GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MACTIME(1) FreeBSD General Commands Manual MACTIME(1)

mactime - Create an ASCII time line of file activity

mactime [-b body ] [-g group file ] [-p password file ] [-i (day|hour) index file ] [-dhmVy] [-z TIME_ZONE ] [DATE_RANGE]

mactime creates an ASCII time line of file activity based on the body file specified by '-b' or from STDIN. The time line is written to STDOUT. The body file must be in the time machine format that is created by 'ils -m', 'fls -m', or the mac-robber tool.

-b body
Specify the location of a body file. This file must be generated by a tool such as 'fls -m' or 'ils -m'. The 'mac-robber' and 'grave-robber' tools can also be used to generate the file.
-g group file
Specify the location of the group file. mactime will display the group name instead of the GID if this is given.
-p password file
Specify the location of the passwd file. mactime will display the user name instead of the UID of this is given.
-i day|hour index file
Specify the location of an index file to write to. The first argument specifies the granularity, either an hourly summary or daily. If the ´-d´ flag is given, then the summary will be separated by a ',' to import into a spread sheet.
-d
Display timeline and index files in comma delimited format. This is used to import the data into a spread sheet for presentations or graphs.
-h
Display header info about the session including time range, input source, and passwd or group files.
-V
Display version to STDOUT.
-m
The month is given as a number instead of name (does not work with -y).
-y
The date is displayed in ISO8601 format.
-z TIME_ZONE
The timezone from where the data was collected. The name of this argument is system dependent (examples include EST5EDT, GMT+1). Does not work with -y.
-z list
List valid timezones.
DATE_RANGE
The range of dates to make the time line for. The standard format is yyyy-mm-dd for a starting date and no ending date. For an ending date, use yyyy-mm-dd..yyyy-mm-dd. Date can contain time, use format yyyy-mm-ddThh:mm:ss for starting and/or ending date.

The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the cpl1.0.txt file in the The Sleuth Kit licenses directory.

A version of mactime first appeared in The Coroner's Toolkit (TCT) (Dan Farmer) and later mac-daddy (Rob Lee).

Brian Carrier <carrier at sleuthkit dot org>

Send documentation updates to <doc-updates at sleuthkit dot org>

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.