -t     Use this number of seconds instead of current time

EXAMPLES

       date		   # Print the date and time

       date 0221921610	   # Set date to Feb 21, 1992 at 4:10 p.m.

DESCRIPTION

       With  the  -q flag or a numeric argument, date sets the GMT time and date.  MMDDYY refers to the month, day, and year; hhmmss refers to the
       hour, minute and second.  Each of the six fields must be exactly two digits, no more and no less.  date always display the date	and  time,
       with  the  default format for the system.  The -u flag request GMT time instead of local time.  A format may be specified with a + followed
       by a printf-like string with the following options:

	 %%  % character
	 %A  Name of the day
	 %B  Name of the month
	 %D  mm/dd/yy
	 %H  Decimal hour on 2 digits
	 %I  Decimal hour modulo 12 on 2 digits
	 %M  Decimal minute on 2 digits
	 %S  Decimal seconds on 2 digits
	 %T  HH:MM:SS
	 %U  Decimal week number, Sunday being first day of week
	 %W  Decimal week number, Monday being first day of week
	 %X  Same as %T
	 %Y  Decimal year on 4 digits
	 %Z  Time Zone (if any)
	 %a  Abbreviated name of the day
	 %b  Abbreviated name of the month
	 %c  Appropriate date & time (default format)
	 %d  Decimal day of the month on 2 digits
	 %e  Same as %d, but a space replaces leading 0
	 %h  Same as %b
	 %j  Decimal dey of the year on 3 digits
	 %m  Decimal month on 2 digits
	 %n  Newline character
	 %p  AM or PM
	 %r  12-hour clock time with AM/PM
	 %s  Number of seconds since the epoch
	 %t  Tab character
	 %w  Decimal day of the week (0=Sunday)
	 %x  Same as %D
	 %y  Decimal year on 2 digits

SEE ALSO

       time(2), ctime(3), readclock(8).

																	   DATE(1)
Man Page