Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
MACTIME(1)		    General Commands Manual		    MACTIME(1)

NAME
       mactime - Create	an ASCII time line of file activity

SYNOPSIS
       mactime	[-b body ] [-g group file ] [-p	password file ]	[-i (day|hour)
       index file ] [-dhmVy] [-z TIME_ZONE ] [DATE_RANGE]

DESCRIPTION
       mactime creates an ASCII	time line of file activity based on  the  body
       file specified by '-b' or from STDIN.  The time line is written to STD-
       OUT.   The body file must be in the time	machine	format that is created
       by 'ils -m', 'fls -m', or the mac-robber	tool.

ARGUMENTS
       -b body
	      Specify the location of a	body file.  This file must  be	gener-
	      ated  by	a tool such as 'fls -m'	or 'ils	-m'.  The 'mac-robber'
	      and 'grave-robber' tools can also	be used	to generate the	file.

       -g group	file
	      Specify the location of the group	file.	mactime	 will  display
	      the group	name instead of	the GID	if this	is given.

       -p password file
	      Specify  the  location of	the passwd file.  mactime will display
	      the user name instead of the UID of this is given.

       -i day|hour index file
	      Specify the location of an index file to write  to.   The	 first
	      argument	specifies the granularity, either an hourly summary or
	      daily.  If the '-d' flag is given, then the summary will be sep-
	      arated by	a ',' to import	into a spread sheet.

       -d     Display timeline and index  files	 in  comma  delimited  format.
	      This  is used to import the data into a spread sheet for presen-
	      tations or graphs.

       -h     Display header info about	the session including time range,  in-
	      put source, and passwd or	group files.

       -V     Display version to STDOUT.

       -m     The  month  is  given as a number	instead	of name	(does not work
	      with -y).

       -y     The date is displayed in ISO8601 format.

       -z TIME_ZONE
	      The timezone from	where the data was  collected.	 The  name  of
	      this  argument  is  system  dependent (examples include EST5EDT,
	      GMT+1).  Does not	work with -y.

       -z list
	      List valid timezones.

       DATE_RANGE
	      The range	of dates to make the time line for.  The standard for-
	      mat is yyyy-mm-dd	for a starting date and	no ending date.	For an
	      ending date, use yyyy-mm-dd..yyyy-mm-dd.	Date can contain time,
	      use format yyyy-mm-ddThh:mm:ss for starting and/or ending	date.

LICENSE
       The changes from	mactime	in TCT and mac-daddy are distributed under the
       Common Public License, found in the cpl1.0.txt file in the  The	Sleuth
       Kit licenses directory.

HISTORY
       A version of mactime first appeared in The Coroner's Toolkit (TCT) (Dan
       Farmer) and later mac-daddy (Rob	Lee).

AUTHOR
       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

								    MACTIME(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mactime&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help