Name

Synopsis

Description

Arguments

-b body

Specify the location of a body file. This file must be generated by a tool such as ’fls -m’ or ’ils -m’. The ’mac-robber’ and ’grave-robber’ tools can also be used to generate the file.

-g group file

Specify the location of the group file. mactime will display the group name instead of the GID if this is given.

-p password file

Specify the location of the passwd file. mactime will display the user name instead of the UID of this is given.

-i day|hour index file

Specify the location of an index file to write to. The first argument specifies the granularity, either an hourly summary or daily. If the ’-d’ flag is given, then the summary will be separated by a ’,’ to import into a spread sheet.

-d

Display timeline and index files in comma delimited format. This is used to import the data into a spread sheet for presentations or graphs.

-h

Display header info about the session including time range, input source, and passwd or group files.

-V

Display version to STDOUT.

-m

The month is given as a number instead of name (does not work with -y).

-y

The date is displayed in ISO8601 format.

-z TIME_ZONE

The timezone from where the data was collected. The name of this argument is system dependent (examples include EST5EDT, GMT+1). Does not work with -y.

-z list

List valid timezones.

DATE_RANGE

The range of dates to make the time line for. The standard format is yyyy-mm-dd for a starting date and no ending date. For an ending date, use yyyy-mm-dd..yyyy-mm-dd. Date can contain time, use format yyyy-mm-ddThh:mm:ss for starting and/or ending date.

License

History

Author

Send documentation updates to <doc-updates at sleuthkit dot org>

Table of Contents

• Name
• Synopsis
• Description
• Arguments
• License
• History
• Author