Description: Fixes formatting errors in manpages Author: Julien Valroff Reviewed-by: Joao Eriberto Mota Filho Last-Update: 2015-11-12 Index: sleuthkit-4.2.0/man/hfind.1 =================================================================== --- sleuthkit-4.2.0.orig/man/hfind.1 +++ sleuthkit-4.2.0/man/hfind.1 @@ -72,64 +72,64 @@ The following input types are valid. Fo sorted by. The 'md5sum' value can also be used to sort and index "home made" databases. 'hfind' can take data in both common formats: - MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e + MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e and - 76b1f4de1522c20b67acc132937cf82e test.txt + 76b1f4de1522c20b67acc132937cf82e test.txt .SH EXAMPLES To create an MD5 index file for NIST NSRL: - # hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt + # hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt To lookup a value in the NSRL: - # hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e + # hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e - 76b1f4de1522c20b67acc132937cf82e Hash Not Found + 76b1f4de1522c20b67acc132937cf82e Hash Not Found You can even do both SHA-1 and MD5 if you want: - # hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt + # hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt - # hfind /usr/local/hash/nsrl/NSRLFile.txt - 76b1f4de1522c20b67acc132937cf82e - 80001A80B3F1B80076B297CEE8805AAA04E1B5BA + # hfind /usr/local/hash/nsrl/NSRLFile.txt + 76b1f4de1522c20b67acc132937cf82e + 80001A80B3F1B80076B297CEE8805AAA04E1B5BA - 76b1f4de1522c20b67acc132937cf82e Hash Not Found + 76b1f4de1522c20b67acc132937cf82e Hash Not Found - 80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp + 80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp To make a database of critical binaries of a trusted system, use 'md5sum': - # md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5 + # md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5 - # hfind \-i md5sum system.md5 + # hfind \-i md5sum system.md5 To look entries up, the following will work: - # hfind system.md5 76b1f4de1522c20b67acc132937cf82e + # hfind system.md5 76b1f4de1522c20b67acc132937cf82e - 76b1f4de1522c20b67acc132937cf82e Hash Not Found + 76b1f4de1522c20b67acc132937cf82e Hash Not Found or - # md5sum \-q /bin/* | hfind system.md5 + # md5sum \-q /bin/* | hfind system.md5 - 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash + 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash - <...> + <...> or - # md5sum \-q /bin/* > bin.md5 + # md5sum \-q /bin/* > bin.md5 - # hfind \-f bin.md5 system.md5 + # hfind \-f bin.md5 system.md5 - 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash + 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash - <...> + <...> .SH "SEE ALSO" Index: sleuthkit-4.2.0/man/tsk_gettimes.1 =================================================================== --- sleuthkit-4.2.0.orig/man/tsk_gettimes.1 +++ sleuthkit-4.2.0/man/tsk_gettimes.1 @@ -16,7 +16,7 @@ tsk_gettimes - Collect MAC times from a .I image [images] .SH DESCRIPTION .B tsk_gettimes -examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls -m' on each file system). The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file. +examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls \-m' on each file system). The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file. The arguments are as follows: .IP -v Index: sleuthkit-4.2.0/man/tsk_loaddb.1 =================================================================== --- sleuthkit-4.2.0.orig/man/tsk_loaddb.1 +++ sleuthkit-4.2.0/man/tsk_loaddb.1 @@ -16,11 +16,11 @@ tsk_loaddb - populate a SQLite database .B tsk_loaddb loads disk information from .I image -to a SQLite database. This database can then be used by tools in other languages for analysis. By default, the database is stored in the same directory as the image with ".db" appended to the name or the database name can be specified with '-d'. +to a SQLite database. This database can then be used by tools in other languages for analysis. By default, the database is stored in the same directory as the image with ".db" appended to the name or the database name can be specified with '\-d'. The arguments are as follows: .IP "-a" -Adds image to an existing database instead of creating a new one. Requires that -d be also specified. +Adds image to an existing database instead of creating a new one. Requires that \-d be also specified. .IP "-d database" Path for the database (default is the same directory as the image with name derived from image name .IP -v Index: sleuthkit-4.2.0/man/tsk_recover.1 =================================================================== --- sleuthkit-4.2.0.orig/man/tsk_recover.1 +++ sleuthkit-4.2.0/man/tsk_recover.1 @@ -47,7 +47,7 @@ Sector offset for a volume to recover (r If not given, will attempt to recover all volumes in image and save them to different folders. .IP "-d dir_inum" -Directory inum to recover from (must also specify a specific partition using -o or there must not be a volume system) +Directory inum to recover from (must also specify a specific partition using \-o or there must not be a volume system) .IP "image [images]" The disk or partition image to read, whose format is given with '\-i'. Multiple image file names can be given if the image is split into multiple segments. Index: sleuthkit-4.2.0/man/mactime.1 =================================================================== --- sleuthkit-4.2.0.orig/man/mactime.1 +++ sleuthkit-4.2.0/man/mactime.1 @@ -1,8 +1,8 @@ -.TH MACTIME 1 +.TH MACTIME 1 .SH NAME mactime \- Create an ASCII time line of file activity .SH SYNOPSIS -.B mactime [-b +.B mactime [-b .I body .B ] [-g .I group file @@ -17,7 +17,7 @@ mactime \- Create an ASCII time line of .B mactime creates an ASCII time line of file activity based on the body file specified by '\-b' or from STDIN. The time line is written to STDOUT. -The body file must be in the time machine format that is created +The body file must be in the time machine format that is created by 'ils \-m', 'fls \-m', or the mac-robber tool. .SH ARGUMENTS @@ -29,13 +29,13 @@ tools can also be used to generate the f Specify the location of the group file. mactime will display the group name instead of the GID if this is given. .IP "-p password file" -Specify the location of the passwd file. mactime will display the -user name instead of the UID of this is given. +Specify the location of the passwd file. mactime will display the +user name instead of the UID of this is given. .IP "-i day|hour index file" -Specify the location of an index file to write to. The first argument +Specify the location of an index file to write to. The first argument specifies the granularity, either an hourly summary or daily. If the \'\-d\' flag is given, then the summary will be separated by a ',' to -import into a spread sheet. +import into a spread sheet. .IP -d Display timeline and index files in comma delimited format. This is used to import the data into a spread sheet for presentations or graphs. @@ -43,14 +43,14 @@ to import the data into a spread sheet f Display header info about the session including time range, input source, and passwd or group files. .IP -V -Display version to STDOUT. +Display version to STDOUT. .IP -m -The month is given as a number instead of name (does not work with -y). +The month is given as a number instead of name (does not work with \-y). .IP -y The date is displayed in ISO8601 format. .IP "-z TIME_ZONE" The timezone from where the data was collected. The name of this argument -is system dependent (examples include EST5EDT, GMT+1). Does not work with -y. +is system dependent (examples include EST5EDT, GMT+1). Does not work with \-y. .IP "-z list" List valid timezones. .IP DATE_RANGE @@ -61,7 +61,7 @@ Date can contain time, use format yyyy-m ending date. .SH LICENSE -The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the +The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the .I cpl1.0.txt file in the The Sleuth Kit licenses directory.