device_file¶
Similar to the file table, but use TSK and allow block address access.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: device_file
- Linux
- Mac OSX
Table schema¶
Name | Type | Description |
---|---|---|
device | TEXT | Absolute file path to device node |
partition | TEXT | A partition number |
path | TEXT | A logical path within the device node |
filename | TEXT | Name portion of file path |
inode | BIGINT | Filesystem inode number |
uid | BIGINT | Owning user ID |
gid | BIGINT | Owning group ID |
mode | TEXT | Permission bits |
size | BIGINT | Size of file in bytes |
block_size | INTEGER | Block size of filesystem |
atime | BIGINT | Last access time |
mtime | BIGINT | Last modification time |
ctime | BIGINT | Creation time |
hard_links | INTEGER | Number of hard links |
type | TEXT | File status |