J P · Feb 1, 2018 · 6:53 PM UTC

J P

J P @JPoForenso

1 Feb 2018

Finally finished and published my latest blog post on generating full file system listings for both live systems AND dead (images) from the command line on #Linux and #mac #osx with FULL MACB timestamps AND hashes using solely native utilities. #DFIR ponderthebits.com/2018/02/ge…

Hal Pomeranz · Feb 6, 2018 · 11:59 AM UTC

Hal Pomeranz · Feb 6, 2018 · 11:59 AM UTC

Hal Pomeranz @hal_pomeranz

6 Feb 2018

Replying to @JPoForenso

See “fls -rpl” for human-readable output with all four timestamps. No hashes though.

Feb 6, 2018 · 11:59 AM UTC

J P · Feb 6, 2018 · 3:21 PM UTC

J P @JPoForenso

6 Feb 2018

Replying to @hal_pomeranz

Yep, the lack of hashes are the real rub. I thought about taking the easy route and just taking fls output and generating hashes using it, but decided instead to do it all from scratch using native tools as few clients have TSK tools installed to get full FS listings.