LinuxCommandLibrary

ils

lists inode information from filesystem images

TLDR

List inodes

$ ils [image.dd]
copy
Show allocated only
$ ils -a [image.dd]
copy
Show unallocated only
$ ils -e [image.dd]
copy
Specify offset
$ ils -o [2048] [image.dd]
copy
Machine output
$ ils -m [image.dd]
copy

SYNOPSIS

ils [options] image

DESCRIPTION

ils lists inode information from filesystem images. It's part of The Sleuth Kit for digital forensics.
The tool shows inode metadata for allocated and deleted files. It's useful for file recovery and forensic analysis.

PARAMETERS

IMAGE

Disk or partition image.
-a
Show allocated only.
-e
Show unallocated only.
-o OFFSET
Partition offset.
-m
Machine-readable output.
-f FSTYPE
Filesystem type.
--help
Display help information.

CAVEATS

Part of sleuthkit. Forensic tool. Read-only analysis.

HISTORY

ils is part of The Sleuth Kit by Brian Carrier for filesystem forensics.

SEE ALSO

fls(1), icat(1), mmls(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community