Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TIMESCANNER(1)	      User Contributed Perl Documentation	TIMESCANNER(1)

NAME
       timescanner - A recursive scanner to produce timeline data extracted
       from file artifacts

DESCRIPTION
       timscanner recursively scans through a directory (such as a mounted
       filesystem) and extracts timestamp data gathered from the files that
       the tool log2timeline supports.	This tool is written as a separate
       tool from log2timeline but will be integrated in the tool soon.

SYNOPSIS
       timescanner [OPTIONS] -z TIMEZONE [-f INPUT MODULE] [-o OUTPUT MODULE]
       [-w BODYFILE] [-v] -d|-dir DIRECTORY

       See man timescanner for full details of options to use.

OPTIONS
       -d|-dir DIRECTORY
	       This option is mandatory for the tool to operate.  This option
	       defines the starting directory which the tools recursively
	       searches for supported artifacts.

       -s|-skew TIME
	       Time skew of original machine. The format of the variable TIME
	       is: X | Xs | Xm | Xh, where X is a integer and s represents
	       seconds, m minutes and h hours (default behaviour is sec onds)

       -m TEXT Prepend the output line with TEXT, for instance by using -m
	       HOSTNAME to include a hostname in the output

       -o|-output FORMAT
	       Use the following output format.	 By default log2timeline uses
	       the csv output.	To see a list of all available output formats,
	       use -o list

       -w|-write FILENAME
	       Specify a file to write output to (otherwise STDOUT will be
	       chosen).

       -z|-zone TIMEZONE
	       This option defines the timezone that was used on the computer
	       that the log files belonged to.	The default value for this
	       variable is the local timezone of the computer timescanner is
	       run on.

       -log FILENAME
	       Specify a file to write error and information messages from the
	       log2timeline to a file, otherwise STDERR will be used.

       -name HOST
	       Define the host name that the information is extracted from.

       -c|-calculate
	       If this option is used then a MD5 sum for each file that passes
	       verification is calculated and included in the timestamp object

       -x      Make timescanner skip the default minimalist test to see if a
	       file can be parsed by the supplied input module.

       -V|-Version
	       Display the version number

       -v|-verbose
	       Add the verbose level of output, or debug level.	 This option
	       can be provided twice to get an extra level of verbosity (two
	       levels available)

       -h|-help|-?
	       Display this help message

       -f|--format MODULE
	       The option of -f can be used to select which modules are used
	       in timescanner when recursively searching through the directory
	       supplied to the tool.  The option MODULE can be any of the four
	       listed here:

	       -f list Print a list of all available modules the tool
		       supports, alongside a print-out of the available lists
		       (preselected modules that can be chosen)

	       -f NAME OF A MODULE
		       If a list of available modules is presented, only those
		       modules will be used by the tool.  One module can be
		       supplied, or a list separated with a comma (,). An
		       example

		       timescanner -z local -f evtx,oxml,pdf -d .

		       This will run timescanner on the current directory and
		       only use the modules evtx, oxml and pdf in the process.

	       -f="-NAME OF A MODULE"
		       This option can be used to exclude a given module from
		       being run (either a single one or a list, separated
		       with a comma), an example:

		       timescanner -z local -f="-evtx,exif" -d .

		       This will run the tool against the current directory
		       and use all of the modules available EXCEPT the evtx
		       and exif ones.

	       -f NAME OF A LIST
		       There exist few available presets, or lists of
		       available modules that can be used.  See the available
		       lists by issuing timescanner -f list.  An example

		       timescanner -z local -f winxp -d /mnt/xpimage

		       This will run the tool against the directory
		       /mnt/xpimage, and only use the modules that are
		       associated to a Windows XP system, according to the
		       winxp list file.

       -e|--exclude STRING
	       A comma separated list of files to exclude from the scan.  If a
	       particular file has caused the tool to crash or not work, or
	       you simply want to exclude some documents from the scan it is
	       possible to exclude some

	       Example:

		       timescanner -f winvista -z local -d /mnt/windows -e
		       'Windows-Diagnosis,secret[0-3]'

		       This would scan all the directory /mnt/windows
		       recursively, using only modules associated to a Windows
		       Vista or later operating system, and excluding all
		       filenames that have "Windows-Diagnosis" in them or
		       contain the word secret0/secret1/secret2 or secret3 in
		       it.

AUTHOR
       Kristinn Gudjonsson <kristinn (a t) log2timeline ( d o t ) net> is the
       original author of the program.

COPYRIGHT
       The tool is released under GPL so anyone can contribute to the tool.
       Some parts of the code have been copied from other GPL'ed programs,
       such as RegRipper written by H. Carvey.

SEE ALSO
       log2timeline

perl v5.20.2			  2012-05-22			TIMESCANNER(1)

Vote for polarhome