[NBLUG/talk] Forensics : finding changed files
Rick
ricklyb2 at yahoo.com
Mon Dec 19 10:11:40 PST 2005
Hi Everyone,
I have a *nix box that hasn't been used much, and I want to search through the filesystems to see what changes have been made since it was installed. Basically, I can ignore any changes in the last few days, and all the files that were installed as part of the original installation. This seems like a simple problem, but the find command seems too limited to accomplish this task for the filesystem as a whole. Or maybe it's just me, but I haven't been able to use the find command solve this problem.
One simple solution would be to produce a list of all files and their last modification date, then sort this list by date. Unfortunately, I haven't found an easy way to accomplish this task.
I'm sure there must be a trivial solution to this problem. Before I develop a brute force method, does anyone know an easier way to gather this information? This is a rather basic box, with only the standard commands and shells available.
Thanks,
Rick
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://nblug.org/pipermail/talk/attachments/20051219/3c9252df/attachment.htm
More information about the talk
mailing list