[sleuthkit-developers] MacTime Body file format
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] MacTime Body file format
|
From: Surago J. <su...@sj...> - 2005-09-11 15:30:48
|
Hi, I'm just looking at the body file used by MacTime and am wondering what the field layout is. I have checked out the MacTime Source code, however my C is very rusty, and I'm not sure what some of the variables stand for. My guess is as follows... Example Data: ' 0|/usr/bin/uptime|0|17088|33133|-/-r-xr-xr-x|1|0|0|0|2836|973693553|9524 52206|973386197|4096|0' Column1: 0 Assigned to $tmp, so unused?? Column2: /usr/bin/uptime Filename Column3: 0 Assigned to $tmp, so unused?? Column4: 17088 Inode Column5: 33133 Assigned to $tmp, so unused?? Column6: -/-r-xr-xr-x Rights for ls listings?? Column7: 1 Assigned to $tmp, so unused?? Column8: 0 Think this would be User Owner ID?? Column9: 0 Think this would be Group Owner ID?? Column10: 0 Assigned to $tmp, so unused?? Column11: 2836 Size of file Column12: 973693553 A-Time Column13: 952452206 M-Time Column14: 973386197 C-Time Column15: 4096 Assigned to $tmp, so unused?? Column16: 0 Assigned to $tmp, so unused?? If anyone can fill me in on what the $tmp columns may represent it would be appreciated. Also what the correct terming of the data contained in Column 6 is. This info I gathered from the source code file mactime.base, I have looked at the fls sourcecode however I wasn't able to understand that on the very quick glance I had at it. :) (Was mainly looking for comments or descriptive variables. :) ) Cheers Surago. |
